Security Experts:

Connect with us

Hi, what are you looking for?



Data Breaches Can Lead to Customer Drop-Off, Survey Finds

Customer churn can be one of the more painful and unpredictable parts of a data breach, and a new study from Javelin Strategy & Research offer some insight into how serious it can be.

Customer churn can be one of the more painful and unpredictable parts of a data breach, and a new study from Javelin Strategy & Research offer some insight into how serious it can be.

According to a survey of people who had their information exposed in a breach, 33 percent of consumers will shop elsewhere if their retailer of choice is breached. In addition, 30 percent of patients will find new healthcare providers if their hospital/doctor’s office is breached, and 25 percent of consumers will switch bank/credit card providers in the aftermath of a breach.

“That’s real money lost in customer churn and reduced sales, and certainly demonstrates how the reputation of the organization hits the bottom line,” said Al Pascual, senior analyst of security, risk and fraud at Javelin Strategy & Research. “It’s noteworthy that about a third of people will go as far as to find a new doctor, if their provider is breached, as we all know healthcare services can be a big hassle to change.”

This was underscored in the aftermath of the Target breach. In that case, the retailer saw a drop-off in stock prices and estimated as much as $61 million had been spent in relation to the breach as of Feb. 1. An unrelated study performed by the Ponemon Institute, 80 percent of respondents said their company’s leaders do not equate losing confidential data with a potential loss of revenue. Forty-eight percent said their board-level executives have a subpar understanding of security issues.

“There is no question strong leadership from the CIO and CISO will help control costs,” said Todd Feinman, CEO at Identity Finder, which sponsored the Javelin research. “We are seeing that many organizations are looking for valuable insight into where their highest risks are so they can focus costs on protecting those assets. Historically an organization tried to protect all assets the same and spend was much higher but now there are certain assets with sensitive data and many assets without sensitive data. The CIO and CISO are looking to define their sensitive data footprint and justify higher spend inside that area but lower spend across the many machines outside that area. That helps control overall costs.”

To protect sensitive data from breaches and subsequent misuse, Javelin recommends business conduct regular risk assessments and create a sensitive data management program.

“Defining sensitive data, classifications, allowed actions for remediating unprotected data, and other policies are critical tasks,” according to the report. “As organizations establish their requirements for managing sensitive information, ensuring complete coverage is challenging. It only takes one stolen laptop, one employee’s cloud drive, one virus, one hacker, or one mistake to end up as the next headline, with massive negative effects on the company’s image and its bottom line.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...