Customers Unforgiving of Data Breaches

Think computer data breaches won’t hurt your small business? Think again.

A new survey by HyTrust, the Mountain View, Calif. cloud security company, finds more than half of consumers will take their business elsewhere if their personal information is compromised. What’s more, 45.6% say companies involved in a breach should be considered “criminally negligent.”

“Consumers are frustrated and some are angry all these breaches continue to happen,” says Eric Chiu, president at HyTrust. “Everyday consumers are seeing retailers aren’t doing enough.”

Since the massive data breach at Target (NYSE:TGT) in late 2013, a few other big-name retailers have announced their own compromises. From Home Depot (NYSE:HD) to JPMorgan Chase (NYSE:JPM), hack attacks seem to be occurring frequently. And they hurt. Some estimates have Target’s breach costing the company $1 billion, and that doesn’t include the lost sales and hit to its market cap.

Home Depot meanwhile may have suffered the largest attack to date, with 56 million cards being compromised during a five month period. “They don’t blame the cashier at the store or the guy in IT (when breaches occur),” says Chiu. “They blame the officers of the company.”

When it comes to data breaches, consumers aren’t that willing to give companies a second chance either. The survey showed close to 50% blamed companies as soon it happened, while only 12% withheld their condemnation until it happened more than once. Of the survey respondents, 34% in the 25 to 34 age range were quick to blame the company immediately, compared to 51% of those 65 and older.

While younger consumers may give companies time to explain themselves, they are willing to go elsewhere if a breach does happen. According to the survey, 51% of respondents said they would go to another business. That number increased to 60% when consumers age 35 to 44 were asked that question.

The worst thing that can happen to a customer in a breach is their identity is stolen and fraud is committed under their name. Correcting the situation can take months if not years. Because of that, it’s not surprising that more than a third of survey respondents say the worst piece of information to be compromised is their social security numbers. What’s more, of the people making between $50,000 and $75,000, 36.5% were most concerned with their social security number being stolen compared to 22.8% making $24,000 or less.

Your business may not have the reach of a Home Depot or a Target, but that doesn’t mean you are immune from an attack. In fact, small businesses are actually viable targets. Often they don’t invest a lot in technology and the criminals know that. And while the Targets of the world may someday recover their lost business, it won’t be as easy for small business owners. Which is why you have to take security seriously.

“You may not as a small business have the ability to stand a Target or Home Depot level breach that destructs your brand,” says Chiu. “You have to make sure you are not only securing your systems” but working with vendors who take security seriously, he says.

According to Chiu, one best security practice all small business owners should embrace is making sure you control who has access to your network and what they can do on it. “The most common way people are stealing all the data is they are stealing credentials and getting on the company network,” says Chiu. “Once an outside attacker is on the network it looks like any other employee.” Chiu says if you assume the bad guy is already on the network,that can help you think of security from a different and more effective standpoint.