Kaspersky said it released the 2025 retail and e-commerce security report (2025 Security Bulletin), which analyzes the current state of security in the retail (brick-and-mortar and e-commerce) and e-commerce industries and future threat trends.
The report analyzed major cyberthreats affecting general users and corporate environments, along with real-world security incidents. In addition to threats from an individual user's perspective, it also addressed B2B (business-to-business) security challenges faced by retail and e-commerce corporations.
According to Kaspersky's analysis, as of 2025, 14.41% of users in the retail sector encountered web-based threats, and 22.20% were exposed to on-device threats. Among retail and e-commerce corporations, 8.25% experienced ransomware damage, and the number of unique B2B users in the sector who encountered Ransomware Detection increased 152% compared with 2023. In addition, 6,651,955 phishing attacks impersonating online shopping malls, payment systems, and delivery services were detected, and 50.58% of them were analyzed as directly targeting online shopping mall users.
Cybersecurity trends in retail and e-commerce in 2025 were characterized by the simultaneous emergence of the spread of information-stealing malware disguised as legitimate apps distributed through official app stores, an increase in Trojan-Ransom.Win32.Dcryptor ransomware families abusing the DiskCryptor utility, and large-scale phishing impersonating online shopping, payment, and delivery, as well as an expansion of social engineering attacks timed to sales seasons.
Regarding the 2026 security outlook, the report also presented new risk factors stemming from the expansion of AI-based shopping environments. As AI chatbots take hold as a means of product discovery, user preferences, situational information, and search context are being amassed in large volumes as conversation logs, and the analysis said the likelihood that this data could turn into privacy violations and information exposure risks is increasing. It also cited as major issues the possibility that changes in taxes, tariffs, and cross-border trade rules could be exploited for phishing and fraudulent shopping sites; data collection problems by AI shopping assistants extending beyond platforms; and the risk of exposing sensitive information such as faces and addresses as image-based product search becomes commonplace.
Anna Lakhina, a Kaspersky web data and privacy analysis specialist, said, "The way people find products online is shifting from keyword-centric to conversational and visual exploration, and in such an environment, user input data becomes more diverse," and added, "Careful management across the entire data processing chain is crucial to maintaining user trust."