Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Main Street vs. Wall Street: Who is to Blame for Data Breaches?


Published on

Our analysis of major data breaches at US publicly traded companies offers rare insight into how consumers apportion responsibility for preventing data breaches. Key findings from the survey include:
• Ninety-four percent of consumers surveyed are concerned about retail data breaches.
• Consumers are nearly as likely to hold retailers responsible for data breaches (61 percent) as the criminals themselves (79 percent). Only 34 percent blame the banks that issue debit and credit cards.
• Seventy-five percent believe that retailers are not doing enough to prevent infiltrations into their customer data and payment systems.
• Seventy percent of respondents believe that retailers should be held financially responsible for consumer losses that result from a breach; not banks or card issuers.
• Finally – and most troubling – 34 percent of those surveyed report that they no longer shop at a specific retailer due to a past data breach issue.

  • Be the first to comment

  • Be the first to like this

Main Street vs. Wall Street: Who is to Blame for Data Breaches?

  1. 1. Main Street vs.Wall Street Who is to Blame for Data Breaches? Spring 2014 Abu Dhabi Beijing Berlin Brussels Dallas Dubai Frankfurt Hong Kong Johannesburg London Milan Munich New York Paris Rome San Francisco São Paulo Shanghai Singapore Stockholm Vienna Washington, D.C.
  2. 2. © BRUNSWICK | 2014 | 1 GrowingTrend Scale and impact of data security issues continue to rise Recent research has determined the average cost of a data breach to be $5.5 million per organization and an average of $194 per compromised record. Studies also found for the fourth straight year that organizations’ need to respond rapidly to data breaches drove the associated costs higher. Source: Open Security Foundation /; Ponemon Institute “Cost of a Breach Study”, 2011 21 44 157 644 774 1048 720 818 1072 1331 0 200 400 600 800 1000 1200 1400 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 Data Loss Incidents OverTime
  3. 3. © BRUNSWICK | 2014 | 2 High Risk, High Profile Privacy and data security issues are gaining attention worldwide
  4. 4. © BRUNSWICK | 2014 | 3 Heated Debate Retailers and Banks are going head-to-head over who is responsible “For years, banks have continued to issue fraud-prone magnetic stripe cards to U.S. customers, putting sensitive financial information at risk while simultaneously touting the security benefits of next generation 'PIN and Chip' card technology for customers in Europe and dozens of other markets.” “The NRF should focus its attention on responding to the harm that security breaches at several retailers have done to consumers and their financial institutions rather than hurling false allegations blaming the banking industry for these retail breaches. Retailers and their processors — not banks — are responsible for the systems in their stores that process payment cards.”
  5. 5. © BRUNSWICK | 2014 | 4 25% 75% Retailers are doing enough to prevent data breaches, but the rise in usage of debit cards, credit cards and online payment systems, as well as increased capabilities of online thieves, means that data breaches are just the “new normal” Retailers are not doing enough to prevent data breaches and need to take significant actions to improve the security of their payment systems Are retailers doing enough to prevent data breaches? What news events have consumers seen,read,or heard about? How concerned are consumers? 90% 83% 83% 78% 60% A data breach at some U.S. retailers that resulted in the theft of the credit card information of more than 100 million consumers Pop star Justin Bieber being arrested for DUI, drag racing, and resisting arrest Security concerns for the upcoming Sochi Winter Olympics President Obama giving the 2014 State of the Union address President Obama announcing changes to the NSA surveillance program 94% concerned about data breaches at retailers Difficult Opinion Environment Consumers are aware,concerned,and believe retailers are not doing enough to stop data breaches
  6. 6. © BRUNSWICK | 2014 | 5Source: Harris Interactive – 2013 RQ Summary Report High Marks for Industry Reputation… Retail industry is regarded as one of the most respected,banking is among the least respected Tobacco Government Banking Financial Services Airline Insurance Pharmaceutical Energy Manufacturing Automotive Telecommunications Consumer Products Retail Travel & Tourism Technology Industry Reputation Ratings NEGATIVE NEUTRAL POSITIVE
  7. 7. © BRUNSWICK | 2014 | 6 …But, Public Casts More Blame on Retailers Nearly as likely to hold retailers responsible as the criminals themselves;One-third will boycott 72% 28% Retailers Banks Who is responsible? How have consumers responded? 65% 34% 24% 23% 12% Started using cash more often Stopped shopping at certain retailers Started shopping more at online retailers Stopped using my debit or credit card Switched banks or credit card companies 79% 61% 34% 26% 18% 17% The Criminals Retailers Banks Government Shoppers Law Enforcement
  8. 8. © BRUNSWICK | 2014 | 7 Making debit and credit cards more secure 63% 37% Banks say that retailers are at fault for lacking the necessary security measures to prevent cyber-attacks from taking place, and therefore should be responsible for reissuing cards compromised in a security breach when the retailer is at fault. Retailers say that banks are at fault for issuing cards with faulty technology that leaves customers prone to security lapses, and therefore should take steps to ensure credit card security so the cards are less likely to be corrupted. 70% 30% Some say that in a situation where a systemic data breach is caused by a retailer’s payment system, the retailer should be financially responsible for these fraudulent charges, NOT the credit card issuer. Would this be fair or unfair? UnfairFair Clear Need for Effective Messaging Consumers side with the banks over shifting more financial liability to retailers 56% 44%Strengthening retail networks against hackers The best defense against future data breaches is…
  9. 9. © BRUNSWICK | 2014 | 8 1 2 3 4 5 6 Lasting Impact Brunswick analysis of post-breach valuation discovered a long-term downward trend Analysis of the average daily valuation data of 10 companies that have recently experienced large data breaches uncovered that stock prices never fully rebound two quarters after the breach. Anatomy of a Breach’s Impact onValuation Day before breach Bargain buyback Initial sell-off Long-term downward trend Months after breach announcement Levelofpre-breachvaluation Average daily closing price 100% 95% 90% 85% 80%