Following high-profile cyber attacks on M&S, Co-op and Harrods earlier this year, UK retailers are reporting a rising number of cyber crime attempts on their businesses, says research by KnowBe4, with frontline teams, including helpdesks and IT support workers, increasingly being targeted.

Original research of over 250 UK retail IT security professionals by KnowBe4 showed that nearly all (99.6%) are facing significant increases in cyber threats. So much so, that 71% of retailers are now setting aside dedicated budget lines for potential ransom payments. 

Frontline retail teams become top scammer targets

Over half (58%) have reported rising instances of helpdesk and IT support teams being targeted, as scammers look to exploit frontline retail workers.  Helpdesk scams (58%), phishing (47%) and credential theft (54%) were cited as the most frequent and growing threats to the sector.

“These threats highlight the human dimension of modern retail cyber risk. Phishing, credential theft and helpdesk scams all exploit human decision-making,” said Javvad Malik, Lead Cyber Security Advocate at KnowBe4.

In response, three quarters (74%) are now investing in human-centric cyber security controls, with awareness training the top area for investment, followed by email security (69%) and risk assessment tools (64%).

Cyber security beyond the parameter

Nearly half (46%) of the retailers polled in the Cybersecurity Trends in UK Retail report experienced increased cyber attack attempts via third-party suppliers. This is an issue which was brought into sharp focus during the M&S breach earlier this year, after it emerged that vulnerabilities from a phished third-party vendor were the entry point to M&S’ systems for the hackers.

This highlights the importance of extending Human Risk Management (HRM) as a strategic pillar of cyber resilience beyond the perimeter, extending HRM strategies to both third-party partners and tech providers.

“Cyber security is not just a technical challenge; organisations need to embed human-centric defences throughout operations,” Malik added. “It is about changing behaviour and building cultures where secure choices are second nature.”