2025 CISO Benchmark Report Reveals Cybersecurity Advancements in Retail and Hospitality
New York, Wednesday, 9 July 2025.
Significant improvements in cybersecurity maturity for the retail and hospitality sectors are unveiled, highlighting advances in collaboration and resilience against cyber threats, influencing cybersecurity investment strategies for 2025.
Enhanced Cybersecurity Strategies
The Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC) has published the 2025 CISO Benchmark Report, which underscores considerable progress in cybersecurity maturity for the retail and hospitality industries. As part of a collaboration with Accenture, the report reflects insights from around 200 cybersecurity leaders, illustrating a substantial leap in addressing threats such as ransomware, third-party supply chain attacks, and phishing [1]. The continuous development in resilience and cross-organization partnerships has been influential in elevating security standards, thus informing strategic investment decisions in the sector throughout 2025 [2].
Key Threats and Priorities
Ransomware attacks, which have been at the forefront of cybersecurity concerns, are identified as one of the top threats to the sector. This pressing issue is compounded by third-party supply chain risks and phishing, necessitating a robust set of defensive strategies [1]. In light of these risks, the report emphasizes the importance of prioritizing business continuity and disaster recovery measures, propelling these initiatives as top cybersecurity focuses for 2025. This marks a shift from their position as the fourth priority in 2024, signaling a shift in strategic focus to bolster sector resilience [1].
Collaboration and Emerging Technologies
The RH-ISAC report also highlights the pivotal role of collaboration and emerging technologies in advancing cybersecurity frameworks. A culture of intelligence sharing and trust-building within the industry is crucial, according to Suzie Squier, president of RH-ISAC, who sees this as raising the industry’s standards [1]. Rich Agostino of Target echoes this sentiment, stressing that staying ahead of rapidly evolving threats requires joint efforts across the industry [1]. The report recommends that organizations adopt zero-trust frameworks and modernize legacy systems to close existing maturity gaps [1].
Influence on Future Cybersecurity Investments
With these findings, the RH-ISAC report is poised to significantly influence cybersecurity investment strategies within the retail and hospitality sectors for the coming year. It calls on organizations to treat security not just as a technical necessity but as a strategic business function integral to protecting both financial and reputational stakes [1]. The emphasis on emergent technology adoption and strategic initiatives is expected to guide budgeting and procurement decisions, reinforcing the importance of proactive security measures in safeguarding businesses against potential cyber threats [1].