The rise of online commerce over the last two decades has completely transformed the retail and consumer goods industries—and with smartphone adoption accelerating globally, the share of shopping done via the internet will only continue to expand. But this growth in digital sales can come with a hefty price tag for retailers and consumer goods businesses: a much greater risk of data breaches.

According to a recent study by IBM Security, the 2023 X-Force Threat Intelligence Index established the retail and wholesale industry as the fifth-most targeted industry in 2022, with cybercriminals increasingly looking to exploit the trove of data gathered from the billions of transactions sellers process online. But there’s good news: by modernizing their cybersecurity strategy with automation and AI technologies, businesses can help reduce costs and minimize time to identify and contain breaches.

The cost of vulnerability

It’s easy to see why retail and consumer goods industries present so compelling a target for attackers. With worldwide e-commerce sales totals expected to reach $8.1 trillion by 2026, businesses are accumulating massive amounts of sensitive data, including payment information from their customers.

This wealth of data is an attractive target for cybercriminals to exploit for financial gain. According to the IBM Security Cost of a Data Breach Report 2023, using attacks like phishing or compromised credentials—representing 16% and 15% of studied data breaches, respectively—cybercriminals have been able to skirt many security perimeters often resulting in lost or compromised data.

The Threat Intelligence Index also found that breaches against the retail and wholesale industry represented 8.7% of all studied attacks among the top ten industries in 2022, up from 7.3% in 2021. The manufacturing industry has fared even worse as malicious organizations may seek to disrupt supply chains or expose intellectual property, among other things. In fact, the Threat Intelligence Index found that manufacturing was the most targeted industry overall in 2022.

The Cost of a Data Breach Report saw industrywide costs per breach hit record highs last year. For retail, the average data breach studied cost $2.96 million; consumer goods was even more damaging, coming in at $3.8 million—ranking tenth among industries studied. Both sectors also exceeded the global average for breach containment time. Further, it took retail organizations 10 extra days to identify a breach and 9 extra days to contain it, and consumer goods businesses 8 extra days to identify a breach and 10 extra days to contain it when compared to the global average.

Room for improvement

Compared to other industries, retail and consumer goods have a lot of opportunities to improve when it comes to defending against data breaches. Additional IBM internal research found that only 25% of retail companies and 29% of consumer goods businesses studied employ extensive automation and AI-powered security solutions. By modernizing security strategies and taking a proactive approach, organizations can enhance their ability to detect intrusions, and potentially shut them down before they can inflict real damage to help reduce the overall impact of a breach.

One of the biggest mitigators of studied data breaches was speed, and security AI and automation had the most profound influence on an organization’s ability to quickly identify and contain attacks. Industrywide, studied businesses employing AI and automation extensively in their security operations were able to shorten the average data breach lifecycle by 108 days compared to those that did not employ these technologies. Based on these findings, this translated to a cost savings of $850,000 per attack—up to 30% less than the average impact.

A big part of this is simply the ability to detect the breach quickly, yet only one-third of data breaches studied were detected by the affected company. But those participating businesses that did detect the breach themselves, were able to act much more swiftly to contain the attack, resulting in a lifecycle reduction of nearly 80 days compared to data breaches that were disclosed by the attacker (241 days versus 320).

As the digitization of retail and consumer goods industries continues to advance, businesses will face increasing pressure from attackers seeking to disrupt their operations and exploit their wealth of data. By investing in more sophisticated detection and response capabilities, companies can make substantial improvements in their ability to contain data breaches to help significantly reduce the financial and reputational fallout in the process.

Explore the Cost of a Data Breach Report

More from Security

Supercharge security operations: How to unlock analysts’ productivity

6 min read - Security analysts are all too familiar with the challenges of alert fatigue, swivel chair type of analysis, and "ghost chasing" spurred by false positives. Facing massive volumes of data coming from an expanding digital footprint and attack surfaces across hybrid multi-cloud environments, they must quickly discern real threats from all the noise without getting derailed by stale intelligence. Many organizations have to juggle dozens of security tools, which creates scattered, contextless information that often weakens the foundational triad of cybersecurity:…

Rallying troops against cybercrime with QRadar SIEM

5 min read - Cybersecurity is everyone’s business—as it should be, given the staggering surge in cyberattacks. Today, these attacks exhibit an unprecedented level of frequency, ingenuity and speed. The cyberthreat landscape is evolving and countries such as India are facing an alarming rate of increase in cyberattacks (Q2 of 2023 saw a 90% increase). Driven by accelerated hybrid cloud adoption and digital transformation efforts, the region is currently a beacon of innovation and a battleground for cyberthreats. This is creating more attack opportunities…

IBM Named a Leader in 2023 Gartner® Magic Quadrant™ for Access Management

3 min read - We are thrilled to share that IBM is named a Leader in the most recent Gartner® Magic Quadrant™ for Access Management. IBM is recognized for its Ability to Execute and Completeness of Vision. As a team, we’ve been working hard to deliver on a roadmap of identity and access management capabilities that we believe solve the biggest challenges organizations are facing when it comes to managing identities in today’s dispersed, hybrid cloud environments. Ultimately, our vision is to provide the right…

IBM Tech Now: November 13, 2023

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 89 On this episode, we're covering the following topics: AI vs. human deceit: Unravelling the new age of phishing tactics IBM MQ version 9.3.4 17 IBM offerings have secured a placement on the TrustRadius…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters