Skip to main content

The average cost of a retail data breach is…

Dan Berthiaume
Cyber security
Data breaches are getting costlier for retailers.

A new IBM study reveals that data breaches are rapidly becoming more expensive for retailers to mitigate.

According to the annual IBM "Cost of a Data Breach Report," the average cost of a retail data breach in 2024 jumped 18% to $3.48 million in 2024, an 18% increase from $2.96 million in 2023. This cost is still 33% lower than the global average across industries of $4.88 million.

In addition, the study indicates one-third (32%) retailers now extensively use security AI and automation, up from 25% in 2023, resulting in an average $1.9 million cost saving compared to retailers without these technologies, an increase from $850,000 the prior year.

However, IBM data shows retail organizations still took longer to identify and contain breaches compared to the global average.

The study also analyzed data breach cost trends in the CPG industry:

  • The average cost of a CPG data breach in 2024 reached $3.91 million, a 3% increase from $3.8 million in 2023 but still 22% lower than the global average.
  • The adoption of security AI and automation among CPG companies remains nearly unchanged, with 30% using these technologies in 2024 compared to 29% in 2023.
  • CPG companies achieved $1.9 million in cost savings from the use of security AI and automation, a significant increase from $850,000 from 2023 – identical to retail figures.
  • Similar to the retail sector, consumer organizations took longer to identify and contain breaches compared to the global average.
Advertisement - article continues below
Advertisement

Cross-industry findings

Key data points taken from global companies across industries include:

  • Understaffed security teams: More organizations faced severe staffing shortages compared to the prior year (26% increase) and observed an average of $1.76 million in higher breach costs than those with low level or no security staffing issues.

  • AI-powered prevention: Two out of three organizations studied are deploying security AI and automation across their security operation center. When these technologies were used extensively across prevention workflows, organizations incurred an average $2.2 million less in breach costs, compared to those with no use in these workflows – the largest cost savings revealed in the IBM study.

  • Data visibility gaps – Four in 10 studied breaches involved data stored across multiple environments including public cloud, private cloud, and on-prem. These breaches cost more than $5 million on average and took the longest on average to identify and contain (283 days).

[READ MORE: Verizon: Online security incidents reach new high in 2023]

The 2024 Cost of a Data Breach Report is based on an in-depth analysis of real-world data breaches experienced by 604 organizations globally between March 2023 and February 2024. The research, conducted by Ponemon Institute, and sponsored and analyzed by IBM, has been published for 19 consecutive years and has studied the breaches of more than 6,000 organizations, becoming an industry benchmark. 

Related Retail News

Related Topics

X
This ad will auto-close in 10 seconds