Press Room
Cipher identifies more than 800 cyberattacks on the retail sector in Europe in 2024
Spain heads the increase in attacks on retail in Europe, driven by ransomware campaigns and vulnerabilities in the supply chain.
Madrid, July 23, 2025 – The x63 Unit, part of Prosegur Group’s Cipher cybersecurity division, has detected more than 800 cyberattacks targeting the retail sector in Europe in 2024, reflecting the growing pressure on this important economic sector. In this context, Spain stands out among the countries with the highest year-on-year increase, with a 178% rise in attacks compared to 2023, placing it alongside the United Kingdom among the most affected European markets.
This escalation has placed retail as one of the three most vulnerable sectors, alongside business services and manufacturing. In the United States, the trend is also intensifying, with high-profile cases such as the cyberattacks suffered by MGM Resorts, Adidas, Salesforce and UBS, which have affected critical infrastructure, customer data and logistics operations.
The main attack vectors detected by Cipher include ransomware, personal and corporate data leaks, unauthorized access through social engineering and attacks on the supply chain through compromised third parties. Groups such as Ransomhub, Hunters, and ALPHV/BlackCat are leading these campaigns, using advanced infiltration and extortion techniques, as well as vulnerabilities in widely used software platforms in the sector, as was the case with the MOVEit attack that affected several global suppliers.
The consequences of these attacks are numerous and severe. At the operational level, many companies have suffered service interruptions, system outages, sales stoppages and logistical impacts that have compromised the consumer experience. At the economic level, the costs of data ransom, operational recovery and regulatory penalties amount to millions of euros. In terms of reputation, the deterioration of consumer confidence and damage to brand image pose a long-term challenge for those affected. In addition, growing regulatory pressure, both in Europe (GDPR) and in the United States is forcing companies to strengthen their data protection strategies and incident response plans.
A significant finding identified by Cipher is the evolution of victims' behavior in the face of these attacks. During 2024, only 28% of affected organizations agreed to pay the ransom demanded by cybercriminals, compared to 41% in previous years. This figure reflects greater awareness in the sector of the risks of financing criminal organizations, as well as a gradual improvement in preparedness and cyber resilience to deal with incidents without relying on payment as the only means of recovery.
In response, many companies in the retail sector are strengthening their cybersecurity strategies, increasing their investment in early detection tools, multi-factor authentication, staff training, system segmentation and business continuity plans. In addition, public-private collaboration has intensified, with shared initiatives for threat intelligence, the exchange of indicators of compromise and the coordinated deployment of defensive measures in critical environments.
Highlighting an “increasingly hostile retail environment”, Santiago Anaya, Global Chief Technology Officer at Cipher, explains: “Digitization not only drives new business opportunities, but also dangerously expands the attack surface. We are no longer talking about protecting online stores, but about shielding an entire chain that goes from the supplier to the end customer. Cyber resilience is not an option, but a strategic imperative to ensure operational continuity, consumer confidence, and the integrity of business operations."
Cipher emphasizes the importance of anticipating threats through proactive intelligence, attack simulations (red teaming), regular audits and robust digital security governance. The x63 Unit recommends companies in the retail sector adopt a comprehensive strategy that combines technology, processes and people, prioritizing prevention over-reaction in an increasingly sophisticated ecosystem under constant threat.