In general, security vendors love consumer surveys where consumers say that they would never, ever, ever do business with a retailer or a bank with poor security practices. But consumers have historically been terrible predictors of their own behavior, and they also tend to tell retailers and banks what they want to hear, rather than the truth.
And the truth, based on the public financial filings of plenty of companies that have suffered public data breaches, is that consumers — partially thanks to zero liability programs from the payment card companies — tend to not change retailers or banks when such data breaches happen. Why? Quite a few reasons. First, zero liability sees to it that they don’t lose any money (it actually limits losses to $50, but almost no business enforces that, and they tend to simply eat all of the consumer losses). If consumers lost large amounts of money from breached retailers or banks, yes, they’d flee, but that doesn’t happen.
Then you have the reality that consumers often don’t read about these breaches and, even if they do, they tend to not care. If a store is offering a product or service that they want and the price is good, they are not going to abandon that retailer because of a data breach nine months ago that didn’t end up impacting the consumer. As for the consumer lying to a survey, that’s simply a case of sending the message they want to send. Those consumers want the retailers/banks to protect their money, so they’ll gleefully check off the box that says “I’ll abandon a retailer that doesn’t have great security” because, well, why not? It doesn’t obligate them to do anything. more