In 2024, retail and wholesale businesses reported taking an average of 6.4 months to recover from cybersecurity breaches – 26% longer than expected and over a month past the anticipated timeline of 5.1 months, according to the latest annual Global Security Research Report from Fastly.

With attacks becoming more prevalent and taking longer to recover from, the report found that 85% of retail businesses plan to increase investment in security tools over the next 12 months, an 11% year-on-year rise.

However, despite the additional spending, more than half of the surveyed cybersecurity decision makers (52%) feel that an increasingly sophisticated threat landscape has still left them unprepared to deal with future attacks.

Fastly CISO, Marshall Erwin said, “Full recovery from breaches is not getting any faster. The revenue, reputation and time lost damages business relationships permanently and drains resources from other areas of the business. With attacks not diminishing and the possibility of further high-profile slip-ups always present, it’s crucial that any changes businesses are now making to cybersecurity strategies fit within a holistic plan and aren’t knee-jerk reactions.”

In 2024, around two in five (39%) retail businesses expressed concerns about the reliability and software quality across their security stack and nearly one quarter (24%) considered changing vendors. In addition, the majority of businesses (89%) have changed their approach to testing and rolling out updates in response to major reliability incidents.

When it comes to software security, organisations are re-evaluating how security integrates across their operations. Increasingly, key stakeholders outside traditional security teams are having a say in which app security solutions are being adopted.

One in four (26%) say one of their organisation’s top priorities was to adopt a platform engineering approach to software security. This is also reflected in a change in culpability, with platform engineering teams held responsible for 9% of cybersecurity incidents, only slightly down from CISOs at 17% and CIOs at 14%.

“Cybersecurity spending is under the microscope as businesses continue to feel unprepared dealing with an evolving threat landscape. We are seeing a shift towards a shared responsibility for security across organisations, with increased focus on embedding security measures throughout all projects,” Erwin added.

“Companies that bake in security and establish strong partnerships with security organisations early in a product development process are in a better position to deal with emerging threats and recover more quickly from attacks.”