As concerns about security breaches in retail again begin to mount, KPMG found that 19% of consumers would stop shopping at a retailer that had fallen victim to hackers, even if the company took the necessary steps to remediate the issue.
Another 33% of the 448 consumers KPMG surveyed said they wouldn't shop at a breached retailer for at least three months out of ongoing fear their personal data could be compromised, particularly if the retailer appeared to lack a solid plan to prevent further attacks.
Despite consumer concerns, about 55% of retail executives surveyed separately by KPMG said haven't invested capital funds in cybersecurity protection in the past 12 months, and 42% state that their company does not have a leader who is responsible for information security.
The consumer responses in the KPMG survey are in some respect perhaps less judgmental than one might expect. Although they indicate some definite concern about security breaches, they also suggest that a large percentage of consumers actually would return to shop at a retailer that had experienced a breach. One possible explanation is that consumers might be trusting retailers to have thorough and effective response to security breaches, and to make assurances that it won’t happen again.
If this is the case, they may be sorely disappointed if one of their favorite retailers is hit by a major security attack. If the survey responses of retail executives are any indication, a lot of retail executives still don't understand the extent to which security threats are lurking on their doorsteps, and how critical it is to prove they have the right protections and response strategies in place.
Are these executives being reassured by IT departments that may have a little too much confidence in their own ability to stop an attack? A Tripwire study suggested that some retailer IT departments feel that way.
However, the apparent disinterest by retail executives to invest more money in cybersecurity protection also hints at something else: Are they so busy thinking about all the new opportunities in their market — e-commerce, mobile shopping and premium shipping memberships, to name a few — that they may be misjudging the importance of security in maintaining strong customer relationships?
If that's the case, they need to take a moment to look at what's going on around them. Eddie Bauer recently became the latest retailer to disclose such an attack, but direct attacks on retailers aren't the only ones to worry about, as an attack on Oracle's Micros POS system merchant portal proved. Also, Oracle's poor response to that attack further shows that retailers more than ever need to be watching their own backs — and those of their customers.