Data Breaches Incur Higher Costs And Customer Churn With Time.

At least, that is the conclusion that the Ponemon Institute has arrived at, according to various articles on-line.  Among the findings: 

  • Costs per breached record was $197 this year vs. $182 last year, an increase of 8%

  • Breaches by third parties such as consultants and outsourced contractors accounted for 40% of the data security lapses, vs. 29% and 21% in past years.  Costs per breach were higher as well, averaging $231 per record

  • Notification costs are down to $15 per customer vs. $25 in 2006

  • The churn rate for companies hit with data breaches was 2.67% vs. 2.01% in 2006

That last statistic is actually quite significant, apparently.  It’s a metric for measuring contractual customers or subscribers that leave a company.  I assume it would be a better metric for financial service companies or companies that provide encryption services like AlertBoot, than a grocery store or a retailer where the concept of a “subscription” doesn’t really make sense.  I’m sure, however, that there must be some data-mining techniques for figuring out the churn rate for those industries as well.


From a simple numerical standpoint, 66 basis points look like something you can sneeze at, hijacking an oft-used expression.  On the other hand, companies such as Wal-Mart dominate their industries due to differences that are measured in basis points (also known as 1/100th of 1%).  When you operate on volume, like the megaretailers do, the difference between 2.65% and 2.60% are astronomical; I know this because stock prices get hit like crazy due to small fluctuations in gross profit figures.  I can only imagine what a difference of 66 basis points is considered when it comes to customer retention rate.


This makes me wonder about TJX’s position that their customers don’t feel inconvenienced by the massive data breach they had announced earlier this year.  In court, they pointed to their ever-increasing revenue numbers as indirect proof that their customers had shrugged off the incident.  Otherwise, their revenue numbers would be down, right?  The thing is—and I’m not accusing TJX of any financial hanky-panky (heck, I haven’t even taken a look at their 10-Qs and 10-Ks in a while)—there are ways to affect revenue figures.


The most “celebrated” of these would be what Lucent did in its heyday before the Internet bubble popped.  Called channel?stuffing, it’s the practice of recording sales even when there’s a good chance that payment may not be received or the product may be returned.  Channel-stuffing is done strictly to inflate revenue numbers.  Another company that was engaged in such practices was Sunbeam, under celebrity CEO Al “Chainsaw” Dunlap, and it ultimately resulted in their filing Chapter 11.  However, there are other ways that revenue numbers can go up without resorting to questionable accounting practices.  If the prices go up across the board due to inflation, revenue numbers must go up as well, naturally.  Or if people start purchasing big-ticket items.  Or if less people start buying more from their stores—which can happen if you hate the store but the competition decided to pull out of your market.  Where else are you going to shop?  So, in more ways that one, TJX was lucky: Either their customers are really forgiving or fortune decided to smile upon them.


It’s not rocket science that breaches in customer data will leave a terrible impression on one’s clientele, and depending on the level of egregiousness, a significant number of those customers will leave.  Companies would be better served by ensuring the security of their customer data than hoping that they’ll also be visited by Lady Fortuna.  I wonder what TJX’s metrics showed in terms of customer churn?

Comments (0)

Let us know what you think