The data breach gremlins could be coming home to roost for retailers this holiday season, and they're not coming by way of regulators or investors. According to a survey released this weekend, it's the consumers themselves who are holding retailers accountable. Conducted by Princeton Survey Research Associates on behalf of CreditCards.com, the survey showed that nearly half of consumers today would be less likely to shop at a store during the holiday season if that establishment suffered a breach.
The results show that 45% of consumers reported that they "probably" or "definitely" would avoid a store over the holidays if they found out it had a data breach. Further, the news of retail breaches has made consumers somewhat allergic to plastic -- approximately 48% say the bad press has made them more likely to use cash in favor of cards.
Beyond surveys like these, it has been difficult to calculate the losses suffered by retailers, such as Target and Home Depot, from changes of consumer and investor habits following big breaches. Last February, Target reported a 46% drop in profit in the financial quarter following the disclosure of its massive breach. However, it is hard to know if that was truly caused by the breach or simply correlated with it. There were other market forces at play then, including a costly expansion into Canada, according to The Wall Street Journal (subscription required).
More recently, neither Home Depot nor JPMorgan Chase has experienced stock dips as a result of their megabreaches. Some industry watchers have cited Home Depot's recent 2% stock uptick following the disclosure of its breach as evidence that consumers are experiencing "breach fatigue", and that retailers shouldn't fear long-term breach fallout. But on the flip side of this argument, it could just as easily be evidence of a strengthening overall market. In support of this, just last week the National Retail Federation reported that the average shopper plans to spend 5% more this year during the holiday shopping season than last year's busy season.
In spite of the inconclusive market data, consumer surveys have repeatedly shown that consumers are growing fed up with their merchants for shoddy security around sensitive information. In fact, just last month, HyTrust ran a survey that showed results similar to the one out this week. In that survey, 51% of consumers reported that they take business elsewhere after a breach that compromises information like addresses, Social Security numbers, and credit card details. More than a third of consumers said they believe the worst kinds of breaches are those that compromise Social Security numbers. Taking things a step further, the HyTrust poll showed that more 45% of consumers believe that corporate officers should be held accountable for breaches at their organizations, and that the companies should be considered "criminally negligent."
And this year, Javelin Research found that 54% of consumers would switch healthcare providers after a breach, 40% would switch banks, and 30% would shop at different retailers.
"A significant proportion of affected consumers discontinue or reduce their patronage post-breach," Al Pascual, senior analyst of security, risk, and fraud at Javelin Strategy & Research, said in a press release. "That's real money lost in customer churn and reduced sales, and certainly demonstrates how the reputation of the organization hits the bottom line."