RH-ISAC Releases 2025 CISO Benchmark Report, Showcasing Growth in Retail and Hospitality Cybersecurity

VIENNA, Va., July 09, 2025 (GLOBE NEWSWIRE) — The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) has released its 2025 CISO Benchmark Report, offering a detailed look at the industry’s growing focus on proactive, business-enabling cybersecurity strategies.

The 2025 report, developed in partnership with Accenture, draws on input from nearly 200 cybersecurity leaders across retail and hospitality. It highlights ransomware, third-party supply chain attacks, and phishing as the top three threats facing the sector.

Business continuity and disaster recovery emerged as the top cybersecurity initiative for 2025, rising from the number four spot in last year’s report and signaling a deliberate shift towards proactive risk management. Smaller organizations are closing the gap when comparing cyber maturity with larger companies, and cybersecurity budgets are showing consistent increases year-over-year.

Other key findings from the 2025 report include:

• A 25% improvement in average NIST CSF maturity scores from 2024 to 2025, indicating stronger and more repeatable processes
• A 12% rise in CISOs reporting directly to senior business leadership, showing that cybersecurity is increasingly being seen as a factor in business outcomes
• An 11% increase in spending on third-party security services, with penetration testing and security operations centers as the most commonly outsourced services
• Growth in security staffing, with nearly 40% planning to expand full-time employee headcount
• A growing focus on collaboration, collective intelligence, and early warning systems to help companies detect and prevent attacks before damage occurs

“This year’s report shows how far the industry has come,” said Suzie Squier, president of RH-ISAC. “Retail and hospitality security leaders are building stronger foundations, embracing emerging technologies, and helping create a culture of intelligence sharing and trust. That’s the kind of momentum that raises the bar for everyone.”

“Cyber threats are evolving fast, and we need to work together to stay ahead of them,” said Rich Agostino, board chair of RH-ISAC and senior vice president and chief information security officer at Target. “Through RH-ISAC, we’re seeing the power of real-time intelligence sharing, benchmarking and collaboration in action. I’m proud of Target’s deep engagement with RH-ISAC to help the industry become stronger and more resilient.”

The report calls on organizations to continue to prioritize security as a strategic business function, close maturity gaps, adopt zero-trust frameworks, and modernize legacy systems. The full report is available for RH-ISAC members. A TLP:Clear version of the report is available here.

About RH-ISAC
The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) is the trusted community for sharing sector-specific cybersecurity information and intelligence in the retail and hospitality industries. The RH-ISAC connects information security teams at the strategic, operational, and tactical levels to work together on issues and challenges, to share practices and insights, and to benchmark among each other – all with the goal of building better security for consumer-facing industries through collaboration. RH-ISAC serves businesses including retailers, restaurants, hotels, gaming casinos, food retailers, consumer products, and other consumer-facing companies. For more information, visit www.rhisac.org.

Media Contact:

Daniela Bartoli
PR Manager
RH – ISAC
[email protected]

A photo accompanying this announcement is available at
https://www.globenewswire.com/NewsRoom/AttachmentNg/c78d5306-ee75-4b87-bd6c-3f9f2100f6f0

Wall St Business News, Latest and Up-to-date Business Stories from Newsmakers of Tomorrow