Cyber risk remains the top concern for retail and manufacturing sector leaders, as businesses grapple with an increasingly complex and fast-moving digital threat landscape, reveals a new research, also showing a disconnect in how businesses perceive their resilience.
Based on a survey of 3,500 global business leaders, including senior executives across retail and manufacturing (including wholesale and food & beverage), the findings from Breazley show how cyber risk has become a business-wide issue, capable of disrupting operations and driving financial losses across supply chains.
This is being further intensified by the rapid adoption of AI and other advanced technologies.
While cyber risk is firmly established as a leading concern, the data also highlights a disconnect in how businesses perceive their resilience.
Across industries, resilience is increasingly defined not by whether disruption occurs, but by how far it spreads, how long it lasts and how quickly organisations can recover – a definition that contrasts with the high levels of confidence many businesses express in their cyber resilience.
This overconfidence is particularly evident in sectors heavily reliant on supply chains, such as retail and manufacturing, where despite 87% feeling resilient against cyber threats, ransomware attacks result in an average of 11.6 days of business downtime* and a 6-18+ month impact timeline**.
Key pressure points for retail and manufacturing businesses in 2026:
- 32% identify cyber risk as the top risk to their business, in line with global findings showing cyber as the number one concern across sectors
- 23% cite technology disruption, with a further 20% pointing to technology obsolescence, particularly where legacy systems remain in place
- 24% highlight intellectual property risk, reflecting the increasing value and exposure of proprietary information
Preparedness of businesses in the retail and manufacturing sectors:
- 87% say they feel prepared for cyber risk, pointing to a potential gap between perception and reality
- 82% are confident they could recover financially from a cyber attack, despite the growing systemic nature of cyber threats
- 34% plan to increase investment in cyber security and resilience measures
- 23% say data loss, regulatory obligations and fines would have the greatest impact following a cyber incident
AI is also emerging as both an opportunity and a risk multiplier. While it is expected to drive productivity and growth, it also introduces new vulnerabilities, requiring businesses to scale governance and controls in line with technological advancement.
Alessandro Lezzi, Group Head of Cyber Risks at Beazley, comments: “What stands out in this year’s Risk & Resilience survey findings is a growing misalignment between cyber and tech risk concern and perceived perception of resilience to these risks.
"While cyber risk is widely recognised as the number one threat facing businesses globally, 82% of retail and manufacturing executives believe they could fully recover financially from a cyber attack, demonstrating many retail organisations are overestimating their preparedness to withstand the full impact of an attack across all corners of their operations.
“That gap matters because cyber risk is becoming more systemic – the high profile incidences in 2025 only prove this. As businesses become more interconnected and adopt technologies such as AI, disruption can spread faster across organisations and supply chains making incidents harder to contain.
“It’s encouraging to see however that a third of retail and manufacturing businesses plan to invest in stronger cyber security, including access to specialist expertise to help them better understand their exposure, strengthen incident response and plan for realistic disruption scenarios across the organisation.”