In 2025, the retail and e-commerce sector continued to face intense strain from cybercriminals. In accordance with Kaspersky information, 14,41%* of customers within the world retail sector encountered web-based threats, whereas 22,20% have been affected by on-device assaults.
Ransomware stays a critical concern for the trade. Final yr, 8,25% of retail and e-commerce corporations skilled ransomware incidents, and the variety of distinctive B2B customers within the sector affected by ransomware detections rose by 152% in comparison with 2023, signalling a pointy escalation in focused assaults.
Phishing additionally continues to be a significant menace vector. Kaspersky recognized 6.7 million phishing assaults concentrating on customers of on-line shops, supply companies, and cost programs in 2025. Greater than half of those assaults (50,58%) have been aimed particularly at on-line shops, underscoring cybercriminals’ give attention to e-commerce platforms as high-value targets for fraud and information theft.
A take a look at 2025 cybersecurity for retail & e-commerce: Tendencies and what occurred
A stealer with a style for pizza supply. Purchasing and meals ordering through cell apps are routine consumer behaviours. Nevertheless, 2025 demonstrated that even downloading a seemingly respectable app from an official app retailer doesn’t assure security, nor does it make sure that consumer information and monetary credentials is not going to be compromised.
Ransomware detections within the B2B sector elevated on account of a single dominant actor. The variety of distinctive customers within the Retail & E-commerce sector who encountered ransomware detections elevated by 152% in 2025 in comparison with 2023 (Nov 2024 – Oct 2025 vs. Nov 2022 – Oct 2023). Probably the most vital development occurred through the 2024-2025 interval and is basically attributable to the speedy unfold of the Trojan-Ransom.Win32.Dcryptor household, which turned extremely prevalent throughout the retail and e-commerce sector in a few of the analysed markets. This malware is a trojanised ransomware variant that leverages the respectable DiskCryptor utility to encrypt disk partitions on sufferer programs.
Phishing exercise within the on-line retail section stood out. Regardless of being a long-established assault approach, phishing stays extremely prevalent within the context of on-line buying. From November 2024 by means of to October 2025, Kaspersky merchandise blocked 6,651,955 makes an attempt to entry phishing hyperlinks concentrating on customers of on-line shops, cost programs, and supply companies. Of those makes an attempt, 50.58% focused internet buyers, 27.3% impersonated cost programs, and 22.12% focused customers of supply corporations.
Retail & E-commerce phishing assaults by class (November 2024 – October 2025).
Gross sales seasons proceed to do the work for attackers. Seasonal peaks in on-line buying persistently present attackers with predictable alternatives to scale user-focused assaults. Durations of heightened promotional exercise decrease consumer vigilance and permit acquainted phishing and spam situations to mix into respectable advertising visitors, rising their general effectiveness.
Predictions: What retail & e-commerce cybersecurity would possibly face in 2026
Chatbots are prone to change into a typical product discovery software throughout on-line marketplaces. In contrast to conventional search, conversational interfaces encourage customers to share extra detailed, natural-language requests, revealing preferences, constraints, and contextual data. This shift expands the privateness assault floor, as platforms accumulate richer consumer profiles by means of chat interactions. Consequently, chatbot logs could change into as delicate as transactional information, rising the dangers of over-collection, misuse, or publicity of private data.
“Search itself is altering, together with how folks search for merchandise on-line. In 2025, there was a gradual shift from easy key phrase queries to extra conversational and visible methods of discovering what to purchase. As these fashions depend on broader consumer enter, cautious dealing with of the info concerned will stay an essential consideration for sustaining consumer belief,” feedback Anna Larkina, Net information and privateness evaluation professional at Kaspersky.
Modifications in taxes and commerce guidelines is likely to be exploited in on-line fraud. Modifications in taxes, import duties, and cross-border commerce guidelines are seemingly for use as lures in phishing campaigns and fraudulent on-line shops, selling unrealistically low-cost gives or claims of prevented charges. As pricing and price guidelines proceed to evolve throughout markets, it might decrease vigilance, rising the effectiveness of such schemes, significantly in opposition to small and mid-sized retailers.
AI-powered buying assistants are anticipated to more and more function outdoors retail platforms, embedding themselves into browsers, cell apps, and third-party companies. Whereas designed to simplify navigation and worth discovery, these instruments shift information assortment past the retailer’s perimeter, creating new and fewer seen privateness dangers. To operate successfully, exterior AI buying brokers require steady entry to consumer behaviour, together with shopping exercise, search intent, location context and product interactions throughout a number of websites. This allows the aggregation of detailed behavioural profiles outdoors the direct management of each customers and retail platforms, rising the dangers of over-collection, opaque information utilization, and unintended publicity.
Picture-based product search would possibly change into a brand new problem in privateness dangers. Beforehand, the principle privateness concern round consumer pictures in e-commerce was restricted to pictures voluntarily shared in product evaluations. Nevertheless, image-based product search is predicted to make photograph uploads a routine a part of the buying expertise throughout main retail platforms. Whereas this characteristic improves product discovery, it additionally will increase the chance of unintended publicity of private information. Consumer-submitted pictures could comprise faces, residence environments, or delicate particulars, akin to names, telephone numbers, or addresses seen on transport labels or packaging, making safe processing, information minimisation, and restricted retention essential necessities for retailers.
The complete retail and e-commerce report is out there by hyperlink.
Kaspersky specialists advocate the next to maintain protected:
- Guard your privateness with sensible instruments. Be cautious about what you share and keep away from importing private pictures or particulars in queries. Your interactions assist construct a profile used for adverts and repair enhancements.
- Confirm senders and hyperlinks. Don’t belief reductions or order notifications from emails or messages. At all times double-check the sender’s deal with and manually sort the shop’s web site URL into your browser as a substitute of clicking on any hyperlinks you obtain.
- Analysis the shop earlier than shopping for. In the event you’re buying at a brand new or unfamiliar on-line retailer, take a second to examine its legitimacy: search for buyer evaluations, guarantee the web site deal with is spelled accurately, and make sure that the positioning pages look skilled and polished.
- Monitor your card transactions commonly. Fraudulent expenses can slip by means of unnoticed. Make it a behavior (e.g., as soon as every week) to log into your on-line banking or cell app to overview all current transactions. In the event you spot something suspicious, block your card and get in touch with your financial institution instantly.
- Undertake a proactive safety method to guard in opposition to malware and information theft. Use dependable cybersecurity software program like Kaspersky Premium to forestall infections and scan your machine commonly. In the event you uncover an contaminated app, take away it instantly and don’t reinstall it till a confirmed, clear replace is launched. Complement this by managing delicate information securely: keep away from storing passwords or restoration phrases in your photograph gallery or notes; as a substitute, use a devoted, trusted password software program akin to Kaspersky Password Supervisor.
For retail & e-commerce organisations we advocate:
- Defend company infrastructure in opposition to a variety of threats, together with phishing and ransomware. Use options from the Kaspersky Subsequent product line that present real-time safety, menace visibility, investigation and superior response capabilities. If an organization lacks cybersecurity employees, it might probably undertake managed safety companies akin to Kaspersky Managed Detection and Response (MDR) and / or Incident Response that covers your entire incident administration cycle – from menace identification to steady safety and remediation.
*Figures are primarily based on KSN Knowledge, November 2024 by means of October 2025.
