.svg)
.svg)
๐ Major Findings Across Sectors
- ๐ Top Performer โ Etsy.com โ 100% (Excellent) โก๏ธ Best-in-class external threat protection.ย
โ
- striking gaps in external cyber defence maturity for the rest of the sector. ๐ก Key Takeaway: Even among household retail giants, cybersecurity posture varies dramatically.ย
โ
- While a few players like Etsy lead the way, many trusted UK retail brands show significant vulnerabilities. ๐ Consumers expect safe platforms. Retailers must proactively monitor, validate, and remediate threats to keep trust intact.
โ
โ ๏ธ Threats & Weaknesses
- The weaker performances mostly showed exposure to account take-over attacks.
โ
- Particular vulnerabilities were discovered in bonus and incentive schemes which donโt have rigorous security measures in place. Account take over could lead to the theft of bonus points, sometimes accumulated over several years by consumers.
โ
- On the worst performing domains, automated bots were able to scan, map, and interact with authentication services without encountering rate limits, anomaly detection, or session validation controls. Infiltration rates reached up to 95% on some domains, confirming a near-total absence of active defensive interception.
โ
- In many sites no behavioural response to bot-generated input or repeated access attempts was detected. Although all sites had Web Application Firewalls (WAFs) deployed, our simulations were able to complete reconnaissance and interaction phases without challenge - highlighting the limitations of legacy, perimeter-centric defence strategies
๐ Unlocking Results
VerifiedThreat assessments highlight which organisations:
- โ
Have robust, resilient defences
- โ ๏ธ Are at risk of automation and bot-based exploitation
- ๐จ Face critical vulnerabilities if left unchecked
๐ก Why This Matters
Understanding sector dynamics allows businesses to:
- Benchmark against industry peers
- Prioritise investment in external defence
- Strengthen customer trust by closing exposure gaps
