Black Friday and Cyber Monday are among the one of the most demanding times of the year for retailers, as high sales volumes and nonstop activity push systems to their limits. As teams work to manage inventory, meet shipping deadlines and deliver a smooth customer experience, they’re also navigating a rise in vulnerabilities stemming from both their operations and consumer data.
From phishing emails and fake deals to system overloads and third-party risks, the Black Friday and Cyber Monday season tests every part of a retailer’s infrastructure. Success in this age of technology now depends on balancing performance, resilience and security across every touchpoint while keeping transactions seamless, data protected and customers confident.
Industry leaders have shared their insights on how retailers can navigate the busiest and most complex shopping season of the year.
Unni Kurup, Director of Client Consulting & Strategy at Theorem
“For the ecommerce sector, the holiday shopping season is a make-or-break moment. This year, brands are navigating more complexity than ever with tariffs and shifting supply chains adding pressure at the same time as customer expectations continue to grow. In this environment, traditional siloed approaches within organizations just won’t cut it.
Brands need to embrace cross-functional collaboration with marketing, sales, operations and supply chain working together to plan and adapt as the season goes on. This means that advertising campaigns can be planned alongside inventory, pricing strategies, and fulfillment, so that disruption can be managed and communicated in real time to the customer.
Automation and AI are also playing a key role as organizations step up their holiday season prep. Brands are able to use these innovations to stress-test fulfillment systems and predict demand as well as to optimize marketing spend, ensuring campaigns are targeted effectively while tracking ROI. With consumer attention increasingly fragmented, focusing on engagement is just as important as logistics and data. Leading retailers are investing in video-led commerce experiences, using shoppable videos and live streams to bridge marketing and conversion in real time. These interactive formats provide instant insights into customer behavior and allow brands to pivot messaging and inventory dynamically, helping align operations with consumer demand as it unfolds.
Ultimately, it’s the brands that invest in planning, collaboration, and advanced technologies that will be best positioned to thrive during the holiday shopping season. Operations must be at the top of their game in order to maximize both sales and customer satisfaction during the busiest time of year for retailers.”
Bruce Kornfeld, Chief Product Officer at StorMagic
“Black Friday and the lead up to Christmas is the busiest shopping period of the year, yet for brick-and-mortar establishments, the rise in online shopping continues to prove problematic. Research from 2024 shows that online transactions around Black Friday saw cart sizes four times larger than in-person purchases, indicating that physical retailers need to up their game.
Maintaining uptime and performance stability of IT systems at the edge are critical elements to this, as downtime during peak trading hours can have a devastating financial impact. To avoid this, retailers are increasingly implementing hyperconverged infrastructure (HCI) which combines storage, computing and networking into a single system on-site. HCI simplifies management and offers built-in benefits that are ideal for handling high-demand events. By keeping applications and data local, retailers can avoid the “Black Friday cloud risk” of internet or cloud outages, ensuring stores remain fully operational with high availability infrastructure even if connectivity is disrupted.
Additionally, these systems are often built with robust security in mind, offering integrated encryption, authentication, and compliance features for protection against holiday-season cyber threats. For retailers, this combination of uptime, flexibility, and resilience means smoother operations, happier customers, and no lost sales when it matters most.”
Joel Martins, CTO at Calabrio
“The holiday season is the most critical period for retailers, offering unmatched opportunities to strengthen customer relationships and long-term loyalty. In 2024, Black Friday alone generated a record $74.4 billion in online sales, up 5% from the prior year. Every interaction counts, and customer expectations for speed, personalization and resolution have never been higher.
Contact centers play a vital role in ensuring a seamless customer experience across all channels. Yet during peak periods, even the best teams can struggle to maintain consistency and speed. To tackle this, leaders must equip agents with the right tools and training to handle the holiday rush effectively.
AI is key to bridging that gap. Intelligent automation can manage routine requests at scale, allowing agents to focus on complex, emotionally driven conversations that build loyalty when it matters most. Predictive analytics add another layer of resilience, helping leaders forecast demand, optimize staffing and flag potential systems or experience bottlenecks before they impact customers.
Peak-season success depends on collaboration across technology, operations and customer experience. When data moves freely between these functions, teams gain a unified view of customer sentiment, agent performance and infrastructure health in real time, turning information into action.
Black Friday success isn’t about surviving the traffic spike — it’s about transforming it into a showcase of scalability, intelligence, and customer empathy. CIOs who prepare now with the right data-driven, AI-empowered strategies will not only weather the surge but turn it into a competitive advantage that enhances customer satisfaction and fosters long-term loyalty, turning seasonal shoppers into dedicated patrons throughout the holiday season and beyond.”
Patrick Meehan, Senior Sales & Solutions Engineer, HackerOne
“Cybercriminals have shown a clear pattern of timing attacks to coincide with major retail events, preying on opportunities when organisations are under peak operational pressure and response teams are stretched thin. It’s a deliberate strategy designed to maximise disruption and financial impact. Over the Easter weekend, Scattered Spider claimed responsibility for a sleuth of attacks, catching Marks & Spencer, Harrods, and Co-op in its web. Attacks like these aren’t opportunistic, they’re orchestrated, with Black Friday / the Christmas period offering another prime opportunity to strike.
While retailers’ focus this golden quarter will be on driving sales, they shouldn’t be tempted to pause security testing. Any lapse in vigilance could leave them vulnerable. Research has found that vulnerability reports in the retail sector have increased by 42% year-on-year, with the average industry breach costing $3.54M, according to HackerOne’s latest Hacker-Powered Security Report. Constant testing and preemptive remediation is essential to ensure adversaries don’t slip through the cracks.
Ahead of the peak season, retailers need to double down on offensive security practices, real-time system monitoring and rigorous third-party risk management. Businesses should run focused testing campaigns on checkout, inventory, and pricing systems to reduce high-traffic exposure windows, including Black Friday discount codes. Attackers can exploit software vulnerabilities in the code validation process or use these as a tool in social engineering and phishing campaigns. Proper testing will help ensure “BLACKFRIDAY50” doesn’t result in unauthorized system access or data theft.”
Averell Gatton, Director of GenAI, Protegrity
“Black Friday runs on data. Every purchase, every click, every reward point feeds systems built to understand what customers want next.
Thirteen years ago, in 2012, Target made headlines for identifying a teenage girl’s pregnancy before her family knew, simply by analyzing her shopping habits. Sophisticated ML, developed by Target’s Data Science team, and enough data allowed Target to make that assumption. Now, GenAI Agents can set up that workflow and perform that data analysis autonomously, generating conclusions faster than businesses and customers can respond.
That democratization brings new pressure on privacy. Privacy related insight is personal, and once it is used incorrectly, there are broad legal and business implications. The old analytics tools built for static reports can’t keep pace with real-time AI systems that learn and adapt continuously. Retailers need to shift from just collecting data to protecting it, embedding privacy controls and tokenization directly into analytics workflows.
Retailers want to understand customers better, but the boundary between insight and intrusion is blurred by the profound analytical capabilities of Agentic systems.
This coming Black Friday will serve as a checkpoint. Retailers who build secure, governed AI pipelines will get the insights they need without crossing the line. This is the year to prove GenAI analytics and privacy can both coexist.”
Mikala Vidal, Head of Growth, Lineaje
“The retail landscape is currently being defined by an explosion of AI velocity. New tools and services—from Rufus shopping assistants and dynamic pricing engines to autonomous warehouse robots—are taking center stage, placing security teams on high alert due to the rapid, decentralized adoption. Every AI model, open-source component, and third-party integration with partners introduces a potential exposure.
Threat actors are actively capitalizing on this shift and refining their tactics to exploit new vulnerabilities. Rather than attacking the retailer’s internal systems, they are targeting point-of-sale systems, e-commerce platforms, and third party software. We saw a case of such severity this year when the Clop ransomware group successfully exploited a zero-day flaw in Sam’s Club file transfer software. That’s why visibility and verification are crucial. To defend against threats buried deep within the software supply chain, retailers should prioritize sourcing secure components, for software and AI, and maintain up-to-date inventories of dependencies and LLMs. Additionally, they should also be doing thorough risk evaluations of third-party software.
When combined with continuous risk analysis and automated remediation, these practices enable retailers to protect trust and keep commerce running smoothly, even under the intense pressure of the holiday season.”
Join our LinkedIn group Information Security Community!
