AI-driven shopping and privacy risks: What retail and e-commerce should prepare for in 2026

Cybersecurity risks in the retail and e-commerce sector continued to intensify through 2025, as attackers increasingly targeted online shopping platforms, payment systems and delivery services. According to the 2025 Security Bulletin released by Kaspersky, the combination of high transaction volumes, predictable shopping seasons and expanding digital touchpoints has made retail one of the most consistently targeted industries.

The bulletin analyses real-world incidents affecting consumers and businesses, alongside emerging risks in the B2B segment. Its findings suggest that while familiar threats such as phishing and ransomware remain dominant, changes in how consumers discover and purchase products—particularly through AI-driven interfaces—are reshaping the sector’s privacy and security exposure heading into 2026.

A year of elevated threat activity

Kaspersky’s data shows that retail users and organisations faced sustained cyber pressure throughout 2025. More than 14% of users in the retail sector encountered web-based threats, while over 22 ...