India’s Retail Industry Most Vulnerable to Ransomware

India’s Retail Industry Most Vulnerable to Ransomware

India’s retail industry is currently experiencing an exponential growth period, with predictions forecasting the local market will reach 1.5 trillion by 2023, growing by nearly 700 billion since the start of the decade. This growth, largely driven by socio-economic factors such as urbanisation, income growth and a rise in nuclear families, brings with it an unfortunate consequence: The emergence of arobust, largely local threat landscape.

According to The Sophos State of Ransomware 2021, India saw the highest frequency of ransomware attacks in the entire world this past year, with 68 per cent of respondent organizations from India suffering an attack.

One of the top reasons behind India’s ransomware crisis is the predominant level of domestic ransomware, with Indian threat actors regularly exploiting and attacking local businesses.

The retail industry is a particularly attractive target for ransomware due the large volume of valuable personal and financial data retailers’ store. Sophos’ State of Ransomware in Retail 2021 found that 44 per cent of retail sector respondents suffered an attack last year, the highest of all sectors and significantly more than the global average of 37 per cent. In addition, Sophos also reported 20 per cent of retail respondents admitted to having weaknesses or gaps in their cybersecurity.


This research reveals an urgent need for retailers to improve their cyber security posture, enhancing defence, recovery, and awareness to protect sensitive data from threat actors.

Paying the ransom?

One of the key questions regarding ransomware in recent years has been around whether to pay the ransom to retrieve stolen data. Threat actors will lead you to believe the only way to get your stolen data back is to comply with their demands, and any other approach will leave you with nothing. However, paying the ransom does not guarantee complete data recovery, or any data recovery for that matter. As seen in Sophos’ research, victims who pay the ransom retrieve on average two-thirds (67%) of their data, while only nine per cent of those who paid the ransom got all of their data back.

With the average remediation cost for the retail sector totalling US 1.97 million (considering downtime, hours lost, device cost, network cost, lost opportunity, ransom paid, etc.), its crucial organisations invest proactively in their cybersecurity. From employing real-time incident response tools like Sophos XDR to stop threats and provide layered protection, toensuring data is securely backed up and appropriate recovery processes are in place, retailers must improve their cybersecurity posture as a matter of urgencyin 2022.

why marketers should care about cybersecurity

Who is at risk?

As we race into the fourth industrial revolution and our world continues to rapidly move online, every single organisation in the world is at risk of ransomware attacks. Over the past year and through the pandemic,cybercriminals have fine-tuned their approach, taking on bigger targets with increasingly sophisticated strategies.Targeted ransomware attacks have become more impactful and frequent, with organisations relying on legacy systems the most at risk. Consequently, it is becoming more crucial than ever for Indian businesses to overhaul their cybersecurity strategy.

Making the investment

The majority of Indian organisations (80 per cent) are likely to increase their cybersecurity budget in 2022, according to global consultancy firm PwC. This survey reveals Indian businesses are realising the prevalence of ransomware attacks and responding appropriately. As part of this response, retailers should focus on strengthening their cyber resilience with a holistic strategyto mitigate the risk and impact of ransomware attacks.

indian pharma firms at high ransomware attack risk in 2021

Developing a robust cybersecurity posture is critical in today’s world. Indian retailers should focus on building strong defences, providing security skills training for users to better prepare against ransomware, and employ appropriate technology to defend against, and recover from ransomware with layered protection.


Article Proofread & Published by Gauri Malhotra.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker