Welcome Guest. | Log In | Register | Membership Benefits

Survey Shows Consumers Leave Businesses That Suffer Security Breach

SailPoint survey finds customers are losing confidence in the organizations they once trusted

Sep 22, 2011 | 02:55 PM | 


AUSTIN, September 20, 2011 – Over the last several years, financial institutions, retailers and healthcare organizations around the world have become frequent victims of data breaches. As more and more breaches are reported that impact large numbers of consumers, customers are losing confidence in the organizations they once trusted. In the second part of a recent SailPoint Market Pulse Survey, conducted online by Harris Interactive, consumers expressed cynicism about how these organizations are protecting their data and a willingness to leave a business that experienced a breach. The recent online survey was conducted among 2,241 adults in Great Britain, 1,023 adults in Australia and 2,309 U.S. adults.

According to SailPoint’s Market Pulse Survey, the majority of adults in the United States, Great Britain and Australia are worried about possible exposure of their personal information, and a large percentage of adults have lost confidence in how companies protect their personal information. As an example, 80% of Americans, 81% of Britons and 83% of Australians who have personal medical information are concerned about moving that information to an electronic form because of the risks of identity theft or invasion of privacy resulting from their personal information being exposed on the Internet, to other staff members or even their employers. The frequent incidence of data breaches is reflected in the fact that many adults think they have become commonplace at financial institutions and retailers: 12% of Americans, 8% of Britons and 8% of Australians believe these breaches happen all the time.

“The widespread impact of data breaches like Epsilon and Sony PlayStation, where millions of consumers were impacted around the world, is making customers more cautious about conducting business with certain financial institutions and retailers,” said Jackie Gilbert, vice president of marketing and cofounder at SailPoint. “These companies obviously spent millions to recover from these data breaches, but the longer term and harder-to-measure costs will be the erosion of customer loyalty and decline in brand perception.”

This mistrust is beginning to affect consumer behavior. The Market Pulse Survey indicates that a security breach at a financial institution or retailer can severely impact customer loyalty. Case in point: 16% of Americans, 24% of Britons and 26% of Australians said they would no longer do business with a bank, credit card company or retailer if a security breach occurred that potentially exposed their personal and financial information to theft. Within these groups, 10% of American, 14% of Britons and 16% of Australians would not only not do business with that organization, but also would tell their family and friends not to do business with that same organization.

In all three regions, the growing use of electronic medical records is a main concern because adults believe that having healthcare organizations manage their personal data electronically exposes them to more threats. Specifically, of the adults in these countries who have personal medical information: 29% of these Americans, 26% of these Britons and 30% of these Australians are most concerned that medical records being made available electronically might result in those records being exposed on the Internet. 35% of these Americans, 33% of these Britons and 37% of these Australians are most concerned about the use of their private information being used to steal their identity. Finally, 10% of these Americans, 14% of these Britons and 11% of these Australians are most concerned about staff members not directly related with their care being able to view their private data.

“Consumers have reason to be concerned about the safety of their personal information and to question how effective organizations are at protecting that information,” continued Gilbert. “In some widely publicized cases, the very basics of user access control were not put in place to safeguard sensitive data, making it child’s play for intruders to gain access to it. SailPoint is working with some of the largest financial services, retail and healthcare organizations around the world to ensure strong controls over data access. Unfortunately, as this survey shows, there is still a lot of work to do to win back customer confidence in light of the number of bad examples across industries.”



Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dark Reading encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dark Reading moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Dark Reading further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
Subscribe to RSS



Compliance Reports

report How To Boost Security Via FFIEC Compliance
With just a smartphone, users can conduct nearly all their banking business at any time of the day or night. However, all this flexibility and convenience opens up new avenues for fraud and cybercrime. Guidelines laid out by the FFIEC several years ago predate many of the capabilities-and vulnerabilities-that are in place today. In this report, we examine the latest guidelines and provide advice on how you can extend the work done to comply with FFIEC guidelines to strengthen your organization's overall security posture and keep customers and their data safe.

report Keeping Compliance In Check
Configuration mistakes, access control gaffes, poor documentation--it doesn?t take much for a compliance audit to go all wrong. In this special retrospective of recent news coverage, Dark Reading takes a look at the costs, common missteps and best practices for compliance, as well as the day the Internet nearly went dark due to the threat of new regulations.

report FISMA Lifts All Compliance Boats
FISMA may not be on your radar now, but it likely will be at some point. Geared specifically toward the federal government and its affiliate agencies and third parties, FISMA is a very specific set of requirements aimed at establishing and maintaining at least a baseline level of computer and network security. FISMA requires unique categorization and classification of information assets, not to mention a boatload of documentation to prove compliance. But once your organization achieves FISMA compliance, it will likely be compliant with just about every security mandate out there.

Other reports from the Compliance Tech Center:

Related Content

Log Management in 2012 and Beyond
2012 brings interesting changes to the log management world. Now, more than ever, it is critical to understand the impact to your log infrastructure and the solutions that will better prepare you to manage your security posture.

SANS Log Management Survey Report
Organizations are increasingly dependent on log management to support core business functions, including cost management, service level and line-of-business application monitoring, as well as traditional IT- and security-focused activities.

Cut the Time and Effort of Troubleshooting and Reporting
Organizations generate millions of logs a day and struggle with centralized collection, storage and analysis of those logs. ArcSight Logger is a universal log management solution that unifies searching, reporting, alerting and analysis across any type of IT data. It consolidates silos of logs into a single indexed repository for fast detection and mitigation of operational issues.

Get Turnkey and Automated PCI Compliance
PCI compliance monitoring is seamless with the self-contained ArcSight PCI Logger solution for log collection, storage and analysis. No database administration expertise is required and a web-based interface simplifies deployment and ongoing management.

Swiss Bank Meets Compliance Requirements and Protects Customer Data
Due to long-term data retention requirements, Swiss bank EFG needed a cost-effective way to collect, secure and store audit-quality log data in an easily accessible log repository. ArcSight Logger helps EFG meet key requirements of Switzerland?s banking laws fast and cost-effectively.




Featured Webcasts
Featured Whitepapers
Featured Reports