The rise of online commerce over the last two decades has completely transformed the retail and consumer goods industries—and with smartphone adoption accelerating globally, the share of shopping done via the internet will only continue to expand. But this growth in digital sales can come with a hefty price tag for retailers and consumer goods businesses: a much greater risk of data breaches.
According to a recent study by IBM Security, the 2023 X-Force Threat Intelligence Index established the retail and wholesale industry as the fifth-most targeted industry in 2022, with cybercriminals increasingly looking to exploit the trove of data gathered from the billions of transactions sellers process online. But there’s good news: by modernizing their cybersecurity strategy with automation and AI technologies, businesses can help reduce costs and minimize time to identify and contain breaches.
The cost of vulnerability
It’s easy to see why retail and consumer goods industries present so compelling a target for attackers. With worldwide e-commerce sales totals expected to reach $8.1 trillion by 2026, businesses are accumulating massive amounts of sensitive data, including payment information from their customers.
This wealth of data is an attractive target for cybercriminals to exploit for financial gain. According to the IBM Security Cost of a Data Breach Report 2023, using attacks like phishing or compromised credentials—representing 16% and 15% of studied data breaches, respectively—cybercriminals have been able to skirt many security perimeters often resulting in lost or compromised data.
The Threat Intelligence Index also found that breaches against the retail and wholesale industry represented 8.7% of all studied attacks among the top ten industries in 2022, up from 7.3% in 2021. The manufacturing industry has fared even worse as malicious organizations may seek to disrupt supply chains or expose intellectual property, among other things. In fact, the Threat Intelligence Index found that manufacturing was the most targeted industry overall in 2022.
The Cost of a Data Breach Report saw industrywide costs per breach hit record highs last year. For retail, the average data breach studied cost $2.96 million; consumer goods was even more damaging, coming in at $3.8 million—ranking tenth among industries studied. Both sectors also exceeded the global average for breach containment time. Further, it took retail organizations 10 extra days to identify a breach and 9 extra days to contain it, and consumer goods businesses 8 extra days to identify a breach and 10 extra days to contain it when compared to the global average.
Room for improvement
Compared to other industries, retail and consumer goods have a lot of opportunities to improve when it comes to defending against data breaches. Additional IBM internal research found that only 25% of retail companies and 29% of consumer goods businesses studied employ extensive automation and AI-powered security solutions. By modernizing security strategies and taking a proactive approach, organizations can enhance their ability to detect intrusions, and potentially shut them down before they can inflict real damage to help reduce the overall impact of a breach.
One of the biggest mitigators of studied data breaches was speed, and security AI and automation had the most profound influence on an organization’s ability to quickly identify and contain attacks. Industrywide, studied businesses employing AI and automation extensively in their security operations were able to shorten the average data breach lifecycle by 108 days compared to those that did not employ these technologies. Based on these findings, this translated to a cost savings of $850,000 per attack—up to 30% less than the average impact.
A big part of this is simply the ability to detect the breach quickly, yet only one-third of data breaches studied were detected by the affected company. But those participating businesses that did detect the breach themselves, were able to act much more swiftly to contain the attack, resulting in a lifecycle reduction of nearly 80 days compared to data breaches that were disclosed by the attacker (241 days versus 320).
As the digitization of retail and consumer goods industries continues to advance, businesses will face increasing pressure from attackers seeking to disrupt their operations and exploit their wealth of data. By investing in more sophisticated detection and response capabilities, companies can make substantial improvements in their ability to contain data breaches to help significantly reduce the financial and reputational fallout in the process.