.svg)
.svg)
🔎 Major Findings Across Sectors
- Standout performances from Domino’s Pizza, KFC and Iceland who each scored a perfect 100%.
- However, the supermarkets with much larger basket sizes and vulnerability to account take over attacks performed poorly in general.
- In general the sector was let down by some sub-par services that dragged the overall sector down. There was a pretty stark drop off between the top performing sites and the rest, with some high profile brands suffering from sub-par performance.
⚠️ Threats & Weaknesses
- The weaker performances mostly showed exposure to account take-over attacks. Consumer needs for access and speed means that MFA would result in a sharp drop-off, but the high basket size and sheer number of consumer accounts makes fraud and vulnerability to account take-over a serious issue for the large supermarkets with a large installed base of customers.
- Particular vulnerabilities were discovered in bonus and incentive schemes which don’t have rigorous security measures in place. Account take over could lead to the theft of bonus points, sometimes accumulated over several years by consumers.
- On the worst performing domains, automated bots were able to scan, map, and interact with authentication services without encountering rate limits, anomaly detection, or session validation controls. Infiltration rates reached up to 95% on some domains, confirming a near-total absence of active defensive interception.
- In many sites no behavioural response to bot-generated input or repeated access attempts was detected. Although all sites had Web Application Firewalls (WAFs) deployed, our simulations were able to complete reconnaissance and interaction phases without challenge - highlighting the limitations of legacy, perimeter-centric defence strategies
🔓 Unlocking Results
VerifiedThreat assessments highlight which organisations:
- ✅ Have robust, resilient defences
- ⚠️ Are at risk of automation and bot-based exploitation
- 🚨 Face critical vulnerabilities if left unchecked
💡 Why This Matters
Understanding sector dynamics allows businesses to:
- Benchmark against industry peers
- Prioritise investment in external defence
- Strengthen customer trust by closing exposure gaps
