KnowBe4 Warns Black Friday Amplifies Cyber Risk for Retailers

Phishing attempts, scams and fraudulent payments put the retail workforce under increased pressure

TAMPA BAY, Fla., Nov. 20, 2025 /PRNewswire/ -- KnowBe4, the world-renowned platform that comprehensively addresses human and agentic AI risk management, is warning retailers that the upcoming peak shopping days, like Black Friday and Cyber Monday, pose an increased risk of a cyber incident. These incidents can lead to business interruption and brand damage.

During these periods, the increased digital traffic, higher email volume and IT team overload creates a 'perfect storm' of risk. The scenario is further aggravated by factors typical of the retail sector, such as the use of untrained temporary employees and the complexity of multichannel environments that combine physical stores, e-commerce, apps and payment systems.

According to the KnowBe4 Global Retail Report 2025, the retail industry is among the five most targeted sectors in the world. The average cost of a data breach in this segment reached US$3.48 million in 2024 (IBM Cost of a Data Breach Report), an 18% increase over the previous year.

How the most common scams work

During the busy holiday season, cybercriminals use realistic fraudulent messages, such as fake tech alerts, password resets or delivery notifications, to compromise organizations and steal consumer data. These professional-looking emails often contain malicious links or attachments that install ransomware or spyware to steal credentials. Scams exploit urgency, reward and familiarity (e.g., emails from colleagues), making employees the primary entry point for cyberattacks due to heavy workloads and less scrutiny.

Reducing risk through culture, behavior and continuous training

Combating this type of fraud requires a cultural shift for retailers. Continuous awareness programs and phishing simulations can reduce the likelihood of employees interacting with malicious messages by up to 88% within 12 months. Employees should also be trained to identify and resist adversarial inputs designed to hijack enterprise AI agents.

"Black Friday creates the perfect storm for cybercriminals," says Javvad Malik, lead CISO advisor at KnowBe4. "With retail teams under pressure, attackers know this is when organizations are at their most vulnerable and we see an increase in attacks. Retailers should be preparing their workforce, just as much as their technology. When employees are rushed, they are far more likely to click on a malicious link or approve something that does not look right. Clear guidance and strong processes are essential to keeping both customer and company data safe in the weeks ahead."

Beyond training, enforce security policies, review communication and implement MFA. Real-time coaching and automated phishing alerts can aid immediate fraud response. Protect business continuity and brand value by staying cybersafe.

About KnowBe4
KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven 'best-of-suite' platform for Human Risk Management, creating an adaptive defense layer that fortifies user behavior against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilizes personalized and relevant cybersecurity protection content, tools and techniques to mobilize workforces to transform from the largest attack surface to an organization's biggest asset. More at https://knowbe4.com. 

Follow KnowBe4 on LinkedIn and X.

Media Contact
Amanda Tarantino
Head of Public Relations, Americas
KnowBe4
[email protected]

SOURCE KnowBe4 Inc.