New findings from Six Degrees highlight a concerning gap between the perceived and actual cyber security resilience in the UK retail sector. Despite the majority of retailers expressing strong confidence in their cyber defences, one in five concede that their current systems would fail against a cyber-attack, according to the Six Degrees Retail Whitepaper.
This discrepancy is alarming given the sector’s escalating exposure to cyber threats, with many respondents acknowledging an increased risk compared to the previous year.
The research from Six Degrees evaluates retailer confidence against the National Cyber Security Centre’s (NCSC’s) 10 Steps to Cyber Security, examining critical aspects like risk management, identity and access management, and data security.
Confidence levels among retailers are generally high, with risk management at an 84% confidence peak. Interestingly, supply chain management, despite being the weakest confidence area at 76%, remains notably robust. This confidence is in stark contrast to the frequency of supply chain attacks reported over the past year.
Despite assurances about their security postures, retailers are experiencing tangible repercussions from cyber-attacks. The most reported issues include logistical disruptions, such as challenges in restocking goods, alongside a significant impact on customer satisfaction affecting processes related to dispatch and delivery. Additionally, around 25% of retailers face issues concerning insurance, reputation, and legal risks.
According to Vince DeLuca, CEO of Six Degrees, retailers struggle significantly with recovery times post-attack, with only a small fraction restoring full operations within the first few weeks.
DeLuca states: “Retailers feel the impact of cyber-attacks acutely because recovery is often slow… This disconnect highlights a deeper issue: when cyber security reporting doesn’t reflect reality, businesses remain exposed.”
This sentiment is echoed in further findings where cyber security remains the top investment priority among IT decision-makers, underscoring the misalignment between perceived and actual capabilities. Despite high confidence levels, retailers continue to prioritise cyber security investments, even more so for those affected by recent attacks.
The survey indicates hidden weaknesses in cyber strategies, pioneering IT leaders to struggle with securing necessary cyber funding, with competing business priorities cited as a significant hurdle by nearly one-third of respondents.
DeLuca concludes, urging retailers to reassess their stance: “The message to retailers is clear: cyber security confidence does not equal resilience… True resilience requires time, commitment, cultural alignment, and leadership from the top.” He stresses the importance of continuous evaluation to bolster defences, especially in facing persistent threats within the sector. As cyber threats continue their focus on the retail sector, proactive steps to close the confidence gap could be crucial in averting potential crises in 2026.
