CYBERSECURITY AS A SUCCESS FACTOR

Digitalisation offers great opportunities for the retail industry. At the same time, however, the risk of becoming the target of cyberattacks is growing. EuroCIS 2025 showcased developments and solutions. 

At Europe's most important trade fair for retail technology, which took place in Düsseldorf in February, the Cybersecurity Hub offered the retail industry an ideal platform for gathering information. ‘Cybersecurity is essential in retail. As digitalisation increases, retailers need to protect their systems from cyber threats. After all, customer confidence in the security of their data is a valuable asset,' explains Elke Moebius, Director of EuroCIS. The Cybersecurity Hub is an important contribution to this: In cooperation with the auditing and consulting firm KPMG, an exclusive special area was created on the exhibition grounds where selected providers presented their innovative approaches to increasing cybersecurity. KPMG offers companies comprehensive advice on cyber security: from strategic orientation and planning of individual measures to compliance with legal requirements and implementation and realisation projects. For Markus Limbach, this has been part of his daily work for more than 18 years. He heads the cybersecurity team at KPMG's Cologne office. He is convinced that cybersecurity has become a key success factor for retailers in the course of digital transformation. 

He explains that companies are now aware of this. However, ‘the pressure to act is still very high. A lot is happening in retail. Outdated systems are being replaced by new technologies, and a lot is becoming more automated. AI is also being used more and more. There is a strong shift towards the omnichannel model, i.e. from the store to digital sales channels such as online shops. The stores themselves are also becoming more digital. This starts with price tags and ends with smart freezers. This increases the potential scope for cyberattacks,’ the cybersecurity expert points out. It is a correlation that the German Federal Office for Information Security (BSI) also addresses in its new report on the state of IT security in Germany. Specifically, the report states that the attack surface is increasing as digitalisation progresses: complex and vulnerable systems are on the rise. In 2023 alone, an average of 78 new vulnerabilities will be discovered every day in software products across all sectors in Germany. According to Markus Limbach, early detection and structured remediation are essential to improving cybersecurity: ‘All software has vulnerabilities. Due to the large number of potential gateways, companies can hardly keep up with the task of closing them completely. This makes it all the more important to use a risk-based approach to classify vulnerabilities and prioritise the implementation of the necessary measures. The more vulnerabilities there are in the digital infrastructure, the easier it is for cybercriminals to penetrate the organisation.’ Businesses can benefit from security solutions that proactively identify vulnerabilities and anticipate attack vectors, such as the theft of credentials. 

Ransomware attacks are a major threat: a Trojan is used to encrypt parts of the digital infrastructure. Companies can no longer access their systems and are blackmailed. The BSI sees ransomware as the biggest cyberthreat to commercial enterprises. Further damage is often caused by password theft and phishing emails. In the retail sector, cybersecurity expert Limbach cites the issue of customer data as a particular challenge: from loyalty programmes to payment processes, a wealth of data is collected that needs to be protected. As well as companies, consumers can also do their bit to protect their data: the BSI provides tips on how to recognise secure online shops on its website. 

At EuroCIS 2025, the Cybersecurity Hub focused on other security topics that are particularly relevant to the retail sector. These include the security of SAP environments, which are widely used but still too often neglected in terms of security, the area of operational technology, i.e. everything that happens in warehouse logistics, for example, and identity management, which is used to manage identities and assign access rights. For Markus Limbach, comprehensive cybersecurity goes one step further than simply implementing the necessary measures: ‘At the end of the day, how you respond to an attack is also crucial. Not enough attention is paid to resilience, or cyber resilience. Companies need to be able to detect an attack early, contain it and develop countermeasures. They also need to be able to recover systems in an emergency, for example using an offline backup. And to do this in a reasonable timeframe in order to remain operational.’ Another challenge is the EU's NIS 2 directive, which aims to increase cyber security across Europe. It requires companies of a certain size and depending on other factors to comply with a number of regulations. The EU requirements are expected to come into force in Germany as early as 2025. Cybersecurity experts are on hand to help analyse the situation and implement the necessary measures. 

The tasks retailers need to tackle to improve their cybersecurity are complex - and can be a real challenge for smaller businesses with limited budgets. So where should they start? Markus Limbach recommends conducting a risk analysis to determine costs and benefits, and implementing key measures within an economically viable framework. And: ‘Everyone needs to do the basics, regardless of their financial situation. A basic level of security is required. Most attacks are successful using simple methods such as phishing emails. Making employees aware of the problem is an important first step,’ he explains. • 

Text: Dominik Deden
Pictures: Messe Düsseldorf / ctillmann