The rise of online commerce over the last two decades has completely transformed the retail and consumer goods industries—and with smartphone adoption accelerating globally, the share of shopping done via the internet will only continue to expand. But this growth in digital sales can come with a hefty price tag for retailers and consumer goods businesses: a much greater risk of data breaches.

According to a recent study by IBM Security, the 2023 X-Force Threat Intelligence Index established the retail and wholesale industry as the fifth-most targeted industry in 2022, with cybercriminals increasingly looking to exploit the trove of data gathered from the billions of transactions sellers process online. But there’s good news: by modernizing their cybersecurity strategy with automation and AI technologies, businesses can help reduce costs and minimize time to identify and contain breaches.

The cost of vulnerability

It’s easy to see why retail and consumer goods industries present so compelling a target for attackers. With worldwide e-commerce sales totals expected to reach $8.1 trillion by 2026, businesses are accumulating massive amounts of sensitive data, including payment information from their customers.

This wealth of data is an attractive target for cybercriminals to exploit for financial gain. According to the IBM Security Cost of a Data Breach Report 2023, using attacks like phishing or compromised credentials—representing 16% and 15% of studied data breaches, respectively—cybercriminals have been able to skirt many security perimeters often resulting in lost or compromised data.

The Threat Intelligence Index also found that breaches against the retail and wholesale industry represented 8.7% of all studied attacks among the top ten industries in 2022, up from 7.3% in 2021. The manufacturing industry has fared even worse as malicious organizations may seek to disrupt supply chains or expose intellectual property, among other things. In fact, the Threat Intelligence Index found that manufacturing was the most targeted industry overall in 2022.

The Cost of a Data Breach Report saw industrywide costs per breach hit record highs last year. For retail, the average data breach studied cost $2.96 million; consumer goods was even more damaging, coming in at $3.8 million—ranking tenth among industries studied. Both sectors also exceeded the global average for breach containment time. Further, it took retail organizations 10 extra days to identify a breach and 9 extra days to contain it, and consumer goods businesses 8 extra days to identify a breach and 10 extra days to contain it when compared to the global average.

Room for improvement

Compared to other industries, retail and consumer goods have a lot of opportunities to improve when it comes to defending against data breaches. Additional IBM internal research found that only 25% of retail companies and 29% of consumer goods businesses studied employ extensive automation and AI-powered security solutions. By modernizing security strategies and taking a proactive approach, organizations can enhance their ability to detect intrusions, and potentially shut them down before they can inflict real damage to help reduce the overall impact of a breach.

One of the biggest mitigators of studied data breaches was speed, and security AI and automation had the most profound influence on an organization’s ability to quickly identify and contain attacks. Industrywide, studied businesses employing AI and automation extensively in their security operations were able to shorten the average data breach lifecycle by 108 days compared to those that did not employ these technologies. Based on these findings, this translated to a cost savings of $850,000 per attack—up to 30% less than the average impact.

A big part of this is simply the ability to detect the breach quickly, yet only one-third of data breaches studied were detected by the affected company. But those participating businesses that did detect the breach themselves, were able to act much more swiftly to contain the attack, resulting in a lifecycle reduction of nearly 80 days compared to data breaches that were disclosed by the attacker (241 days versus 320).

As the digitization of retail and consumer goods industries continues to advance, businesses will face increasing pressure from attackers seeking to disrupt their operations and exploit their wealth of data. By investing in more sophisticated detection and response capabilities, companies can make substantial improvements in their ability to contain data breaches to help significantly reduce the financial and reputational fallout in the process.

Explore the Cost of a Data Breach Report
Was this article helpful?
YesNo

More from Security

IBM Tech Now: March 11, 2024

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 94 On this episode, we're covering the IBM X-Force Threat Intelligence Index 2024: IBM X-Force Threat Intelligence Index 2024 landing page Download the report Watch the webinar: "Cybersecurity in 2024: Exploiting the human attack…

IBM’s immersive incident response training expands with new DC Cyber Range

3 min read - It’s been said before: cyberattacks are not a matter of if but when. While it’s difficult for organizations to predict exactly when an attack might hit, they can prepare for one to help strengthen their cyber readiness and mitigate devastating impacts. The global average cost of a data breach reached USD 4.45 million, with the U.S. facing the highest breach costs across all regions. For public organizations, the cost of a cyber crisis transcends monetary costs. Threat actors can disrupt…

Enterprise security is facing an identity crisis: Findings from the latest X-Force Threat Intelligence Index

2 min read - In this year’s IBM X-Force Threat Intelligence Index, our annual report of cybersecurity trends, we observed a pronounced surge in cyber threats targeting identities. Cyber criminals leveraged stolen credentials in 30% of the investigations X-Force responded to in 2023, which tracks a 71% increase compared to the previous year. Let’s take a look at some of the key findings from this year’s report. There are several ways that cybercriminals obtain valid credentials to use in breaches. In 2023, one of…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters