New study shows Human Risk Management emerges as key defence against rising cybersecurity threats
KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today released a new report entitled IT and Cybersecurity Trends in UK Retail: 2025 Survey Insights. The findings revealed nearly all (99.6%) of the 250 UK retail IT security professionals surveyed are facing a significant increase in cyber threats. Notably, 58% cited an increase in helpdesk/IT support scams that exploit frontline workers.
To combat this, retailers in the UK are responding with greater investment, board-level engagement and a growing focus on Human Risk Management (HRM). Conducted in June 2025, the research paints a picture of an industry rapidly evolving its defences in the wake of major breaches at Marks & Spencer, Co-op and Harrods earlier this year.
Key findings at a glance
- Threats intensify: Nearly all respondents reported increases in phishing, fraud, supply chain exploitation and social engineering attacks.
- Supply chain weak spots: 46% identified third-party suppliers as their biggest security gap.
- Budgets and leadership rise to the challenge: 72% reported increased executive attention; 58% increased security budgets.
- Human-centric controls dominate spend: 74% invested in security awareness training, the top investment area.
- HRM over compliance: Retailers prioritise cultural change, not just education, to drive secure behaviours.
- Preparedness is there, but lacks follow-through: 91% conducted audits; 96% have an incident response plan, though only 65% have tested them.
- Ransomware reality: 71% have a dedicated budget for potential ransom payments.
Helpdesk scams (58%), phishing (47%) and credential theft (54%) were cited as the most frequent and growing threats to the UK retail sector. In addition, nearly half of respondents experienced increased attacks via third-party suppliers, an issue brought into sharp focus by the recent Mark & Spencer breach, traced back to a phished third-party vendor.
“These threat vectors highlight the human dimension of modern retail cyber risk. Phishing, credential theft and helpdesk scams all exploit human decision-making,” said Javvad Malik, lead cybersecurity advocate at KnowBe4. “The report is a reminder that cybersecurity is not just a technical challenge and organisations need to embed human-centric defences throughout operations. While we are seeing progress here, ultimately it is not enough to just have a plan on paper. In addition to an investment in awareness training, behavioural change initiatives and creating strong and positive cultures that support secure decision-making, retailers need to ensure response plans and processes are well tested and communicated to employees. It is about changing behaviour and building cultures where secure choices are second nature.”
The full report can be viewed here.
About KnowBe4
KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organisations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven ‘best-of-suite’ platform for Human Risk Management, creating an adaptive defense layer that fortifies user behaviour against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilises personalised and relevant cybersecurity protection content, tools and techniques to mobilise workforces to transform from the largest attack surface to an organisation’s biggest asset. More at https://knowbe4.com.
