Australian retailers face rising cyber threats as Black Friday nears
Australian retailers are facing heightened cyber risk in the run-up to Black Friday, with an increase in online shopping fraud and greater financial losses reported by small businesses. The combination of higher transaction volumes and demand during holiday sales events is presenting growing opportunities for cybercriminal activity.
Rising losses
According to the Australian Cyber Security Centre's Annual Cyber Threat Report 2024 to 2025, around 85,000 cyber incidents were reported across the country. While overall incident numbers saw a modest drop, the average cost of each incident for small businesses increased to more than AUD $56,000, a 14 per cent rise on the previous period. Cybercrime is now reported every six minutes, with the retail sector viewed as one of the most vulnerable.
Peak period threats
Ben Le Huray, Solutions Architect Team Leader at Ingram Micro Australia, pointed out that the conditions favouring Black Friday sales also create ideal circumstances for cyber threats.
"Black Friday encourages rapid decision making from customers who want to secure limited time bargains. It also places pressure on retail teams who manage increased order volumes, high in store traffic, promotional campaigns, and accelerated delivery timelines. Cybercriminals understand this environment and design scams that imitate genuine retail activity," said Le Huray, Solutions Architect Team Leader, Ingram Micro Australia.
Le Huray highlighted recent incidents involving major global retailers and manufacturers during peak shopping periods, underlining how disruptions can have significant financial and operational effects. "International events demonstrate what is at stake when a cyber incident strikes during peak retail activity. IKEA suffered a significant cyber attack during the 2024 Black Friday period that forced multiple operations into manual mode and resulted in millions of dollars in lost sales and remediation costs. The incident affected point of sale transactions, staff access, and product availability at precisely the time when customer demand was at its highest.
"The automotive sector has recently shown how severe the consequences can become when an attack disrupts global operations. Jaguar Land Rover experienced a major cyber incident that required the British Government to provide a guarantee of GBP £1.5 billion to stabilise operations and support recovery. This event highlights the scale of risk that modern supply chains carry and shows how a single breach can produce significant financial and operational impact," said Le Huray.
System weaknesses
Le Huray noted that retail operations are increasingly exposed by their own digital infrastructure. Poorly configured application programming interfaces between eCommerce and fulfilment systems, unpatched third-party plugins, and insecure payment integrations offer opportunities for exploitation, particularly during periods of peak demand. The fallout can include system outages, disrupted deliveries, payment issues, and dissatisfied shoppers.
Retailers are responding by seeking assurances that their systems are robust before high-volume trading begins.
"Across our partner network, we have seen sustained growth in demand for independent validation. Retailers want assurance that systems are configured correctly and that vulnerabilities have been addressed before high volume periods begin. Independent assessments, including penetration testing and configuration reviews, provide a neutral view of risk and help retailers identify weaknesses in eCommerce platforms, point of sale infrastructure, payment gateways, and cloud environments," he said.
Staff training
Le Huray identified staff training as a key control for reducing exposure to scams. Retail teams should be able to recognise attempts such as phishing or impersonation, particularly when working under pressure and tight timeframes.
"Training is one of the most effective controls available to retailers. It helps staff understand the types of scams that emerge during retail events and equips them to identify suspicious behaviour. Training improves awareness of phishing, fraudulent refund requests, supplier impersonation attempts, and social engineering tactics that target frontline workers who operate under time pressure," Le Huray said.
Automation and capacity
Automation is emerging as a support tool for retail IT departments as they face capacity constraints during busy trading periods. Routine checks and processes can be maintained even when staff are stretched, helping keep operations running smoothly.
"We regularly see automation used by partners to support consistency, reduce oversight, and give staff time to focus on tasks that require interpretation and decision making. During Black Friday, when pressure on systems is highest, automation ensures that essential checks continue to run and that issues can be addressed before they affect customers," he said.
Retailers are also turning to external flexible support, such as on-demand cyber engineering resources, as they prepare for surges in digital transactions.
"At Ingram Micro, we are seeing growing demand for capacity on demand, which refers to the ability for an organisation to access extra resources when needed. In the case of retailers and service providers, this allows them to engage cyber engineers by the half day or through targeted project work," Le Huray said.
"Retailers that prepare early and empower their teams are better positioned to manage rising threats and stronger demand. With the right preparation, Australian retailers can enter Black Friday with confidence," said Le Huray.
