One-Fifth of US Consumers Never Return to Breached Brands

Written by

Over a fifth (21%) of US consumers will never return to a brand that has suffered a data breach, according to new research providing a timely reminder of the need for effective cybersecurity.

Contact center payments firm PCI Pal polled 2000 US consumers to produce a State of Security report which highlights the importance of trust and privacy to the average American.

As well as those who will never return to a business post-breach, a sizeable majority (83%) claimed they would stop spending for several months after a breach or serious incident.

In addition, 45% said they spend less with brands they perceive to have insecure data practices, and over a quarter (26%) will not give a company their business if they don’t trust it with their data.

Consumers are concerned not just about online security. Over a quarter (28%) questioned how their data is recorded over the phone and over two-fifths (42%) said they’re uncomfortable sharing sensitive data like credit card details over the phone.

The findings chime somewhat with RSA Security research from earlier this year which revealed that 69% of global consumers are prepared to boycott any company they believe does not take data protection seriously.

It also found the vast majority (62%) blame the company first in the event of a data breach, rather than the hacker.

The findings should be another reminder to organizations of the importance of a strong cybersecurity posture.

PCI Pal COO, James Barham, argued the findings reveal a change in how US consumers are prioritizing security and privacy.

“Consumer-facing brands should pay attention — not just adopting stronger security practices but incorporating them into their marketing and communications strategies if they want to keep customers loyal and spending with them,” he added.

It’s a change in consumer behavior being driven to a certain extent globally by the advent of the GDPR. Although it’s an EU law, it applies to any company processing EU citizens’ data, so the advent of the first major fine for a US company will be a significant moment in awareness raising.

Just this week, Apple CEO Tim Cook argued for a GDPR-style federal data privacy law.

What’s hot on Infosecurity Magazine?