How Retailers Can Stay Cyber-Safe Amid Tariff Uncertainty and Holiday Chaos

During the 2025 holiday season, small and medium-sized businesses (SMBs) are facing a perfect storm of challenges: shifting global trade policies, the end of the de minimis tariff exemption, and a surge in cybercrime targeting vulnerable supply chains. For SMBs, the stakes are high, not just in terms of lost revenue, but in reputational damage and operational disruption.

Tariff Confusion Creates New Cyber Vulnerabilities

The recent elimination of the de minimis exemption, which previously allowed imports under $800 to enter the U.S. duty-free, has upended supply chains for thousands of small retailers. According to Forbes, many SMBs are now grappling with surprise customs fees, delayed shipments, and the need to quickly replace foreign vendors. This confusion has created fertile ground for cybercriminals.

Fraudulent invoices, fake customs notices, and phishing emails disguised as tariff-related updates are already circulating. Cybercriminals know that retailers are overwhelmed and distracted, making them more likely to click on malicious links or share sensitive information.

Holiday Season: High Volume, High Risk

The holiday season is historically the most dangerous time for retail cyberattacks as transaction volumes spike and employees are juggling year-end responsibilities. A report last year from Retail and Hospitality ISAC found that social engineering, ransomware, and imposter websites surged in sophistication during the 2024 holiday season, with companies reporting a sharp increase in product-focused phishing attempts and phone-based scams.

Some of the most common vulnerabilities that cybercriminals exploit at retailers include:

• Fake shipping notifications that mimic legitimate carriers.
• Bogus vendor invoices demanding urgent payment.
• “CEO fraud” emails requesting wire transfers.
• Holiday charity scams targeting business donation budgets.

Cybercriminals thrive on distraction, and the holiday season offers plenty of it. Recognizing these seasonal risks and staying vigilant against scams, impersonation attempts, and fraudulent communications is essential. SMBs that actively monitor for weak points and educate their teams are far better positioned to prevent breaches.

Supply Chain Attacks Are on the Rise

Retailers rely on a complex web of third-party vendors, from logistics providers to payment processors. According to Verizon’s 2025 Data Breach Investigations Report, retail was one of the industries most impacted by breaches involving third-party actors, who often serve as custodians of customer data and underpin critical operations. The report emphasized that third-party involvement was an ever-present factor in incidents across the retail sector.

The rise of artificial intelligence-driven cybercrime adds another layer of complexity. Threat actors are using machine learning to identify weak links in supply chains and launch attacks at scale. In one 2025 case, attackers used AI to inject malware into a routine software update, disrupting operations for months.

What SMBs Can Do Right Now

Taking proactive steps now can help businesses reduce their exposure, protect customer data, and maintain smooth operations during the chaotic holiday season. From verifying communications to strengthening vendor oversight, these actions can make a meaningful difference in navigating both seasonal and systemic risks.

1. Verify all communications. Scrutinize emails related to tariffs, customs and shipping. Confirm sender identities before clicking links or making payments.
2. Train staff on holiday-specific threats. Educate employees about seasonal scams, including fake invoices and urgent wire transfer requests.
3. Strengthen vendor oversight. Review cybersecurity practices of key suppliers. Ensure they follow basic protocols like multifactor authentication and regular patching.
4. Implement real-time monitoring. Use tools that detect unusual activity across networks and systems. Early detection is critical during high-risk periods.
5. Back up critical data. Ensure backups are stored securely and tested regularly. In the event of a ransomware attack, backups can be the difference between recovery and ruin.
6. Consider cyber insurance. With the average cost of a data breach for SMBs now exceeding $3 million, cyber insurance can provide financial protection and access to expert response teams.

Tariff disruptions and holiday chaos are more than logistical headaches. They provide cyber attackers with fertile ground to exploit busy business leaders. For retailers, staying ahead of cybercriminals means being proactive, informed and resilient. By tightening defenses and preparing for the unexpected, businesses can protect their operations and customers during the most critical time of the year.

John Hennessy is the regional vice president of underwriting for the U.S. Central region at Cowbell, a leading insurance and digital risk partner for small and medium-sized enterprises (SMEs).