*By Luciano Costa
The retail sector, increasingly digital and technology-dependent, has become a prime target for cybercriminals. Nearly 251,000 of all cyberattacks worldwide today target retail companies. An estimated 80,000 global retailers were attacked last year—many facing multiple incidents, such as website malware infections, fraudulent transaction attempts, and payment gateway breaches.
The financial impacts are also escalating: the average cost of a retail data breach reached approximately US$3.91 million in 2024, an increase of US$181,000 compared to the previous year. Beyond the direct financial loss, these incidents undermine consumer confidence – 62,000 customers say they don't trust the security of their data with retailers.
Main risks: data, availability and fraud
Several cyberthreats impact modern digital retail, the most critical of which are sensitive data leaks, system outages, denial-of-service (DDoS) attacks, and online fraud. Leaks expose confidential customer information, potentially resulting in loss of trust, regulatory penalties, and damage to brand reputation. Downtime caused by failures or attacks, such as ransomware, paralyzes essential systems, impacts sales, and can lead to significant financial losses.
DDoS attacks, especially critical during campaigns like Black Friday, can bring down websites by overloading servers with malicious traffic, causing immediate loss of sales and damaging the company's image. Digital fraud, such as the use of stolen cards and payment interceptions, exploits flaws in the process and is difficult to prevent due to its speed and lack of clear standards. These risks often combine, reinforcing the need for a structured and holistic approach to digital security to mitigate business impacts.
Structured IT Governance: The Key to Risk Mitigation
To address growing threats, digital retailers need to adopt robust and well-structured IT governance, based on best practices and compliance.
This includes everything from pre-planning responses to different attack scenarios to implementing redundant IT architecture and business continuity plans. With governance, the company can anticipate threats and prepare responses, rather than reacting chaotically after the damage has occurred.
For example, well-trained security teams and defined protocols can contain a ransomware attack before it spreads, or isolate an affected system to keep the rest of operations running. This proactive approach dramatically reduces both the frequency and impact of incidents.
Robust IT governance in digital retail must be based on essential pillars, such as clear security policies that define detailed protocols, periodic audits, and ongoing employee training. Furthermore, it's crucial to implement rigorous access management, adopting the principle of least privilege and advanced authentication tools, minimizing internal vulnerabilities and preventing misuse. Complementing these practices, it's essential to automate critical processes such as security updates, continuous monitoring, and frequent backups, reducing human error and accelerating response times.
In short, as retail becomes more digital and cybercriminals become more emboldened, investing in solid IT governance and rigorous security practices is no longer optional – it's a strategic imperative for survival and success in the industry.
Well-structured governance, supported by market best practices and adherence to compliance standards, mitigates cyber risks and increases the operational resilience of retail companies. This means protecting critical data and essential systems from threats, but also ensuring that, even in the event of an incident, the company can maintain its operations or recover quickly.
The outcome is twofold: preserving business continuity and maintaining customer trust in a secure digital shopping environment. In a constantly evolving threat landscape, the ability to anticipate risks and respond effectively can define which retail organizations will thrive in the digital age safely and sustainably.
About Setrion
Founded in 2005, Setrion Software is a Santa Catarina-based company specializing in developing SaaS solutions for customer service, help desks, and business workflow management. Its flagship product, Milldesk, is a national 100% platform recognized by the market for its efficiency, innovation, and adherence to ITIL best practices.
Serving over 600 clients in Brazil and Latin America, across a variety of sectors such as manufacturing, pharmaceuticals, healthcare, government, technology, financial services, and education, Milldesk helps over 80,000 monthly users optimize internal processes, managing approximately 1.6 million notifications and over 125,000 requests each month. Recognized nationally for its technical excellence and customer focus, Setrion Software remains committed to growth and innovation in the Brazilian technology market.
*Luciano Costa, co-founder of Setrion Software and Milldesk
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies
EN 
PT 
