Organised crime groups pose a significant threat to the UK retail sector by exploiting system vulnerabilities to gain access to sensitive customer information and disrupt business operations. These groups engage in a variety of illicit activities, including ransomware attacks, data breaches, and payment card fraud, all aimed at financial gain. The rise of Malware-as-a-Service (MaaS) platforms has further exacerbated this threat, enabling even less technically skilled criminals to launch sophisticated attacks with relative ease. Vast amounts of sensitive data can be leveraged for extortion such as customer payment information, personal identifiable information (PII), purchase history, loyalty programme data, employee information, business financial data, supply chain information, and operational data.