Warning comes ahead of upcoming Black Friday and Cyber Monday.
The retail sector is the prime target for web application cyber attack operations, with nearly half of them being targeted at retail applications.
A report has been issued as online retailers prepare for Black Friday on 28 November 2014 and Cyber Monday on 01 December, the busiest days of the online shopping year in the US and the UK.
40% of all SQL injection attacks and 64% of all malicious HTTP traffic attacks have been targeting websites of retailers, the report said.
Imperva chief technology officer Amichai Shulman said: "Our study shows that retail sites are a big target for hackers.
"This is largely due to the data that retail websites store – customer names, addresses, credit card details – which cyber criminals can use and sell in the cyber crime underworld.
"Over the past year we have seen a number of retailers suffer data breaches and I expect this will continue," he said.
Earlier reports revealed that retail websites were hit with twice as many SQL injection attacks than other industry sectors.
In addition, websites integrating consumer information, which seek some login credentials, are hit with 59% of the attacks.
"Retailers must take the threat of cyber attack very seriously. Over the last year we have seen some very well known, and seemingly secure, retail websites hit by devastating cyber attacks and these should act as a warning to others in the industry.
"Cybercriminals look at retailers as a very profitable target and they are attacking these websites relentlessly looking for a way in. Information that a hacker is able to extract from the site will very likely make its way onto sites that sell breached data.
"It is a big business. Retailers should be locking down their data centres and databases, ensuring all data is encrypted and that there are strong barriers in place to help keep out intruders."