Breach boycott: would you stop doing business with a company that’s been hacked?

Consumers are angry over data breaches, a survey reports, and businesses are changing their game plans.    
 
When you hear that a company you do business with has had a data breach, how do you feel?
 
a) Cranky
b) Fit to be tied
c) Nuclear
 
You may feel: d) other emotion, but the majority of consumers fit more into the ‘angry’ category, according to a recent survey. And they may be ready to turn their anger into action.
 
Almost two-thirds of people surveyed (64%) said they are unlikely to shop or do business again with a company that has lost financial information in a breach, according to Gemalto.
 
Almost half (49%) said the same for companies that have lost personal info in a breach.
 
“I can see the consumer’s perspective when it comes to trusting a company that has had a data breach. I’ve been there myself,” said Daniel Lance, cybersecurity expert with Archer Security Group. “As a consumer, you have a primal instinct to ‘go medieval.'”
 
Angry protest
 
If ‘going medieval’ means boycotting that business, you may end up with few places to buy, sell or trade.
 
“There are two kinds of companies,” said Patrick C. Miller of Archer Security Group. “Companies that have been hacked, and companies that don’t know yet that they’ve been hacked.”
 
That may be one reason why Lance does not lose his cool in the face of a breach.
 
“As a educated person who works in the security sector, you start to follow a controlled process of checks to make sure the incident is over, or that you are done with it, and you move on,” he said.
 
How can you check? If you have received a letter saying your info was caught up in a data breach, you can follow this Federal Trade Commission chart to see your best course of action.
 
Free pass?
 
That does not mean companies are off the hook when it comes to data breaches.
 
The FTC settled this month with Wyndham Hotels and Resorts over data breaches from “lax security practices” that exposed the information of more than half a million customers and caused millions of dollars in fraudulent charges, the FTC said. 
 
The Gemalto survey showed 23% of data breach victims either have already considered—or would consider in the future—legal action against the company.
 
Will consumer anger, legal threats and potential government investigations be enough to make companies change their practices?
 
Some say punishments for breached companies need to be heavier, including fines, customer compensation, and even jail time.
 
“It needs to be cheaper to be secure than unsecured,” said Allen Campbell of Archer Security Group.
 
Grading security
 
How do you know if the company you are doing business with is protecting your info properly?
 
The survey showed only 25% of consumers believe companies take the protection and security of customer data very seriously, and only 38% of employees feel their company is taking employee data protection and security very seriously.
 
Is that a fair perception? Either way, a report indicates that companies are changing their tactics.
 
ManpowerGroup said its survey shows that businesses are planning to spend more on cybersecurity in the coming year.
 
“There are millions of cyber attacks every day with a total cost to the global economy of up to $575 billion a year,” said Mark Cahill, ManpowerGroup UK Managing Director, in a press release about the survey. “Companies are having to invest heavily to protect themselves and they now believe that cyber breaches are inevitable, with their focus moving to responding to attacks rather than just prevention.”
 
“We expect the biggest growth area next year to be in ‘cyber security crisis management’, with large organisations bolstering their own in-house security teams as well as calling on specialist contractors,” Cahill said.
 
Showing the new report card
 
Lance said companies that work hard on their security plans may need to do a better job of communicating with customers about breaches and security.
 
“There’s not much of a opportunity today to collaborate more with the victim of a breach and improve their understanding,” said Lance. “If there were, maybe we wouldn’t have so many people turning away from businesses that have had a few issues in the past and recovered.”
 

Some businesses have had success after a data incursion, said Miller.

“Several companies have actually responded very well to a breach and their stock has ultimately gone up, not down,” said Miller. ‘It’s not about if, but when a breach will happen. How fast you detect it and how well you respond will mean more to the customer (and the board of directors) than anything.”