Hackers are shopping for customer data. Are you next on their list?

Key takeaways:

• Data breaches and fraud events are increasing in the retail industry and hurting customer trust.
• Leading retailers prioritize cybersecurity by building a cyber-aware culture, automating incident response, and aligning cybersecurity initiatives with business goals.
• Deloitte’s cybersecurity and retail leaders help organizations assess their existing cybersecurity to identify gaps and create tailored solutions to protect customer data.  

You might have a loyal customer base. But if they feel their data is at risk, you could lose their trust. Shoppers are increasingly concerned about data privacy.

In turn, retailers must ask themselves whether they’re prepared for a cyberattack. Data breaches cause retailers to pay a lot for ransomware, which hurts their growth and financial performance. For example, one UK retailer estimates that a recent ransomware attack will cost them £300 million (CAD $550 million).¹

As retailers adapt to new digital channels and an increased risk landscape, cybersecurity can’t just be a technical box to check. Retailers who embed cybersecurity as a core part of their brand promise will be the ones who maintain and protect customer trust and revenue.

Retail cyber trends our retail leaders have noticed

1. Data breaches are eroding customer trust.

Customer data is a valuable currency for hackers. Every data breach is a gold mine of personal details, shopping history, and payment information. With new entry points to access data, breaches are becoming more common. And your customers have noticed.

According to recent data:

• 64% of shoppers are hesitant to shop with retailers that have experienced a data breach.
• 3 in 4 shoppers say it’s difficult to know which retailers have actually been breached.
• 1 in 3 shoppers have personally experienced a data breach.²

These attacks on customer trust have caused shoppers to reconsider where they shop.

2. The rise of AI is bringing data privacy and security concerns to the forefront.

Retailers have recently leveraged AI and other technologies to provide customers with personalized offers, incentives, discounts, and loyalty experiences. The goal is to streamline their experience while making them feel empowered to share more data.

But there is unease.

Overall, 70% of shoppers worry about sharing personal information with retailers, either because of data breaches or misuse (72%) or because they don’t know how their information will be used (70%).³ That said, 73% of Canadians are comfortable sharing their information in return for special offers, discounts, and enhanced shopping experiences.⁴

The takeaway? Customers don’t mind sharing personal data when they get value out of it. But they need to feel confident that their data is secured.

3. Fraud is increasing as retailers leverage agentic AI.

Retailers are betting big on agentic AI—systems that can make purchases, interact with customers, and automate complex tasks. The upside is enormous: 70% of shoppers are comfortable with AI making purchases on their behalf, and the technology is projected to unlock $17 trillion in new gross merchandise value.⁵

But the upside is there for threat actors as well. As AI becomes more prevalent, so does AI-enabled fraud:

• Retailers are facing AI-enabled attacks such as spear phishing campaigns, deepfake voice phishing, and chatbot impersonations.
• 87% of merchants expect an impactful increase in AI-enabled attacks in the next year.⁶
• Fraudulent traffic jumped by an average of 37% from Q2 to Q3 2025 for select merchants with significant orders referred by LLMs (large language models).⁷

Despite the risks, many retailers are struggling to keep up. Limited funding, skill gaps, and outdated technology are common barriers to effective fraud prevention.

Bottom line? If customers don’t trust you to keep their data safe, they will look elsewhere.

How leading retailers are responding

Here’s how leading retailers are getting ahead of cyber threats:

• Prioritizing protection of critical assets (“Digital Crown Jewels”): Retailers are identifying their most valuable digital assets (e.g. customer data, payment systems). Safeguarding these high-value targets is a core principle urging leading retailers to implement security controls accordingly.
• Continuous security modernization: Retailers are investing in next-generation technologies, such as advanced threat detection and automated incident response to stay ahead of evolving cyber risks.
• Building a cyber-aware culture: Through targeted training and regular simulations, retailers upskill employees at all levels to understand their role in preventing breaches, especially as new threats like AI-driven fraud emerge.

How Deloitte can help

Deloitte’s retail and cybersecurity experts offer a full spectrum of services to help retailers navigate this new landscape of increased threat.

Examples of our services include:

• Cyber risk assessment: Our comprehensive evaluations will benchmark your security posture against industry leading practices, identify gaps, and prioritize improvements.
• Cyber strategy & transformation: Tailored strategies and roadmaps strengthen your cybersecurity posture and align security initiatives with your business goals.
• Threat detection and monitoring: Proactive monitoring and advanced analytics can detect and neutralize cyber threats before they disrupt your business or customer trust.
• Crisis and incident response: Rapid, expert support can help you respond to and recover from a breach.
• Privacy and data protection: This includes tailored solutions to identify, protect, and track your most sensitive data assets, including data entrusted to you by your customers.
• Customer identity management: We deploy robust solutions to securely manage customer identities, streamline authentication, and enhance user experience across all retail channels.

Ready to reimagine retail cybersecurity?

Retailers face unparalleled cybersecurity threats in the age of digital shopping and personalization. As customers shop online for your products, hackers follow suit and shop for their data. But like many of the leading retailers we work with, your organization can get ahead of the threat.

Book a call with a leader below to beef up your cybersecurity.