A recent report by Sophos reveals that 58% of retailers affected by ransomware have opted to pay the ransom, a notable increase amidst rising demands, which have doubled to a median of $2 million.
As the retail sector faces mounting challenges, insights from the report are particularly salient for IT infrastructure and security leaders in Southeast Asia, navigating an increasingly complex threat landscape.
The Sophos "State of Ransomware in Retail 2025" report highlights that nearly half of the ransomware incidents stemmed from security gaps that organisations were previously unaware of.
Specifically, 46% of attacks exploited unknown vulnerabilities, while another 30% targeted known weaknesses. The increasing complexity of these attacks underscores the need for enhanced visibility across the retail attack surface.
Chester Wisniewski, director of global field CISO at Sophos, noted, “Retailers globally are facing a more complex threat landscape where adversaries are constantly on the lookout for and exploiting existing vulnerabilities.”
He added, “Without comprehensive security strategies, retailers risk ongoing operational disruption and reputational damage.” This statement stresses the urgency for Southeast Asian retailers to assess their cybersecurity posture proactively.
While the report shows a worrying trend in payment rates, it also indicates a slight improvement in defensive measures. The percentage of attacks stopped before any encryption occurred has reached its five-year high, suggesting that many retailers are enhancing their ability to detect and neutralise threats before they escalate.
Despite this, data encryption remains a significant concern, impacting 48% of attacks — the lowest rate recorded in five years.
The challenges are compounded by a lack of in-house expertise, which further complicates threat detection and response. Limited knowledge in managing cybersecurity services has resulted in 45% of operational compromises, emphasising the need for improved training and skills development among IT teams in the region.
Sophos suggested several recommendations for retailers to fortify their defences against ransomware threats. These include addressing root causes of vulnerabilities, ensuring all endpoints are protected, and maintaining continuous visibility of networks.
Partnering with Managed Detection and Response (MDR) providers can also help organisations bolster their security measures with 24/7 monitoring.
As the retail sector faces these ongoing challenges, the insights provided in the report highlight not only the vulnerabilities but also the strategies available for strengthening cybersecurity.
For IT leaders in Southeast Asia, this research serves as a timely reminder to reassess their security frameworks and enhance their preparedness against the evolving threat landscape.
