It’s extremely difficult for a breached company to quickly bounce back after a major security episode. For a customer to learn that his or her data has been stolen is tantamount to a breach of trust, and it’s something patrons are not bound to forget.
Survey Finds Customers Simply Stop Shopping at Breached Businesses
A SafeNet, Inc., survey illuminated the idea that a data breach can be an insurmountable obstacle for any business out there. The survey — which polled 4,500 people across the world — found that the significant majority of them (65 percent) said they’d be highly unlikely to ever again shop at an enterprise that’s suffered a credit card breach.
And why not? After all, there’s many companies in the sea. Why would any customer swipe a credit card at an organization that’s jeopardized patron data in the past?
From SafeNet’s findings, the message is clear: Customers have little to no patience for businesses that undergo an attack. That’s because what an attack invariably points to is some kind of failure in enterprise security, and patrons understandably want to do business with places where they know their data is being well guarded.
Client trust isn’t the only thing attacked organizations risk losing. There’s also the not-so-small issue of money.
Significant Fines Levied Against Breached Businesses
In addition to the price paid in customer trust, enterprises that experience a breach also face some very literal costs. This was illustrated recently with the fining of a travel agency for $255,000.
According to eSecurity Planet, the agency — Essential Travel, a subsidiary of the UK’s Think W3 Ltd. — suffered an attack that left data compromised for around 1.63 million customers. The nature of this information was highly privileged and included credit card records.
In doling out the fine, the U.K. Information Commissioner’s Office said in a statement that security should be paramount for businesses and that those that choose to overlook such an important enterprise asset will be held accountable.
“Think W3 Limited accepted liability for failing to keep their customers’ personal data secure, failing to test their security and failing to delete out-of-date information,” the Office’s head of enforcement Stephen Eckersley said in the statement. “Ignorance from data controllers is no excuse.”
Yet this recourse to ignorance is a common practice among attacked businesses, despite clearly being a weak move.
Tech giant Sony is another business that’s chosen this unfortunate path in dealing with a major breach. The company’s PlayStation Network was attacked back in 2011, but only recently has Sony agreed to shell out $15 million to those impacted. Despite the money it’s paying in fines, the company is still refusing to acknowledge that failures in its security had anything to do with the malicious intrusion.
“While we continue to deny the allegations in the class action lawsuits, most of which had been previously dismissed by the trial court, we decided to move forward with a settlement to avoid the costs associated with lengthy litigation,” the company said in a statement to Polygon.