Security Assessment Tool for Retail




Get your free security rating
  • Breaches in Retail are primarily carried out by organized crime and are almost exclusively financially motivated. Last year’s trend of transitioning from “card present” to “card not present” crime continues. This also drives a decrease in RAM scraper malware. Personal data figures prominently in retail breaches, and is tied with payment for the top kind of data compromised.

  • Total incidents


    The number of security incidents (Nov 2018 to Oct 2019) analyzed in this sector in the 2020 DBIR.

  • Top three patterns

    Web Applications 

    Everything Else 

    Miscellaneous Errors 

    The top trends that emerged from this sector’s data (Nov 2018 to Oct 2019) in the 2020 DBIR.

  • Threat actors 

    75% External 

    75 percent

    25% Internal 

    25 percent

    1% Partner 

    1 percent

    1% Multiple 

    1 percent

  • Actor motives 

    99% Financial 


    1% Espionage 

    1 percent

  • Data compromised 

    49% Personal 

    49 percent

    47% Payment 

    47 percent

    27% Credentials 

    18 percent

    25% Other 

    18 percent


  • Data theft is scaling up

    As online sales have grown over the past several years, attackers have turned their attention from Point-of-Sale devices to Web Applications. This may be because attacking a website or server that holds volumes of payment data is more efficient than infiltrating a network, searching for PoS devices and installing malware individually.

  • Pick up the pace on security patches

    Stolen credentials and exploitable web apps were constant vulnerabilities in this industry, but only about half of vulnerabilities were patched within the first quarter after they were discovered. It’s best to handle them as soon as possible, so problems don’t become worse and cripple you later.

  • Safeguard all types of customer data

    Payment info was some of the data most sought by attackers in this industry, since it can be quickly monetized. And since personal data like email addresses and phone numbers are often wrapped up with payment data, it can easily wind up in criminals’ hands, too. So, be sure you securely process, store and transmit both payment and personal data.

  • See the latest trends in cybersecurity.


    Explore the results of the 2020 Data Breach Investigations Report (DBIR) and see what patterns emerged across the thousands of security incidents, from companies both big and small.


    See an overview of all trends

Read specific insights about your industry

  • 2020 dbir cover
  • Understanding the threats can help manage risk effectively

    The threats are real, the attackers motivated. But something stands between them and your organizations data: you and your security teams, with the insight, perspective, and tools to take action. You'll find that all right here.

    Download the report