Retailers across the globe are confronting a growing ransomware threat that is becoming more damaging by the day.
A new industry report shows that 46% of ransomware incidents in retail were caused by unknown security gaps, meaning weaknesses that organizations did not detect or fully understand.
These blind spots have now emerged as the leading cause of ransomware breaches in the sector, indicating the dangerous reality that attackers may already know more about a retailer’s systems than the retailer itself.
Financial losses from these attacks are escalating sharply. The median ransom demand has shot up to around $2 million, doubling in just one year. The average amount paid by retailers has also risen to roughly $1 million, a 5% increase compared to the previous year.
The report shows that 58% of retail victims whose data was encrypted chose to pay the ransom, which is among the highest payment rates seen since data began being collected.
That trend reveals the immense operational pressure businesses face when core systems and customer information are suddenly locked out of reach.
There are still some encouraging signs indicating progress. Only 48% of retail attacks now result in full data encryption, the lowest level recorded in five years.
This suggests that more organizations are detecting attacks earlier and interrupting them before the damage becomes catastrophic. However, cybercriminals are shifting strategies as well.
Extortion only attacks where criminals steal information and demand payment without encrypting systems have tripled in two years, increasing from 2% to 6%. This demonstrates that attackers will continue evolving to bypass any defensive improvements.
The causes behind these intrusions reflect both technical and operational shortcomings. In addition to the unknown vulnerabilities that dominate the findings, known security weaknesses that remain unpatched account for 30% of attacks.
Meanwhile, 45% of retail organizations cite a lack of in house cybersecurity expertise as a major weakness, and 44% report that not all parts of their technology environment are properly protected.
For retailers in Africa including Kenya, these findings serve as a timely warning. Many operate with limited security resources and must balance digital transformation with risk readiness.
The report makes it clear that retailers must enhance visibility across all digital assets, strengthen staff skills, continuously monitor for threats and maintain well tested recovery plans.
While there are signs of improvement, cybercriminals continue raising the stakes. Retailers must move from reacting to attacks to anticipating them, protecting every area of their operations and ensuring resilience before a crisis hits.
