Customer churn can be one of the more painful and unpredictable parts of a data breach, and a new study from Javelin Strategy & Research offer some insight into how serious it can be.
According to a survey of people who had their information exposed in a breach, 33 percent of consumers will shop elsewhere if their retailer of choice is breached. In addition, 30 percent of patients will find new healthcare providers if their hospital/doctor’s office is breached, and 25 percent of consumers will switch bank/credit card providers in the aftermath of a breach.
“That’s real money lost in customer churn and reduced sales, and certainly demonstrates how the reputation of the organization hits the bottom line,” said Al Pascual, senior analyst of security, risk and fraud at Javelin Strategy & Research. “It’s noteworthy that about a third of people will go as far as to find a new doctor, if their provider is breached, as we all know healthcare services can be a big hassle to change.”
This was underscored in the aftermath of the Target breach. In that case, the retailer saw a drop-off in stock prices and estimated as much as $61 million had been spent in relation to the breach as of Feb. 1. An unrelated study performed by the Ponemon Institute, 80 percent of respondents said their company’s leaders do not equate losing confidential data with a potential loss of revenue. Forty-eight percent said their board-level executives have a subpar understanding of security issues.
“There is no question strong leadership from the CIO and CISO will help control costs,” said Todd Feinman, CEO at Identity Finder, which sponsored the Javelin research. “We are seeing that many organizations are looking for valuable insight into where their highest risks are so they can focus costs on protecting those assets. Historically an organization tried to protect all assets the same and spend was much higher but now there are certain assets with sensitive data and many assets without sensitive data. The CIO and CISO are looking to define their sensitive data footprint and justify higher spend inside that area but lower spend across the many machines outside that area. That helps control overall costs.”
To protect sensitive data from breaches and subsequent misuse, Javelin recommends business conduct regular risk assessments and create a sensitive data management program.
“Defining sensitive data, classifications, allowed actions for remediating unprotected data, and other policies are critical tasks,” according to the report. “As organizations establish their requirements for managing sensitive information, ensuring complete coverage is challenging. It only takes one stolen laptop, one employee’s cloud drive, one virus, one hacker, or one mistake to end up as the next headline, with massive negative effects on the company’s image and its bottom line.”