Do Data Breaches Really Matter for Retailers?

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.investopedia.com/articles/markets/063015/do-data-breaches-really-matter-retailers.asp

Fifteen-percent of consumers stopped shopping at a retailer that had
suffered from a data breach, according to a CNBC poll. This is an important
number because, in theory, it has the potential to lead to declining
revenue. The percentage of people who claimed to stop shopping at a
specific retailer is even higher (25%) when the consumer was an actual
victim.

Payment methods are also a factor because people who pay with cash tend to
spend 10-20% less. This is likely because they can see the money leaving
their possession and it’s immediate. With a debit card or credit card, a
consumer doesn’t feel as though he or she is suffering an immediate loss of
funds, and with a credit card, there cost isn’t realized until a later
date. (For more, see: Cybercrime the Newest National Threat.)

According to the study, 25% of consumers changed their payment method at a
specific retailer after learning about a data breach. If that consumer was
a victim of the data breach, that percentage is much higher at 50%, with
60% of that group opting to use cash.

The study concluded that while data breaches might not matter to stock
prices, they do matter to consumers, which can then impact revenue.
However, that doesn’t seem to be the case over the long haul. There are two
potential reasons for this explanation, with evidence provided below. One,
the study sampling was too small (1,060 consumers). Two, consumers were
upset about the data breach and exaggerated their survey responses. (For
more, see: Most Costly Computer Hacks of All Time.)

Big Data Breaches

The first big data breach took place back in 2007 with The TJX Companies,
Inc. (TJX). This company is best known for Marshalls, T.J. Maxx and
HomeGoods, which are off-price retailers (they offer 20%-60% off
traditional retailer and discount store prices). In an economic environment
featuring a hesitant consumer (excluding the high-end consumer), this is a
perfect match. The stock has been on fire since 2007, and it has
appreciated over 30% over the past 12 months as of June 29, 2015. It also
has a 1.30% dividend yield. The debt-to-equity ratio is low at 0.38, and
there is only a 0.80% short position on the stock. Nobody is thinking about
the TJX Companies data breach. (For more, see:Top 6 Most Profitable
Clothing Retailers.)

Next up is Target Corp. (TGT). Target has had some challenges in recent
years. On top of its well-publicized 2013 data breach, it had to close up
shop north of the border, which cost the company approximately $5 billion.
Fortunately for Target, CVS Health Corporation (CVS) is acquiring its
in-store pharmacies for $1.9 billion. And while Target reported a loss last
year, its revenue still increased. The stock has also appreciated by 45.74%
and yields 2.70%. Additionally, Target’s debt-to-equity ratio is
respectable at 0.90. Overall, everything appears to be copacetic.

Let’s not forget about The Home Depot, Inc. (HD) which suffered a data
breach last year. However, revenue and net income increased in Home Depot’s
last fiscal year, the stock has appreciated oer 42% over the past 12 months
and the stock currently yields 2.10%. Home Depot does have a debt-to-equity
ratio of 1.83, which is relatively high. However, as the 30-year fixed rate
moves higher — now at 4.14% — homebuyers are rushing to buy prior to those
rates continuing their ascent. This should lead to near-term high demand
for products related to home décor and improvement, which should be good
news for Home Depot in the near future. (For more, see: Home Depot's
Profitability: The Unvarnished Truth.)

The Bottom Line

In theory, data breaches matter for retailers. In reality, they only have a
short-term impact on the underlying business and stock price. If anything,
any stock price drops related to a data breach can lead to a buying
opportunity — assuming it’s a quality retailer like one of the three listed
above.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!