Security Experts:

Connect with us

Hi, what are you looking for?



Data Breaches Can Lead to Customer Drop-Off, Survey Finds

Customer churn can be one of the more painful and unpredictable parts of a data breach, and a new study from Javelin Strategy & Research offer some insight into how serious it can be.

Customer churn can be one of the more painful and unpredictable parts of a data breach, and a new study from Javelin Strategy & Research offer some insight into how serious it can be.

According to a survey of people who had their information exposed in a breach, 33 percent of consumers will shop elsewhere if their retailer of choice is breached. In addition, 30 percent of patients will find new healthcare providers if their hospital/doctor’s office is breached, and 25 percent of consumers will switch bank/credit card providers in the aftermath of a breach.

“That’s real money lost in customer churn and reduced sales, and certainly demonstrates how the reputation of the organization hits the bottom line,” said Al Pascual, senior analyst of security, risk and fraud at Javelin Strategy & Research. “It’s noteworthy that about a third of people will go as far as to find a new doctor, if their provider is breached, as we all know healthcare services can be a big hassle to change.”

This was underscored in the aftermath of the Target breach. In that case, the retailer saw a drop-off in stock prices and estimated as much as $61 million had been spent in relation to the breach as of Feb. 1. An unrelated study performed by the Ponemon Institute, 80 percent of respondents said their company’s leaders do not equate losing confidential data with a potential loss of revenue. Forty-eight percent said their board-level executives have a subpar understanding of security issues.

“There is no question strong leadership from the CIO and CISO will help control costs,” said Todd Feinman, CEO at Identity Finder, which sponsored the Javelin research. “We are seeing that many organizations are looking for valuable insight into where their highest risks are so they can focus costs on protecting those assets. Historically an organization tried to protect all assets the same and spend was much higher but now there are certain assets with sensitive data and many assets without sensitive data. The CIO and CISO are looking to define their sensitive data footprint and justify higher spend inside that area but lower spend across the many machines outside that area. That helps control overall costs.”

To protect sensitive data from breaches and subsequent misuse, Javelin recommends business conduct regular risk assessments and create a sensitive data management program.

“Defining sensitive data, classifications, allowed actions for remediating unprotected data, and other policies are critical tasks,” according to the report. “As organizations establish their requirements for managing sensitive information, ensuring complete coverage is challenging. It only takes one stolen laptop, one employee’s cloud drive, one virus, one hacker, or one mistake to end up as the next headline, with massive negative effects on the company’s image and its bottom line.”

Written By

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...