Shopper loyalty threatened by data breaches

U.S. shoppers are likely to change their shopping habits if their favorite retailer experienced a data breach, according to a new report by Vormetric and Wakefield.

Roughly 85 percent of shoppers said they would alter where they shopped if a favored merchant had a breach.

Close to 67 percent of shoppers would take their business elsewhere if their favorite retailers exposed a checking account to theft or fraud, and 62 percent would do so if unauthorized charges appeared on their credit card. The leak of personal information would cause 57 percent to switch stores and 54 percent would do so if their credit score was damaged.

Two years have passed since Target's massive data breach, but shoppers are still keenly aware of potential threats. And retailers are still vulnerable—51 percent of retailers reported being very or extremely vulnerable to insider threats, the highest rates measured in the study.

"The revelation of a major data breach following the Black Friday weekend in 2013 was the starting point for two record years of data breaches that have followed," said Tina Stewart, VP of marketing at data security company Vormetric. "Events since then have demonstrated just how much financial and reputational havoc a data breach incident can wreak on beloved brands."

The survey's authors recommend that retailers take a proactive approach to protecting customer data, or risk permanent losses to their bottom line. Further, protecting data by meeting minimum compliance requirements is no longer sufficient to protect sensitive data. Many retail breaches occurred at organizations that were certified compliant with highly-ranked standards like PCI-DSS. With attacks changing by the hour, evolving compliance standards can't provide sufficient protection for organizations.

"The time has come for retailers—and indeed all organizations—to embrace a data-centric mindset and change their approach to how their data is protected," said Sol Cates, chief security officer at Vormetric. "With attackers now using multi-phase approaches to breach organization's perimeters and networks, a stronger focus on better securing company data where it is stored is required. Encryption and access controls are now front-line defenses for defending data at rest. With encryption becoming increasingly easier to implement, there is no excuse for not protecting your organization's sensitive data, regardless of where it resides."

For more:
-See the 2015 Vormetric Insider Threat Report

Related stories:
Eataly reports possible POS hack
Secret Service could be investigating a data breach at Sears
Target's data breach is a story with long legs
Target settles lawsuit for $39M
Target reaches $67M settlement deal with Visa