Retail stores hit by cyber-criminals have to worry about consumer backlash, as customers are more likely to avoid compromised retailers, according to a study released this week by CreditCards.com.
The survey of 865 Americans by phone found that 45 percent would either "definitely" or "probably" not shop at a retailer this coming holiday, if they learned that the company had been breached by attackers. The interviews, carried out by Princeton Survey Research Associates International, also found that higher-income and college-educated respondents were less likely to punish retailers for security breaches.
Yet, while consumers worry about breaches, those concerns many not be enough to keep them away from holiday sales, Matt Schulz, senior industry analyst for CreditCard.com, told eWEEK.
"I think that generally most people will just keep doing what they are doing, and either not worry about it because they are busy and have other things to worry about, or because the message is getting out there that the actual liability you have is actually really low,"
In the past year, an increasing number of retailers have reported breaches in their point-of-sale systems. In 2013, Target acknowledged that its systems had been breached, with attackers stealing details on 40 million credit and debit cards as well as 70 million customer records containing personal information. The price tag to the retail giant has so far topped $148 million, according to its financial filings in August.
Following Target, other businesses have acknowledged their own breaches, including restaurant chain P.F. Changs, home-supply store Home Depot and upscale clothing provider Neiman Marcus. Each company has had expenses related to recovering from the breach and insuring customers against fraudulent payment-card use, generally in the form of an anti-fraud service. Details on lost sales, however, are not as clear.
The survey by CreditCards.com suggests that the impact of a breach could extend to lost revenue.
For retailers, however, it is not all bad news. The highest income earners were the least likely to punish stores for cyber-criminal breaches. Of households earning $75,000 or more, only 31 percent of respondents thought it likely that they would skip shopping at a compromised store. For households earning less than $30,000 a year, 56 percent of respondents would stop shopping at hacked stores.
"There are so many factors that go into shopping—location or habit, or even a really good sale can make people forget their data concerns," Schulz said.