The Retail industry continues to be a target for Financially motivated criminals looking to cash in on the combination of Payment cards and Personal information this sector is known for. Social tactics include Pretexting and Phishing, with the former commonly resulting in fraudulent money transfers.
725 incidents, 165 with confirmed data disclosure
System Intrusion, Social Engineering, and Basic Web Application Attacks represent 77% of breaches
External (84%), Internal (17%), Multiple (2%), Partner (1%) (breaches)
Financial (99%), Espionage (1%) (breaches)
Payment (42%), Personal (41%), Credentials (33%), Other (16%) (breaches)
Top IG1 Protective Controls
Security Awareness and Skills Training (14), Secure Configuration of Enterprise Assets and Software (4), Access Control Management (6)
- 2021 DBIR
- DBIR Master's Guide
- Results and Analysis
- Incident Classification Patterns
- Data Breach Statistics By Industry
- Accommodation Food Services
- Entertainment Data Breaches
- Educational Services Data Breaches
- Financial Services Data Breaches
- Healthcare Data Breaches Security
- Information Industry Data Breaches
- Manufacturing Data Breaches
- Energy Utilities Data Breaches
- Professional Technical Scientific Services
- Public Administration Data Breaches
- Retail Data Breaches Security
- SMB Data Breaches Deep Dive
- Introduction by Regions
- Year in Review 2021
- 2021 DBIR Corrections
- Download the full report (PDF)
The first noteworthy item in the At-a-Glance table is the difference in the number of incidents versus the number of confirmed data breaches. The main cause of this was a large number of DoS attacks (409) that were launched against this sector. And while System Intrusion was the top pattern for breaches (Figure 120), it came in second place for incidents where no breach could be confirmed (177 incidents in this pattern, 69 of which were confirmed breaches).
Our main point here is: Don’t let the low number of breaches fool you—this sector remains a target.
The System Intrusion pattern was prevalent, and tells the story of the common coupling of the Use of stolen creds with dropping Malware to capture application data. The Social Engineering pattern is a close runner up in this race, with Pretexting—where the adversary develops an invented scenario to get their target to take the bait (usually followed by a money transfer of some type)—being more common than we usually see in other industries (Figure 121). Don’t get us wrong, the Phishing lure is still effective here. It is difficult to determine if the targeting of employees via Pretexting is a sign that criminals are having to work harder for the money, or if it is just simpler for the attackers to dupe employees into committing fraud on their behalf.
Unsurprisingly, the top data types compromised include Payment card data (which is largely what makes this industry so very attractive to Financially motivated criminals), Personal data (also useful for various kinds of financial fraud), and Credentials (Figure 122). We’ve said it before, and we’ll say it again—everyone loves credentials. Credentials are the glazed donut of data types.
We’ve said it before, and we’ll say it again—everyone loves credentials. Credentials are the glazed donut of data types
Let's get started.
Choose your country to view contact details.
- Select Country...
- Costa Rica
- Hong Kong
- New Zealand
- United Kingdom
- United States
Call for Sales.
Or we'll call you.