Experts have been saying for years that the influx of online malware attacks and related identity theft would eventually have a negative impact on consumers' willingness to shop over the Web, but a new research report issued by Javelin Strategy & Research has actually put some numbers behind the theory.
In fact, according to the Javelin survey of U.S. consumers, e-commerce vendors may have lost as much as $21 billion in online sales during 2008 based primarily on information security concerns. The company interviewed roughly 2,000 people over the phone and online during Dec. 2008 to reach its conclusions.
Unsurprisingly, those individuals who had already been victimized by identity thieves or other cyber-criminals were among the most likely to have abandoned e-commerce sites, with 12 percent of those respondents indicating that they no longer shop online at all, and another 25 percent telling Javelin that they have at least cut back on their purchases. Some 19 percent of the affected respondents said that they spend less money when shopping as a result of their experiences.
Of all those surveyed, 40 percent replied that they will only shop at major brand sites, such as Amazon.com, based on fears of ID theft.
Despite the negative findings, which also included the fact that some 45 percent of e-shoppers were dissatisfied with some element of the online buying experience, the report also concludes that e-commerce companies can incent buyers to view their services more positively if they can assure that personal information is processed safely (83 percent) and offer enhanced security measures (80 percent). Another concept popular with shoppers was the willingness of sites to offer zero liability against ID theft for their customers (81 percent).
Part of the problem for some sites is merely telling their (potential) customers about their existing security programs, analysts behind the report said.
"Online retailers are leaving business on the table by not communicating their security and customer service policies clearly to consumers which is something that no business can afford to do in today's economy," James Van Dyke, president of Javelin Strategy & Research, said in a statement. "To recapture these missed revenue opportunities, merchants need to reassure consumers that their information is being processed securely and that they have recourse should they become the victim of identity theft. These survey results show that simply by making security and privacy policies more visible on their sites, merchants can begin to win back the trust of wary online shoppers."
Another major issue of negative perception is related to consumers' assumptions that many sites will sell their personal data to marketers. Of those surveyed, Javelin found that 39 percent of respondents believed that online stores will sell their information openly, while 50 percent estimated that they will receive more junk mail and spam if they shop online.
E-commerce firms would do themselves a favor by more prominently touting their existing data privacy policies, the report concludes.
It's likely hard to quantify how much business was lost overall for retailers that also maintain brick-and-mortar operations, as shoppers may here merely decided to head to the check-out counter instead of the URL. However, the results have to be scary for just about any company trying to market its wares to consumers over the Web, especially those who do not have physical storefronts to fall back on.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.