Survey of 2,000 consumers finds more than half ready to take their business elsewhere after a data breach
MOUNTAIN VIEW, Calif., Oct. 1, 2014 – Moving forward, every company involved in a major data breach—those actually attacked, such as retailers Home Depot, Target, Goodwill and Neiman Marcus, as well as banks, health care, insurance and Internet service providers, etc.—is going to pay an even higher price when customers’ information is compromised. In fact, each high-profile hack will take its toll on the executive suite and the bottom line alike. That’s the clear message from a new snap poll conducted by HyTrust Inc., the Cloud Security Automation Company.
- The survey reveals that more than half of all respondents, 51 percent, will take their business elsewhere after a breach that compromises personal information, including address, social security number and credit card details.
- Almost as many, 45.6 percent, say the companies involved should be considered “criminally negligent” the moment a breach occurs, with the majority also believing that all officers of a company should be held responsible.
- More than a third, 34.2 percent, believe the worst piece of information to be compromised is the social security number (SSN).
These findings are significant, as the issue of data security is all over the headlines… again. Just this month, retail giant Home Depot became the latest victim of a massive cyber assault, and we now know it’s potentially the largest retail security breach in history. The company acknowledged that a long-running, sophisticated hack with intrusions starting back in April using custom-built malware led to the theft of some 56 million credit and debit card numbers. That would mean it surpasses even the staggering losses accruing from the attack on Target late in 2013. That episode led to big changes in the executive suite; it remains to be seen what effect the newest revelations from Home Depot will have, but they are likely to be severe.
“There probably isn’t a single straw that broke the camel’s back—it’s just the sheer volume of stories about data breaches, many at companies that have developed a customer-friendly brand,” said Eric Chiu, President at HyTrust. “What this poll shows is that companies are finally, and inevitably, being held to account for their security vulnerabilities. Consumers have options, and when there are endless stories about the loss of confidential information, they’re going to other vendors. Every security breach clearly has a direct impact on operations, but there’s now clear evidence that there’s extensive brand damage as well, and the executives involved will have to pay the price.”
Each question surveyed 2,000 respondents, offering a clear view into the evolving consumer mindset regarding this complex issue. For example:
- Once is enough: Most consumers (45.6 percent) blame the companies involved the moment a data breach occurs, while only 12 percent withhold condemnation until “it happens more than once.” Additionally, this finger-pointing increases with age, with 34 percent of 25 to 34 year-olds laying immediate blame, versus 51 percent of those 65 and up. The more consumers make, however, the more forgiving they tend to be; the top answer for those making $150,000 or more shifted to “when it happens more than once.” Blame is also more vehemently focused on a breached company, understandably, when a person’s identity is stolen or misused.
- Income and gender matter: Higher earners are more concerned about their SSNs; 36.5 percent of those making $50,000 to $74,000 cite this potential theft as most serious, a number that falls to 22.8 percent among those making $24,000 or less. Meanwhile, women (17.9 percent) are twice as likely as men (9.6 percent) to worry about the loss of family photos and mementos.
- Talking with their wallets: While 51 percent of respondents overall say they will take their business elsewhere following a data breach, that number jumps to 60.2 percent among consumers in the 35 to 44 age range. That finding, which focuses on a key demographic, should give retailers and other potential targets significant cause for concern.
- Chief Security Officers (CSOs/CISOs) take note: When asked who in particular should be held “ultimately accountable” for failures in information security, 19.7 percent of respondents don’t make a distinction between executives with varying responsibilities, pointing the finger at “all officers” of a company. However, men and women aged 25 to 34 identify CSOs as most responsible, while those in the 45 to 54 age bracket go easiest on them.
- The Board gets off easy: A company’s Board of Directors is ranked as the corporate entity most “off the hook” in terms of accountability for a data breach.
HyTrust is the Cloud Security Automation company. Its virtual appliances provide the essential foundation for cloud control, visibility, data security, management and compliance. HyTrust mitigates the risk of catastrophic failure— especially in light of the concentration of risk that occurs within virtualization and cloud environments. Organizations can now confidently take full advantage of the cloud, and even broaden deployment to mission-critical applications.
The company is backed by top-tier investors VMware, Cisco, Intel, In-Q-Tel, Fortinet, Granite Ventures, Trident Capital, Epic Ventures and Vanedge Capital and its partners include VMware, VCE, Symantec, CA, McAfee, Splunk, HP Arcsight, Accuvant, RSA and Intel.