BreachExchange mailing list archives
Can consumers forgive a security breach?
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 7 Aug 2014 19:43:57 -0600
http://www.utsandiego.com/news/2014/aug/05/consumers-after-security-breach-pf-changs-target/ Data breaches have pommeled several major retailers over the last year, with P.F. Chang's China Bistro and customers at 33 of its restaurants in 16 states the latest victims. The restaurant chain announced Monday that for eight months between Oct. 19, 2013 and June 11 this year, hackers were using a breach in the company's credit card processing system to steal credit and debit card information, including expiration dates and in some cases cardholders' names. It's no wonder then that 45 percent of customers don't trust retailers with their information, according to a study published in June by Interactions, a firm specializing in marketing to consumers through on-site experiences. And of those shoppers surveyed who have had their information stolen through a security breach: - 85 percent tell others about their experience, - 33.5 percent use social media to complain about their experience But while breaches can mean immediate declines in traffic and sales for companies, the same study shows that consumers are more willing to forgive a security infringement than it might seem. That's true especially if they feel like the retailer is communicating early and often with them about what happened and what steps it is taking to minimize risk in the future. Consumers surveyed said that if a retailer experienced a security breach, 42 percent of them would return to that retailer within a month and 19 percent would come back within six months. An additional 22 percent said they would return as soon as the breach were corrected. Nineteen percent would continue doing business with the retailer, unfazed. Only 13 percent said they would be uncomfortable shopping there ever again. Still, 79 percent are more likely to use cash instead of credit cards, the study shows, and 26 percent will intentionally spend less than before. "Retailers know that if you have to shop with cash, you spend less money," explained Giovanni DeMeo, Vice President of Global Marketing and Analytics at Interactions. "A large number of shoppers said that after a breach, 'I’m going in with cash,' and theoretically that’s going to have a huge impact on these retailers." If Target is a test case of the fallout from such incidents, the effects — while lasting — don't have to spell doom for the retailer. Eight months after the payment information for more 40 million cardholders was hacked during the busiest shopping season of the year, Minneapolis-based Target is still controlling the damage but estimates the breach has cost less than 1 percent of sales. The company said Tuesday that its second-quarter expenses for the breach reached $148 million, or 0.2 percent of its $72.596 billion in annual revenue — "the financial equivalent of a parking ticket," wrote Forbes contributor Paula Rosenblum. "Human nature is that we have a tendency to soften things as we remember them," DeMeo said of why shoppers will return to a retailer after their information has been compromised. "People tend to forgive." Most people are also aware that doing business in an electronic world is inherently risky, he added. Some, like Urban Outfitters' information security chief, think disclosing a data breach is overrated and could expose vulnerabilities. But 47 states require it. What retailers can take away from the report, DeMeo said, is that transparency and taking action to minimize the risk of future breaches are the keys to winning back consumers. That means going directly to customers, explaining what happened and what you plan to do to mediate the damage and reminding them that you value their privacy as much as they do, DeMeo said. "If you do that, shoppers are much more forgiving than if they're finding out after the fact or getting bits and pieces from mainstream media," he said.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Can consumers forgive a security breach? Audrey McNeil (Aug 14)