Feeds

Consumers punish firms over data security breaches

Leaked data leads to lost business

Internet Security Threat Report 2014

Consumer data security breaches are leading to customer revolt and an average cost per incident of $14m, according to a brace of surveys out this week.

One in five US consumers quizzed by Ponemon Institute said they immediately terminated their accounts with vendors that lost their information. An additional 40 per cent polled by the organisation's National Survey on Data Security Breach Notification considered taking their business elsewhere after receiving notifications of information mishandling. The survey polled 9,000 consumers, 12 per cent of whom had received notices of information security breaches.

A parallel study conducted by Ponemon estimates an average cost of $14m per security breach incident, with costs ranging as high as $50m. The survey, Lost Customer Information: What Does a Data Breach Cost Companies?, is among the first to look at data from actual cases of lost customer data. Covering 14 separate incidents, the research encompasses 1.4m compromised data records and an estimated total of $200m in resulting losses. Total cost estimates include the actual cost of internal investigations, outside legal defense fees, notification and call center costs, PR and investor relations efforts, discounted services offered, lost employee productivity, and the effect of lost customers.

Both studies show customers are punishing companies that lose their confidential and private information. However the second corporate study suggests a lower number of consumers take their business elsewhere following consumer data security breaches. This study suggests an average loss of 2.5 per cent of all customers, ranging as high as 11 per cent, as compared to 20 per cent defection after security screw-ups suggested by the consumer survey.

Corporations no longer have the option of hoping that US customers will not find out about mishandled information. Currently, 21 US states have laws requiring that customers or employees be notified when protected personal information has been breached. A series of high-profile consumer data security breaches involving US firms including data mining firm ChoicePoint, payment processing firm CardSystems Solutions and others have pushed the issue up the political agenda.

Security firms such as PGP Corporation are cited by Ponemon as emphasising the need for wider use of encryption technologies in safeguarding customer data. Ponemon's studies can be downloaded from PGP's website here (registration required). ®

Internet Security Threat Report 2014

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
BlackEnergy crimeware coursing through US control systems
US CERT says three flavours of control kit are under attack
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.