The latest read on consumer sentiment from KPMG reveals the chilling effect that digital security breaches are having on shopper loyalty as 19 percent of respondents said “they would stop shopping at a retailer that had been a victim of a cybersecurity hack, even if the company took the necessary steps to remediate the issue.”
This sentiment surfaces as cyber attacks continue to impact the industry: this past week, Eddie Bauer said its point of sale system was breached in a cyber attack. The 2016 KPMG Consumer Loss Barometer noted that 89 percent of retailers have experienced a security breach in the past two years.
The researchers said that a higher level of cybersecurity “can be used as a key brand differentiator to secure consumer loyalty.”
“However, most companies aren’t as transparent or proactive with their end users when it comes to cyber protections,” the company said. “Even worse, most companies aren’t seeing the detrimental effects that can happen in the event of a hack.”
KPMG said 55 percent of retailers “haven’t invested in information security in the past year” while 42 percent of retailers do not have a dedicated executive in charge of information security.
The erosion of consumer loyalty also extends over time. “In addition to those who would abandon the retailer entirely, 33 percent of the consumers indicated that fears of further exposure of their personal information would prevent them from shopping at a breached retailer for at least three months,” the authors of the report said.
And when asked about the factors “most likely contribute to a customer not returning — or delaying a return — to the store, consumers surveyed cited a lack of a solid plan to prevent further attacks as a top factor.”
Mark Larson, KPMG’s national line of business leader for consumer markets and global and U.S. sector leader for retail, said “there is a lot at stake here for retailers.”
“Consumers are clearly demanding that their information be protected and they’re going to let their wallets do the talking,” Larson said. “Retailers that don’t make cybersecurity a strategic imperative are taking a big gamble.”
More than 440 consumers were polled in the survey. The company also included a survey of cybersecurity executives from 100 retailers.
The survey revealed that 55 percent of the retailers polled said “they haven’t invested capital funds in cybersecurity protection in the past 12 months — placing the industry third out of the four industries featured in the report.”
Tony Buffomante, principal and retail cybersecurity leader for KPMG, said many retailers “are not doing enough to protect their businesses from cyber attacks or react to them when they occur, and the effects of their inaction will end up harming them in the long run.”
“If retailers pay more attention to the issue of cybersecurity and are more transparent with their customers on their awareness, it could serve as a key business differentiator,” he added.