Personal Data Breach: Consumer Churn Rate Directly Tied To Infosec Events Is Significant.

A global study has revealed that personal data breaches lead to sizable numbers of customers to turn their back on companies.  This might not be news, but perhaps the figures are: 23% of the respondents affirmatively answered that they have stopped doing business companies that failed to properly safeguard their data.  All the more reason why a company should up the security ante by using some kind of data protection solution like AlertBoot (especially in this age of BYOD).

We Will vs. We Have

News of this study comes courtesy of  As the author at the site noted, there is a tremendous difference between what people claim they will do vs. what they actually end up doing.  To account for this discrepancy, the authors of a study by the Economist Intelligence Unit asked the following (my own paraphrase):

  • Would you stop doing business with an organization that breached your data?
  • Have you actually suffered from a data breach, and if so, did you stop doing business with the company that experienced the data breach?

To the former, 32% of the respondents answered in the affirmative.  To the latter, 38% answered in the affirmative.

This is a very curious outcome.  Generally speaking, the latter tends to be lower than the former.  That is, there are always more people that say they will do something, in contrast to those who actually do something.  Hark back to New Year resolutions, for example: you’ll always have more people who promise to lose weight, or to read more, or to procrastinate less; how many keep that promise, though?

What does this unexpected finding mean?  Off the top of my head, it seems to indicate that it’s only after they’ve become victims of a data breach that people realize the severity of the situation.

Spillover Effect

Not only that, it turns out that there are further ramifications:

the EIU research also found that 46% of respondents that had suffered a data breach had advised friends and family to be careful of sharing data with the organization.

Many companies look to get their products to “go viral” or make it spread via word of mouth, knowing that recommendations from friends, family, and acquaintances carry more weight than any marketing campaign some guys in an office can create.

Imagine, then, the disastrous effects the above could have on a company.

Nip It in the Bud because It’s a Drop in the Bucket

An ounce of prevention is worth a pound of cure; so goes the old saying.  Nowadays, I’m under the impression that the value of the cure is much, much higher.

Consider all the things that could go wrong by not employing, say, a BYOD security solution like AlertBoot Mobile Security.  Assume that you can get the service for $100 per year, per device (it’s actually much more cost effective, but I like easy numbers to work with).

Also, assume you’ve got 100 employees who opt to bring in their smartphones and tablets to use at work.  This means you’d be spending $10,000 per year on what appears to be a bottomless pit.  After all, it’s not as if security threats are going away any time soon.  Ten large ones sound like a big number.

But what about the flipside of the coin?

  • There’s the approximate one-third of your customers that will not be doing business with you in the foreseeable future.  What does that translate to in lost revenue?
  • Your marketing will see a drop in ROI as you work harder to bring in new clients to replace the ones you’ve lost.  That’s money you didn’t need to spend if you had proper security, on an activity whose efficiency is debatable.
  • Depending on which sector your business is in (finance, healthcare, e.g.), you might have to incur the costs of an audit, internal as well as external (by the government, such as an audit by HIPAA/OCR).  These easily run into the five figures, at least.
  • Reaching out to “breachees”.  Most state and federal laws that oversee personal data laws require that first-class mail (or equivalent) be used.  If the breach involves 200,000 people and you can mail each letter for $0.25, that’s $50,000 you’re spending to shoot yourself in the foot.  That cost doesn’t include the loss of productivity as your employees are working to help you shoot yourself in the foot.
  • Why do I keep writing that “you’re shooting yourself in the foot”?  Because around 33% of the people you’re reaching out to will probably turn their backs on you, per the survey.
  • Lawsuits.  ‘Nough said.

No doubt there is more to the flipside of the coin; I’ve just run out of time to list them all.  What would all of this cost?  Depends on the size of the breach, but it could very well be in the millions of dollars.

For example, BCBS of Tennessee saw its data breach costs soar to $7 million when 220,000 patients were affected by a data breach.  By the end of the whole ordeal, they had spent nearly $10 million for contacting members affected, investigating the theft, and offering free credit protection”.

And this is before the fine that OCR levied on them for breaching HIPAA (technically, BCBS settled for $1.5 million, which is the maximum penalty that OCR can assess), or the reputational damage they took.

Or the security solutions they ended up adding into their risk prevention portfolio.

Related Articles and Sites:

Comments (0)

Let us know what you think