Welcome to the post-Target breach world: One-third of consumers stop shopping at retailers that have been breached, and nearly one-third ditch their healthcare providers after they've been breached, a study published today finds. One-fifth of consumers say they will leave banks or credit card companies that have been breached.
The high-profile data breach at the retailer TJX hardly put a dent in its business, but times have changed. Target's revenue dipped in the third quarter after its massive payment card hack late last year, which to date has cost the company $61 million in legal fees and credit monitoring offerings.
"I think the straw breaking the camel's back is customers now in droves are being inconvenienced [by breaches]. They never thought it could happen to them... Now they think, 'This can happen to me,'" says Al Pascual, senior analyst of security, risk, and fraud at Javelin Strategy & Research.
The combination of the number of high-profile attacks, scope, and publicity surrounding them has given consumers pause. "It's sticking," Pascual says.
About one-third of consumers surveyed by Javelin Research said they will ditch their retailer if it gets breached; 30% said they will seek a new doctor or hospital if it gets breached; and 24% said they will switch banks or credit card providers that get breached.
Changing big-box retailers is obviously not as complicated as choosing a new doctor. However, "for me, the only thing that was surprising [in the survey] was that healthcare [business departure] was as high as it was. It's easy to walk down the street and say, 'Target or Marshalls, McDonald's or Burger King,'" says Todd Feinman, CEO at Identity Finder, which commissioned the report. "But healthcare is not as much of a commodity, so that those numbers were only second in line was a surprise to me."
Breached organizations typically offer customers free identity protection services in the wake of an attack; 54% of healthcare providers do so, as do 40% of financial/banking fims and 30% of retailers.
The full Javelin report is available here for download (registration required).