One of the concerns I’ve repeatedly expressed about surveys about churn and reactions to breaches is that they tend to ask people what they think consumers do, and not what they actually have done. Now we have a bit more actual data on churn from a new report based on interviews with over 750 Internet users:
A global study of consumer attitudes towards company stewardship of personal data conducted by the Economist Intelligence Unit shows that data breaches can cause major damage to the business of the companies affected.
More than 32% of respondents in the study said they “strongly agreed” with the statement that, in the event of a data breach, they would cease to do business with the organization concerned.
When they were asked whether they had personally suffered a data breach in the past two years, 23% of respondents said they had. Describing how they had reacted to a breach, 38% said they no longer did business with the organization concerned “because of the data breach.”
Read more on Help Net Security.
So 38% of respondents who had experienced a breach stopped doing business with the organization? That’s a pretty significant percentage, although it’s not as high as what another survey found for patients who had experienced a breach involving their medical records. In that survey, which had a number of limitations, 60% of those whose medical records had been compromised reported that they no longer sought care from that medical provider because of the breach.
So concerns about churn may be valid, but it’s apparently not enough to really get some entities to really invest in adequate data protection and privacy controls. Or maybe entities just don’t realize how high the churn rates can be.