Consumers More Prone To Cut Ties With Breached Companies
Brand loyalty is one thing. When it comes to compromised data, though, consumers will quickly show their distaste.
New statistics suggest that consumers or investors may in fact turn tail and run when it comes to “mega” breaches, such as 2017’s calamitous Equifax incident. Previously, there have been statistical discrepancies on the matter. This is due, in part, to hopeful C-suite stances and the mostly unseen or undocumented “aftershocks” of a breach.
Yet in the wake of the Equifax breach, where 145.5 million consumer data records were exposed (including full names, social security numbers, birth dates or driver’s license digits), the company’s share value dropped a whopping 25%.
The findings fly in the face of those who may have believed consumers were fed up with mega-breaches and understood the painstaking attempts enterprises made to shore up their data. Regardless, it seems that some would rather jump ship than risk another data breach.
Last week, the company released its third quarter earnings report. Breach expenses (forensics, remediation, etc.) are estimated to have cost the company $87.5 million, accompanied by a sharp decline in overall revenue.
According to Dark Reading, Equifax boasted large increases in each previous 2017 quarter. This includes a 25% increase between quarters to start the year, which was up 50% from its position the previous year. The company saw an 8% gain in the second quarter and a 26% improvement from its 2016 earnings. Net income soared to $165.4 million.
Then September rolled around and the credit reporting agency made its dark announcement. Earnings sank to $96.3 million – a 42% quarterly drop in net revenue. This came in at 27% less than its 2016 position. Just as significantly, Equifax has lost over a quarter of its stock valuation.
Despite trends in brand loyalty and after-incident stabilization based on the sheer frequency of targets in the marketplace, it appears Equifax has taken an unprecedented hit – one that has certainly crippled its bottom line. Previously, when breaches occurred, a company may have been apt to recover, over time, based on its offerings to the consumer. It becomes a different story altogether when the foundation of the breached company is in information – including its security.
On the whole, the findings underscore what might be a profound shift in consumer behavior. The more alert, perhaps pessimistic consumer/investor is not only frustrated with the vulnerability born of cyber-attacks, but also prepared to take business elsewhere. That destination: a locale perceived to be safer with its data security protocols.
As more and more people grow disenchanted with the breaches, enterprise professionals must be cognizant of the seismic shift – if only to prompt more comprehensive security measures.
In a startling finding from a November Gallup poll, Americans cited cyber-crime (e.g., hackers stealing their personally identifiable information (PII)) as the most active threat when it comes to crime. In the poll, hacking anxiety placed ahead of car theft and becoming a victim of terrorism – by quite a large margin, too (67% to 38% and 30%, respectively).
Earlier this year, Ponemon Institute found that of 113 companies studied, there was an average 5% decline in stock value after the dreaded breach announcement. One-third of consumers reported abandoning companies following the breach.
In assessing this situation, Lisa Tuttle, CISO of the SPX Corporation, told CSHub, "Where consumer impact is inconvenient but not particularly harmful (e.g., a credit card breach where the card is replaced and fraudulent costs are removed), consumers seem willing to continue doing business. In fact, those breaches seem commonplace."
She continued, "In the case of Equifax, there is definitely negative brand impact and greater risk of consumer harm, but recourse is somewhat constrained because consumers didn’t directly choose to do business with them."
In analyzing where this consumer effect is, perhaps, felt the strongest, Tuttle said, "Equifax is in a unique position in that credit reporting agencies are established organizations, where consumers don’t really get to choose whether their personal information is processed. Industries where consumers have true choice options (like insurance companies) would feel more significant breach impact."
For IT professionals in general, perhaps there must be further recognition about the scope of an attack – not just the immediate steps of remediation, but also in more immeasurable ends like reputation. For the enterprise professional, it appears to be double duty: both best practices in securing networks, databases and data in general, along with grasping the severity of a breach with regard to customer response.
Further, what the current landscape may be demanding is collaboration between those charged with marketing within a company and the IT branch, so that security professionals know the immediate dangers of customer behavior in the wake of a breach. Likewise, CISOs and other security-minded pros must make it known that in the digital age, network security has to steer a great number of internal discussions.