Data Breaches Lead to Drop in Sales

Consumers avoid doing business with an organization that has suffered a data breach at an alarming rate, according to a new study.

Financial and banking institutions, healthcare providers and retailers stand to have significantly increased expenses and lose up to one-third of its customer or patient base after a data breach, says the study, which was conducted by Javelin Strategy & Research and commissioned by sensitive data management solution provider, Identity Finder.
It found that 33 percent of consumers will shop elsewhere if their retailer of choice is breached, 30 percent of patients will find new healthcare provider if hospital or doctor’s office is breached and 24 percent of consumers will switch bank or credit card provider if the institution is breached.

“A significant proportion of affected consumers discontinue or reduce their patronage post-breach,” said Al Pascual, Senior Analyst of Security, Risk and Fraud at Javelin Strategy & Research. “That’s real money lost in customer churn and reduced sales, and certainly demonstrates how the reputation of the organization hits the bottom line. It’s noteworthy that about a third of people will go as far as to find a new doctor, if their provider is breached, as we all know healthcare services can be a big hassle to change.”

US retailer Target recently quantified the reputational damage and sales impact of their recent data breach and stated it resulted in significantly reduced revenue following the announcement on December 19, 2013. However, the fiscal impacts expanded well beyond sales. Target saw stock prices drop and estimates $61 million (£36.3 million) in expenses to investigate the breach, offer credit-monitoring services, increase call centre staffing and procure legal services.

After a breach, not only will revenue go down, but also expenses will go up, the study claims, pointing to data which supports a significant increase in post-breach expenses such as compliance, legal, and victim reparation costs. The research finds identity protection services alone are a common cost to each industry, with 54 percent of healthcare providers offering victims protection, 40 percent of financial and banking institutions offering victims protection and 30 percent of retailers offering victims protection.

“Businesses are experiencing pressure to protect sensitive data not only from industry and government regulators, but also customers and shareholders. Consumer behaviour indicates that data breaches impact both expenses and revenue,” said Todd Feinman, CEO at Identity Finder.

“Organizations must be more proactive in preventing a breach by understanding where a data leak can originate. By discovering and managing sensitive information at its source and not at the perimeter or after the fact, businesses can identify risk, change employee behaviour, and justify where to spend security dollars.”