Cybersecurity for Consumer Companies

Cyber risk continues to be a major concern for businesses of all kinds. According to, ransomware was identified as the number one concern of the C-suite in 62% of surveyed organizations in 2023, up 44% from 2022. And such attacks aren’t cheap. According to IBM, the average data breach cost in the United States is US $5.09M. A strong cybersecurity defense is, therefore, critical to protecting your investors and customers from the damage a cyberattack can cause. 

This is especially important for consumer companies, which continue to be a prime target for cyberattacks. For example, in North America, the retail industry accounts for 14% of cyberattacks, according to IBM. In one example of a ransomware attack on a retail company, Computer Weekly learned in 2021 that British retailer FatFace paid the Conti ransomware gang US $2 million to return company data. Several months later, an unprecedented ransomware supply chain attack on software provider Kaseya  ultimately infected as many as 1,500 businesses. Among them was the Swedish grocery store chain Coop, which had to temporarily close the majority of its 800 retail stores because malware prevented many of its cash registers from working.  

Manufacturing and production organizations are also feeling the pain. According to Orange Cyberdefense, the manufacturing sector was the most targeted for cyber extortion globally, representing 20% of all cyber extortion campaigns. Bad actors hit several large manufacturing organizations in 2023, including the produce company Dole. That attack affected the company’s systems throughout North America, according to an email shared by one of Dole’s Texas-based retail partners on Facebook. 

The importance of cybersecurity governance for consumer companies

A recent joint Corporate Governance Institute and Board Intelligence survey found nearly 60% of respondents don’t think they have received sufficient training on cyber resilience in the last 12 months. If you’re a consumer company planning to reassess your cybersecurity policies this year, governance should be an important element of that plan. With a robust cybersecurity governance process in place, an organization is better prepared to mitigate risks, address threats, and meet regulatory and compliance responsibilities.  

Download exclusive insights: A white paper on materiality and cybersecurity

The three pillars of cybersecurity governance 

There are three pillars of cybersecurity governance Let’s take a closer look at the three pillars and what they mean.  

What are you doing? 

First, you should fully understand the cybersecurity program and governance model you currently have in place. That means you need to: 

  • Understand the data you’re collecting and how you’re collecting it.  
  • Ensure you’re only collecting the data you need.  
  • Understand your regulatory compliance obligations.    

Is it enough? 

Knowing if your cybersecurity plan is enough should involve a constant process of evaluating risk. If you determine that your residual risk is too high, it may be time to make additional investments in security and controls to reduce or transfer that risk. 

 Questions to ask: 

  • Do you understand your risks? 
  • Are you meeting compliance obligations? 
  • Do you have controls in place to ensure only certain people have access to specific data and only certain people can modify that data? 
  • Do you have redundancy, backup, recovery and resiliency plans in place? 

How do you know? 

Knowing you are prepared is about having the right monitoring processes and understanding how you would react to various cybersecurity events. Ask yourself:  

  • Do you have appropriate monitoring to detect a cyber breach should one occur, and has a third party validated that it functions as intended? 
  • If an attack succeeds, do you have processes in place to help you recover? 

How BPM can help you start building a cybersecurity governance plan today  

In 2024 and beyond, we anticipate a surge in cybersecurity threats targeting consumer companies. Operating within such a high-risk sector, your business not only faces financial jeopardy in the event of a breach but also the looming specter of damaged reputation and brand integrity. Let us provide the support you need.  

BPM offers Cybersecurity Assessment Services, including Penetration Testing and Incident Assessment Support. Our independent team evaluates your organization to identify your information security weaknesses and helps you understand where threat actors are most likely to strike. Then, we work with you to build a methodology to manage cybersecurity risk and develop risk-prioritized recommendations and controls so you can respond to and monitor an attack should the worst occur.  

If it’s been a while since you’ve evaluated your cybersecurity plan, contact us today to help you ensure you are ready to handle whatever cybersecurity threat might come your way tomorrow.  

Contact us today to get started.

Headshot of Ryan Musser.

Related Insights