# 1
Most targeted sector for initial access attacks in Oceania in 2025, ahead of professional services and healthcare
Cyble Threat Landscape Report, ANZ 2025
The Retail Experience Your Customers Expect Runs on Infrastructure They Never See
Every frictionless checkout, every accurate stock display, every seamless click-and-collect handover — these moments depend entirely on network infrastructure, security controls and cloud systems operating without interruption behind the scenes. When the technology works, customers don’t notice it. When it doesn’t, they notice immediately.
Orro partners with Australian retailers — from single-site independents to some of the country’s largest multi-site networks — to build the connected, secure and operationally resilient digital foundations that modern retail demands.
70 %
Reduction in network outages achieved for Australia Post across 4,000+ sites following Orro’s network transformation
1113
Notifiable data breaches reported to the OAIC in 2024 — the highest annual total since mandatory reporting began, up 25% on 2023
40 %
Reduction in operating costs for some services achieved through Orro’s network transformation for Australia Post
Sector Intelligence Brief
Why Retail Is a Priority Target — and What That Means for Your Business
Retail has always been where the money is. But increasingly, it’s also where the data is — and that combination has made Australian retailers one of the most actively targeted groups in the country’s cyber threat landscape.
In 2025, retail overtook professional services and healthcare to become the single most targeted sector for initial access attacks in Oceania. Cyble tracked 31 confirmed sales of unauthorised access to Australian and New Zealand retail organisations through underground cybercrime forums — more than any other industry, and at a rate that significantly outpaced all other sectors. These are not opportunistic attacks on small targets. One incident involved 250GB of data stolen from a multibillion-dollar Australian business, including a 30GB database of user records sold for $1,500 on a Russian-language cybercrime forum. In August 2024, Early Settler suffered a data breach exposing the personal information of 1.1 million customers. Across all sectors, the OAIC recorded 1,113 notifiable data breaches in 2024 — the highest annual total since mandatory reporting began, up 25% on 2023.
Why retail is targeted: The combination of payment card data, customer PII at scale, loyalty programme records, and distributed network architectures — often with inconsistent security standards across hundreds or thousands of sites — makes retail structurally attractive to attackers. POS systems, payment APIs, e-commerce platforms, staff devices, store IoT and distribution centre operational technology all represent potential entry points. A breach at a single store can be the pivot point for a network-wide compromise.
The operational stakes: Retail operates on margins that leave very little tolerance for downtime. A POS outage during peak trade is a direct revenue loss. A network failure that takes down cloud-based inventory or order management systems creates cascading problems that take hours or days to resolve. For large multi-site retailers, a systematic network failure across dozens of stores simultaneously is an existential event — one that plays out in real time in front of customers.
The experience imperative: The commercial pressure is equally real. Seamless omnichannel experiences have become the baseline expectation — not a differentiator. Nearly half of Australian shoppers now prefer omnichannel experiences. AI-driven personalisation is expected to influence 40% of purchases. Frictionless checkout, real-time inventory visibility, dynamic digital pricing and consistent performance across online and in-store channels all depend on underlying infrastructure that is not just fast, but reliable and secure. Retailers who cannot deliver this experience are not losing competitive ground incrementally — they are actively pushing customers to competitors who can.
The infrastructure reality for large retailers: Australia’s largest retail networks are extraordinarily complex. Thousands of sites spanning metro, regional and remote locations. Multiple cloud platforms. Legacy POS infrastructure running alongside modern digital payment systems. IoT devices across every store. Distribution centres with operational technology managing refrigeration, conveyor systems and building management. And IT teams that are stretched across all of it. The challenge is not just connecting and securing each site — it’s doing so at scale, consistently, and without the downtime that puts revenue and reputation at risk.
The Compliance Landscape for Australian Retailers
PCI Security Standards Council
Governing body
PCI Security Standards Council
The details
Any Australian retailer that stores, processes or transmits payment card data must comply with PCI DSS. The current standard — v4.0.1 — is the sole active version from January 2025, following the retirement of v3.2.1 in March 2024. A further 51 future-dated requirements became fully mandatory from 31 March 2025, including expanded web-facing application security controls, stronger multi-factor authentication requirements, and targeted risk analysis obligations. Compliance validation depends on transaction volume: Level 1 merchants (over 6 million transactions annually) require a full Report on Compliance from a Qualified Security Assessor; smaller merchants may self-assess. Non-compliance risks include card scheme fines, increased transaction fees and potential loss of the ability to accept card payments.
Governing body
Office of the Australian Information Commissioner (OAIC)
The Details
Australian retailers with annual turnover above $3 million are subject to the Privacy Act 1988 (Cth) and the NDB scheme. Any eligible data breach — likely to result in serious harm to affected individuals — must be notified to the OAIC and affected individuals as soon as practicable. With retail holding customer PII, payment data, loyalty records and in some cases health information, the NDB scheme creates material compliance obligations for any retailer of scale.
Governing body
ASD / Department of Home Affairs
The details
Mandatory ransomware and extortion payment reporting obligations apply to organisations with annual turnover above $3 million. For mid-tier and large retailers, any ransomware incident or extortion demand must now be reported to the Australian Government — regardless of whether a payment is made. This creates new obligations around incident detection, documentation and reporting timelines, and reinforces the importance of having a mature incident response capability before an event occurs.
Governing body
ACCC / OAIC
The details
The Privacy Act and associated Australian Privacy Principles (APPs) impose obligations on how retailers collect, store and use customer data — including data gathered through loyalty programmes, digital marketing platforms and in-store analytics. Retailers deploying AI-driven personalisation, in-store computer vision or customer analytics must ensure these practices are disclosed and compliant. Privacy Act reform is also progressing in Australia, with proposed changes likely to strengthen individual rights and increase penalties for misuse.
The details
While not legislated for retail, the Essential Eight is increasingly referenced by insurers, payment processors and enterprise procurement frameworks as a minimum baseline. For multi-site retailers seeking cyber insurance coverage, demonstrating Essential Eight maturity — particularly around application control, patching and multi-factor authentication — is becoming a practical prerequisite.
"Retail technology has become extraordinarily complex — and most of that complexity is invisible to the customer, which is exactly how it should be. But invisible doesn't mean simple. When we look at a large Australian retailer's environment, we're typically seeing thousands of connected endpoints, multiple cloud platforms, legacy POS systems sitting alongside modern payment infrastructure, IoT sprawl across every store, and distribution centres with operational technology that was never designed to share a network with the broader business.
The networks built to connect all of this were not designed for the threat environment that now exists, or for the performance demands that omnichannel retail now places on them. They were built for a simpler era and extended over time.
What concerns us most is that the threat landscape is moving faster than most retail security postures. Attackers aren’t waiting for your next assessment cycle — they’re probing continuously. The retailers who are getting this right have stopped treating security as a periodic compliance exercise and started treating it as a continuous operational discipline. That’s exactly what Continuous Threat Exposure Management is about: knowing your exposure in real time, validating your controls continuously, and acting on what you find before an attacker does. For large national retailers, that means deploying this capability at scale. For mid-tier retailers, it means leveraging managed services to get enterprise-grade capability without the internal headcount to run it.”
Stu Long
Chief Technology Officer – Orro
Built for Retail — From Single Sites to National Networks
Orro has designed, deployed and managed retail technology infrastructure across some of Australia’s most complex and demanding environments. Our capability spans network, security, cloud and managed services — and we deliver it at the scale that national retail requires.
Retail networks carry more traffic, support more device types and serve more business-critical applications than they did five years ago. Cloud-based POS, real-time inventory management, digital signage, staff devices, customer Wi-Fi and IoT systems all compete for bandwidth and require consistent performance across every site.
Traditional hub-and-spoke network security architectures struggle in this environment. When every store is connecting directly to cloud-hosted applications — POS, loyalty platforms, e-commerce backends — routing traffic back through a central data centre adds latency and complexity that directly affects store performance and customer experience.
Orro delivers SD-WAN for centralised multi-site management and intelligent traffic routing, and Secure Access Service Edge (SASE) for retailers who need cloud-delivered security and networking converged into a single architecture. SASE combines SD-WAN capability with cloud-native security services — including firewall-as-a-service, zero trust network access, and secure web gateway — so that security travels with the user and the application, not just the perimeter. For retailers with distributed workforces, remote store managers and cloud-first application environments, SASE is increasingly the right architectural foundation.
Our One Touch Control platform provides unified visibility across every site, so your operations team can identify and resolve issues before they affect store performance or customer experience.
We designed, deployed and manage Australia’s largest retail network — 4,000+ sites for Australia Post, spanning metro, regional and remote locations across the country, achieving a 70% reduction in outages and 4x faster connections than the legacy network.
Outcome: Consistent, high-performance, secure connectivity across every store — from flagship city locations to remote regional sites — with the architecture to support cloud-first retail operations at scale.
Retail’s distributed architecture is both its operational strength and its security challenge. Every site is a potential entry point. Every POS terminal, payment API, staff device and IoT sensor is a surface that can be exploited if not properly secured and monitored.
Orro’s cybersecurity services for retail include 24/7 SOC monitoring and threat detection from our Australian-operated National Cyber Defence Centre, POS and payment system protection, network segmentation to isolate POS, IoT and staff traffic, identity and access management, endpoint protection, and incident response readiness. We support retailers in achieving and evidencing PCI DSS v4.0.1 compliance, meeting NDB obligations, and building the security governance frameworks that insurers and enterprise procurement increasingly require.
Beyond monitoring and response, Orro’s Continuous Threat Exposure Management (CTEM) service addresses the fundamental challenge of retail security: in an environment that never stops changing — new stores opening, new devices connecting, new applications deploying, new vulnerabilities emerging — a point-in-time security assessment is structurally inadequate. CTEM makes exposure management a continuous discipline: continuously discovering and mapping your attack surface across all retail sites, validating that your controls are working as intended, prioritising remediation by actual business risk rather than raw vulnerability count, and providing leadership with a real-time view of exposure rather than a quarterly snapshot.
For retailers who are the most targeted sector in Oceania for initial access attacks, knowing your exposure continuously — not periodically — is the difference between getting ahead of an attack and cleaning up after one.
Outcome: A defensible, continuously managed security posture across your entire retail network — protecting payment data, customer PII and business systems, supporting PCI DSS and NDB compliance, and giving leadership genuine real-time visibility into cyber risk.
The applications that run modern retail — POS, ERP, inventory management, order management, customer engagement platforms, loyalty systems and e-commerce — increasingly run in or connect to the cloud. Their performance depends on the quality of the underlying network and cloud architecture as much as the applications themselves.
Orro manages cloud migrations and optimisation, application performance management for retail workloads, SaaS integration and API security, and disaster recovery design. We ensure the platforms your business depends on perform consistently — whether your customers are transacting in-store, online or across both simultaneously.
Outcome: Faster transactions, improved application availability, and the cloud infrastructure to support omnichannel retail operations at scale.
Modern retail environments are dense with connected technology — digital signage, electronic shelf labels, inventory sensors, self-checkout systems, queue management, smart CCTV and building management systems. Each represents both an operational capability and a security consideration.
For large-format retailers and those with significant distribution and logistics operations, the technology estate extends into operational technology: refrigeration and cold chain management, conveyor and sortation systems, automated warehouse equipment and building management systems. These OT environments sit at the IT/OT boundary and are increasingly networked — often without the security controls or visibility that IT environments take for granted. A compromise of a refrigeration management system in a grocery distribution centre, or a building access control system across a retail network, is not just a security incident — it is an operational and potentially regulatory event.
Orro provides secure network foundations, segmentation architecture and monitoring capability across both IoT and OT environments. We isolate connected store devices from POS and staff networks, provide visibility through One Touch Control, support OT asset discovery and monitoring in distribution and large-format retail environments, and bring the same cross-stack expertise to the store floor and the distribution centre that we apply to the corporate network.
Outcome: Confident deployment and secure operation of connected store and distribution technology — with security and visibility extending across IT, IoT and OT environments.
Multi-site retail IT operations are a significant undertaking. Network issues, application performance problems, security incidents and hardware failures all require rapid response — and managing them consistently across hundreds or thousands of sites exceeds the internal capacity of most retail IT teams.
Orro’s managed services provide the operational depth, tooling and expertise to manage your retail technology environment proactively. One Touch Control delivers unified monitoring across networks, cloud and security. Our operations capability detects and resolves issues before they become store-level problems, standardises deployments across sites, and gives your leadership team the reporting and visibility needed for informed decisions.
For Australia Post, 80% of network tickets are now proactively managed — meaning issues are identified and resolved before they affect store operations — with a 43% decrease in critical incidents and 44,000 business impact hours avoided.
Outcome: Improved store reliability, reduced operational burden on internal IT teams, and the confidence that comes from an Australian-owned partner with Australian-based support escalation and 24/7 global operations capability.
Trusted by Australia's Leading Retailers
Orro partners with retailers across the full spectrum of Australian retail — from specialty chains to the country’s largest national networks.
Australia Post — Transforming Australia’s Largest Retail Network
Australia Post supports more than 12 million Australian households across 4,000+ sites nationwide — including metro, regional and remote communities where Australia Post serves as an essential services hub. Orro designed, deployed and manages Australia Post’s national network, completing one of the largest network overhauls in the organisation’s history.
Delivered over a two-year programme at a velocity of 200+ sites per month, the transformation moved Australia Post from an ageing legacy network to a high-performance SD-WAN architecture on business nbn connectivity, with One Touch Control providing unified visibility across the entire network.
Results
- 70% reduction in network outages across all sites
- 4x faster connections than the legacy network
- Internet bandwidth doubled at every site
- Operating costs reduced by up to 40% for some services
- 80% of network tickets now proactively managed
- 43% decrease in critical incidents
- 44,000 business impact hours avoided
- 84% security compliance achieved
- For the first time in Australia Post’s history, every staff member on a single, unified communications platform
“We now have increased network resilience and uptime, and we are equipped with a robust communications backbone that will allow us to deliver the next generation of digital services.”
“We had confidence in Orro’s capabilities to roll out such a robust network transformation, we all worked very closely together and it felt like one team.”
Common Questions from Retail Technology Leaders
Based on current threat intelligence, Australian retailers face four primary attack vectors: initial access sales — where attackers purchase existing footholds in retail networks through cybercrime markets (retail was the single most targeted sector in Oceania for this type of attack in 2025); POS and payment system compromise, typically through malware deployed after initial credential theft; ransomware, which is particularly disruptive in distributed environments where store operations depend on network connectivity; and data exfiltration targeting customer PII and loyalty records. The distributed nature of retail networks — many sites, many device types, inconsistent security standards — is what makes the sector structurally vulnerable.
Based on current threat intelligence, Australian retailers face four primary attack vectors: initial access sales — where attackers purchase existing footholds in retail networks through cybercrime markets (retail was the single most targeted sector in Oceania for this type of attack in 2025); POS and payment system compromise, typically through malware deployed after initial credential theft; ransomware, which is particularly disruptive in distributed environments where store operations depend on network connectivity; and data exfiltration targeting customer PII and loyalty records. The distributed nature of retail networks — many sites, many device types, inconsistent security standards — is what makes the sector structurally vulnerable.
CTEM is a security discipline that moves beyond point-in-time vulnerability assessments to continuously discover, validate and prioritise your organisation’s cyber exposure. For retailers, this matters because the threat environment changes continuously — new devices connect, new applications deploy, new vulnerabilities emerge — and a quarterly or annual security assessment cannot keep pace. CTEM provides ongoing visibility into your attack surface across all sites, validates that security controls are working as intended, and prioritises remediation based on actual business risk. For a sector that is the most targeted in Oceania for initial access attacks, knowing your exposure in real time is no longer optional.
PCI DSS v4.0.1 is the current and only active version of the Payment Card Industry Data Security Standard from January 2025. Any retailer that stores, processes or transmits payment card data must comply. The 51 future-dated requirements within v4.0.1 became fully mandatory in March 2025, including expanded web-facing application security, stronger multi-factor authentication and targeted risk analysis. Compliance validation depends on transaction volume: Level 1 merchants (over 6 million transactions annually) require a full Report on Compliance from a Qualified Security Assessor; smaller merchants may qualify for a Self-Assessment Questionnaire. Non-compliance risks include card scheme fines, increased transaction fees and potential loss of the ability to accept card payments.
SASE — Secure Access Service Edge — is a network architecture that converges wide-area networking (typically SD-WAN) with cloud-delivered security services including firewall-as-a-service, zero trust network access and secure web gateway. For retail, SASE is particularly relevant because traditional hub-and-spoke security architectures were not designed for environments where every store connects directly to cloud-hosted applications. SASE brings security closer to the user, the device and the application — rather than routing all traffic back through a central data centre — which improves both performance and security posture. It is especially well-suited to retailers with distributed workforces, cloud-first application environments, or legacy WAN architectures that are no longer fit for purpose.
Consistent multi-site performance requires SD-WAN for centralised policy management and intelligent traffic routing, appropriate last-mile connectivity for each site type, network segmentation to prioritise business-critical traffic, and unified monitoring across every site. For remote and regional locations — where fixed-line options may be limited — Orro’s carrier management capability and experience with diverse connectivity types, including 4G wireless backup, ensures continuity even in challenging locations. Orro has delivered this at the largest scale in Australian retail, managing 4,000+ Australia Post sites spanning every state and territory including remote communities.
Securing distributed POS environments requires network segmentation to isolate payment card data environments from other store traffic, endpoint protection on POS terminals, strict access controls and identity management, regular vulnerability assessment and patching, and 24/7 monitoring. PCI DSS v4.0.1 provides the compliance framework — but it is a floor, not a ceiling. The retailers with the strongest POS security posture treat PCI as a minimum requirement and build monitoring and response capability that goes beyond checkbox compliance, including continuous threat exposure management across the full store network.
Operational technology in retail — refrigeration and cold chain systems, conveyor and sortation equipment, building management systems, automated warehouse technology — increasingly shares network infrastructure with IT systems, creating security risks that traditional IT security controls were not designed to address. Effective OT security in retail requires dedicated network segmentation between OT and IT environments, asset discovery to understand what is connected and how it behaves, OT-specific monitoring that can detect anomalous behaviour in industrial systems, and an incident response capability that understands OT environments. Orro’s OT security expertise, developed across critical infrastructure and industrial environments, extends to retail distribution and large-format store environments where the IT/OT boundary is increasingly relevant.
The Cyber Security Act 2024 means that ransomware incidents now trigger mandatory government reporting obligations for any retailer with turnover above $3 million — in addition to NDB scheme obligations to the OAIC. Boards should understand: the organisation’s PCI DSS compliance status; the current state of network segmentation between payment environments and the broader store network; whether the organisation has a tested incident response plan; and what the financial and reputational exposure looks like in a worst-case breach scenario. For retailers holding significant customer data assets, cyber risk is a material business risk warranting board-level visibility equivalent to financial and operational risk.
Our difference
Why Australia's Leading Retailers Choose Orro
Proven at national scale
we designed, deployed and manage Australia’s largest retail network, 4,000+ sites for Australia Post. We understand what consistent delivery at scale actually requires.
CTEM capability
continuous threat exposure management that keeps pace with your changing environment, rather than periodic assessments that leave gaps between reviews.
SASE and SD-WAN expertise
modern network architectures designed for cloud-first, multi-site retail environments, not legacy hub-and-spoke models.
OT security capability
cross-stack expertise that extends from corporate networks to distribution centre and store-floor operational technology.
Australian-owned with an Australian SOC
your security incidents are handled by our National Cyber Defence Centre, operated from Australia.
PCI DSS expertise
supporting retailers in achieving and maintaining PCI DSS v4.0.1 compliance across complex, distributed payment environments.
Vendor-agnostic
the technology that is right for your environment, not the vendor that is right for our margins.
One Touch Control
unified visibility across your entire store network, giving your operations team real-time awareness and your leadership meaningful reporting.
Ready to Build a More Connected and Secure Retail Environment?
Whether you are managing a complex multi-site network, preparing for a PCI DSS assessment, rolling out new store technology, or looking to get ahead of your cyber exposure rather than respond to it — Orro’s retail specialists can help you understand your options and build a practical path forward.
