Nearly Half Of Consumers Will Punish Breached Retailers During HolidaysNearly Half Of Consumers Will Punish Breached Retailers During Holidays
Consumers say they'll talk with their wallets if they hear their favorite store has played fast and loose with customer data.
October 20, 2014
The data breach gremlins could be coming home to roost for retailers this holiday season, and they're not coming by way of regulators or investors. According to a survey released this weekend, it's the consumers themselves who are holding retailers accountable. Conducted by Princeton Survey Research Associates on behalf of CreditCards.com, the survey showed that nearly half of consumers today would be less likely to shop at a store during the holiday season if that establishment suffered a breach.
The results show that 45% of consumers reported that they "probably" or "definitely" would avoid a store over the holidays if they found out it had a data breach. Further, the news of retail breaches has made consumers somewhat allergic to plastic -- approximately 48% say the bad press has made them more likely to use cash in favor of cards.
Beyond surveys like these, it has been difficult to calculate the losses suffered by retailers, such as Target and Home Depot, from changes of consumer and investor habits following big breaches. Last February, Target reported a 46% drop in profit in the financial quarter following the disclosure of its massive breach. However, it is hard to know if that was truly caused by the breach or simply correlated with it. There were other market forces at play then, including a costly expansion into Canada, according to The Wall Street Journal (subscription required).
More recently, neither Home Depot nor JPMorgan Chase has experienced stock dips as a result of their megabreaches. Some industry watchers have cited Home Depot's recent 2% stock uptick following the disclosure of its breach as evidence that consumers are experiencing "breach fatigue", and that retailers shouldn't fear long-term breach fallout. But on the flip side of this argument, it could just as easily be evidence of a strengthening overall market. In support of this, just last week the National Retail Federation reported that the average shopper plans to spend 5% more this year during the holiday shopping season than last year's busy season.
In spite of the inconclusive market data, consumer surveys have repeatedly shown that consumers are growing fed up with their merchants for shoddy security around sensitive information. In fact, just last month, HyTrust ran a survey that showed results similar to the one out this week. In that survey, 51% of consumers reported that they take business elsewhere after a breach that compromises information like addresses, Social Security numbers, and credit card details. More than a third of consumers said they believe the worst kinds of breaches are those that compromise Social Security numbers. Taking things a step further, the HyTrust poll showed that more 45% of consumers believe that corporate officers should be held accountable for breaches at their organizations, and that the companies should be considered "criminally negligent."
And this year, Javelin Research found that 54% of consumers would switch healthcare providers after a breach, 40% would switch banks, and 30% would shop at different retailers.
"A significant proportion of affected consumers discontinue or reduce their patronage post-breach," Al Pascual, senior analyst of security, risk, and fraud at Javelin Strategy & Research, said in a press release. "That's real money lost in customer churn and reduced sales, and certainly demonstrates how the reputation of the organization hits the bottom line."
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023