AI-driven Shopping and Privacy: What Retail and E-commerce Should Expect in 2026

In 2025, the retail and e-commerce sector remained a prime target for cybercriminals, facing increasing web-based and device-level threats. Kaspersky data shows that 14.41% of users in the retail sector encountered web threats, while 22.20% faced on-device attacks

Ransomware and phishing remain major threats

Ransomware continued to escalate, affecting 8.25% of retail and e-commerce companies. The number of unique B2B users impacted by ransomware detections surged 152% compared to 2023, driven largely by the spread of the Trojan-Ransom.Win32.Dcryptor family, which encrypts disk partitions using the legitimate DiskCryptor utility.

Phishing also intensified, with Kaspersky blocking 6.7 million phishing attempts targeting users of online stores, delivery services, and payment systems between November 2024 and October 2025. Over 50% of these attacks targeted online shoppers, highlighting e-commerce platforms as high-value targets for fraud and data theft

2025 trends that shaped retail cybersecurity

Malicious apps disguised as legitimate services: 2025 showed that even apps downloaded from official stores can steal user data and financial credentials.

Seasonal sales boost attacker activity: Promotional periods remain a reliable opportunity for cybercriminals to exploit lower user vigilance through phishing and spam

What to expect in 2026

AI-powered chatbots will reshape online shopping, becoming a primary tool for product discovery. While improving user experience, conversational interfaces also expand privacy risks, as chat logs can reveal detailed personal preferences and contextual data. This makes chatbot interactions potentially as sensitive as transaction records, increasing the risk of misuse or data exposure

“Search is changing,” said Anna Larkina, Web data and privacy analysis expert at Kaspersky. “Users are shifting from simple keyword queries to conversational and visual searches. As these models rely on broader user input, protecting collected data remains essential for maintaining trust.”

Fraud tied to changing tax and trade rules is also expected to rise. As regulations evolve, cybercriminals may exploit confusion with phishing campaigns or fake online stores offering unrealistically low prices or “fee-free” deals, especially targeting small and mid-sized retailers