Deep Instinct recently released the sixth edition of its Voice of SecOps Report, Cybersecurity & AI – Promises, Pitfalls, and Prevention Paradise, which sheds light on how leaders across seven industries, including the retail and eCommerce sector, are bracing for this challenge. The report reveals a clear warning: while AI-driven cyberattacks targeting retail during holiday sales are increasing, AI is also driving unprecedented productivity gains for retail security teams, exposing new vulnerabilities that legacy defenses can’t handle.

Our research found that 54% of retail security teams believe file-based attacks are a moderate or critical threat to their organization, with 53% concerned about weaponized files uploaded to local or cloud storage environments. This underscores the importance of preemptive AI security strategies for online retailers across retail enterprises.

Here’s what else our Voice of SecOps data found when spotlighting the retail and eCommerce sector:

AI Is Powering Retail Ahead of Holiday Shopping

Retail cybersecurity teams are amongst the most aggressive adopters of AI, with 95% of retail respondents having deployed Retail cybersecurity capabilities. In turn, they reported saving an average of 13 hours per week, outpacing the overall cross-industry average of over 11.5.

The sentiment is overwhelmingly positive: 78% of respondents say generative AI makes SecOps work easier, while just 8% say it makes their jobs harder. AI is emerging as a force multiplier for retail, especially during the peak sales season when speed and scale are critical.

The Retail Industry’s Cybersecurity Strategy Is Falling Behind AI Governance

Retailers aren’t ignoring AI risks — they’re embracing AI governance, especially with the holiday shopping season approaching. Nearly three-quarters (72%) of security teams have a dedicated group actively monitoring AI outputs, while the rest report at least some level of oversight. Executive pressure is mounting as well, with 53% noting increased board-level demand for stronger preventive measures compared to last year, as organizations prepare for the surge of Black Friday, Cyber Monday, and holiday sales activity.

But here’s the disconnect: while 51% of retail security teams have implemented AI-specific defenses (from governance frameworks to AI-driven detection), one in four (24%) admit their organization’s AI security strategy has not changed to replace outdated, ineffective security tools over the past year.

In other words, AI governance is happening, but cybersecurity tools haven’t caught up. Retailers risk bolting AI controls onto outdated tools and playbooks instead of rethinking preventative defenses from the ground up.

EDR Alone Won’t Protect Retailers This Holiday Season

Three out of four (74%) retail respondents say their organization is focusing more on SecOps insights this year compared to 2024. But EDR is reactive by nature, only catching attacks after they’ve already caused damage. In the high-stakes holiday shopping season, that delay can mean lost sales, irreparable customer trust, and lasting brand damage.

For retail CISOs, the message is clear: as adversaries increasingly weaponize AI, waiting to respond is no longer viable. The industry needs to move beyond chasing breaches, and instead, shift toward preemptive data security, a category Gartner recently defined as stopping threats in real time, minimizing exposure, and giving defenders the upper hand. Powered by advanced AI, most predominantly deep learning, preemptive data security solutions are able to detect and block both known and unknown threats in milliseconds, before they can do damage.

This holiday season, AI-driven preemptive security isn’t a nice-to-have — it’s the difference between a successful peak sales period and a costly breach.

For more information, please download the full 2025 Voice of SecOps Report by visiting https://www.deepinstinct.com/voice-of-secops-reports.

To learn more about protecting yourself from AI-driven threats, request a free scan to see Holiday retail security in action across your environment.

Survey Methodology

Sapio Research surveyed 500 senior cybersecurity experts, including 76 from retail and eCommerce companies, with 1000+ employees in the U.S. The interviews were conducted online in April 2025 using an email invitation and an online survey. For this specific report, the C-suite is defined as those who hold chief, global, head of department, or director roles, while reports are those who hold a manager, administrator, analyst, team lead, or officer role.

Explore AI TechPark for the latest advancements in AI, IOT, ai tech news, ai tech Articles, and insightful updates from industry experts!