Four in five (80%) of the UK’s top 50 retailers remain exposed to at least one form of critical cyber vulnerability, says new research from cyber risk specialists, KYND.

Its analysis of the top 50 UK retailers by revenue also found over a third (38%) face critical threats simultaneously across five major categories, which risk business interruption if not addressed. These include ransomware risk exposure, email security weaknesses, outdated software, vulnerable services and certificate issues.

Email security vulnerabilities were the most common risk exposure found in 80% of the UK’s top retailers, followed by certificate issues (72%). A further 70% had either service vulnerability or outdated software, while over half (58%) remain exposed to ransomware risks.

“For retailers operating in an increasingly digital environment, managing cyber risk is essential to maintaining resilience and protecting long-term value,” said Andy Thomas, CEO of KYND.

The findings come after a string of high-profile cyber incidents at UK retailers including M&S, which estimated the hack that forced it to suspend ecommerce operations for six weeks would cost the business ~£300million in profit. Speaking to shareholders in July, CEO Stuart Machin said M&S hopes to put the “vast majority” of disruption from the cyber incident behind it by August. Co-op, Harrods, The North Face, Cartier and Louis Vuitton have also been impacted by cyber incidents and data breaches in recent months.

“Retailers hold enormous volumes of sensitive data and operate complex supply chains, so even a seemingly minor oversight — like an expired certificate or unpatched software — can quickly become an open door to attackers,” Thomas warned.

With more than a third of retailers facing overlapping vulnerabilities, compounding risk to cyber threat exposure, he added that its findings were “a wake-up call for the sector,” requiring it “to focus on the fundamentals: visibility, prioritisation and proactive monitoring.”

In response to its own cyber attack, Co-op announced a strategic partnership with The Hacking Games earlier this month. It aims to prevent future crime by identifying young cyber talent and channelling their skills to create a generation of “ethical hackers.” The move is part of Co-op’s long-term response to cyber security, after it admitted 6.5million Co-op members had their data stolen back in April following a breach.