While the average total cost of a data breach may be trending downward, the average cost of $3.62 million remains a hefty price tag. Data breach cost is made up of several factors, including engaging experts, providing hotline support, offering free credit monitoring, and conducting investigations, and releasing communications. Another factor is the extrapolated value of customer loss. Let’s take a deeper look at the data around customer loss and ways to mitigate this loss.
The Data Around Customer Loss
The impact to the customer relationship after a data breach can range from loss of customer trust to loss of the customer.
Many customers might stick with a company after a loss due to an unwillingness to invest the effort to switch to a competitor, a feeling that breaches are inevitable today, or an inability to find an adequate replacement. But data does indicate that customers have a negative perception around data protection, and customer abandonment is a very real threat after a breach.
The recent Ponemon study on the cost of a data breach found that more organizations worldwide lost customers as a result of their data breaches.
A Gemalto study of over 10,000 people worldwide, Data Breaches and Customer Loyalty, found that:
– Only 27% of respondents felt that companies take the protection and security of customer data very seriously.
– If a company suffered a data breach, 70% of consumers would stop doing business with it.
In addition, industry matters when it comes to customer loss. Retail is a prime example of an industry where customers can typically find an alternative option. A Carnegie Mellon University study found that customers were more likely to leave a bank after experiencing fraudulent charges on an account. However, other industries – such as healthcare providers and insurers – may be harder to break away from after a breach due to limited choices or time-based agreements.
Mitigating Customer Loss Before and After a Breach
Businesses can do several things to help prevent customer loss after a breach:
– Show commitment from the top. Identify a senior-level leader who will be responsible for efforts to demonstrate data responsibility to customers and, in the event of a breach, take charge of customer communication. The Ponemon study found that programs that preserve customer trust and loyalty in advance of the breach will help reduce the number of lost customers.
– Be prompt after a breach. Waiting to inform customers of a breach only makes the matter worse: one need only revisit the Equifax breach to note that much of the bad publicity centered on the delay in notification. A prompt response demonstrates responsibility and concern, and may make the difference in customer retention.
– Be helpful after a breach. In addition to a prompt response after a breach, organizations can take several steps to help affected customers. Resetting passwords (or requiring customers to take this action) and offering identity protection in the aftermath of a breach can help reduce customer churn.
– Educate customers and mandate security. Educate customers on available security options – such as two-factor authentication – and consider mandating the options. The Gemalto study found that even when businesses offer robust security solutions, such as two-factor authentication, 41% of consumers admit to not using the technology to secure their accounts. Jason Hart, CTO, identity and data protection at Gemalto says:
“In the face of upcoming data regulations such as GDPR, it’s now up to businesses to ensure they are forcing security protocols on their customers to keep data secure. It’s no longer enough to offer these solutions as an option.”
Customers are bombarded with news about data breaches and, while they may be slow to move, the internet makes it easy to research and find alternatives. Finally, there’s the matter of losing a potential customer: while a current customer might be slow to abandon after a breach for the reasons stated earlier, there’s little doubt a breach will make a potential customer think twice before signing on.
This article was originally published on IT Security Central and reprinted with permission.