We all know that data breaches can cost hundreds of thousands of dollars to remediate—but then there are those intangible costs too, such as brand damage. The effects of the bad publicity can be far-ranging: A study commissioned by Centrify found that 66% of adults in the US are at least somewhat likely to stop doing business with a company that has suffered a cyber-breach.
That number is even higher in the UK, where 75% said they are somewhat likely to stop doing business after a hack. And a fifth (21%) of US consumers say they are very likely to stop transacting with a business that has been hacked. The people most likely to take their business elsewhere include those who have had their personal information compromised in a hack, those who are tech savvy and those who are frequent online shoppers.
“The study clearly points to the need for organizations to dramatically bolster their security systems and do everything in their power to protect consumer information and prevent a breach,” said Tom Kemp, CEO of Centrify. “When companies put customer data at risk they are really putting their entire business at risk. Consumers simply will not tolerate doing business with hacked organizations. It’s time for organizations to take full responsibility for their security and put the proper measures in place once and for all.”
To some degree, most adults accept hacking as inevitable. About three-quarters say it is probably or definitely normal and expected for businesses and large organizations to be hacked. However, relatively few say this is definitely normal (21% in the US, 13% in the UK, 16% in Germany).
As a result, it’s critical that organizations implement technologies such as single sign-on and privileged account security, including session monitoring. Companies should also require multi-factor authentication for access to sensitive data, as mandated by the recently updated Payment Card Industry Data Security Standard. Those that fail to provide safeguards will pay the price: Most consumers believe that the burden of responsibility for hacks rests almost entirely on the businesses.
About two-thirds in each country rated corporations as a nine or 10 on a 10-point scale in terms of how responsible they should be for preventing hacks and securing the personal information of their customers.
What’s more, many adults are extremely likely to hold corporations fully accountable, with significant percentages saying that corporations are not taking enough responsibility when they do get hacked (41% in the US, 50% in the UK, 38% in Germany).
Financial institutions have the best reputation when it comes to dealing with hacks relative to other industries. They received the most number one, two or three rankings among seven different industries in terms of how well they handle security issues for their customers. Medical and health organizations were a clear second place (in being ranked first, second or third) of the seven industries, despite high-profile comprises on Anthem and the like; followed by government. However, there is less faith in retail businesses, which ranked fourth of seven in each country, and travel sites, which ranked fifth of seven in each country. Bringing up the rear were membership and hospitality businesses, which received the lowest rankings by a wide margin.
The good news is that, when companies are hacked, they are not engaging in cover-ups or trying to sweep the incident under the rug. Instead, they are increasingly going public with the news and notifying their customers directly. The study found that in terms of businesses proactively dealing with breaches, about half the respondents in the US, one-third in the UK and one-quarter in Germany were notified of a hack. In each of those groups, between 45% and 53% say they learned from the company that their personal information was compromised.
Also, about 61% of US consumers were advised by the hacked organization to carefully monitor all bank account transactions and 59% were asked to change their passwords. By contrast, just 33% of respondents said they were advised to request alerts, and less than a third of respondents were advised to consider a security freeze or use multi-factor authentication.
Photo © Sam72