Analyst: Hidden costs in security breaches

Companies that cull consumer information are missing the mark in understanding customers' concerns, Forrester analyst says.

Dawn Kawamoto Former Staff writer, CNET News
Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.
Dawn Kawamoto
2 min read
As consumers lose confidence in the security of online transactions, companies are missing the mark in understanding how customers' concerns will come back to haunt them, a Forrester Research analyst said Tuesday.

Businesses often fail to realize that security breaches to their Web sites, disclosure of sensitive customer information or identity theft can result in secondary costs such as spikes in customer support calls and additional marketing costs to repair damaged reputations, Jonathan Penn, a Forrester security analyst, said at a presentation in San Mateo, Calif. The event was sponsored by online-enterprise risk management company Watchfire.

The past few weeks alone have seen two high-profile cases of data leaks: one at Bank of America and another at ChoicePoint.

Events such as these are causing consumers to alter their online behavior, Penn asserted.

In a Forrester survey of U.S. households last year, 92 percent of consumers said they were reluctant to share personal information online because the risks outweighed the benefits, Penn said.

The majority of those surveyed--61 percent--curbed their willingness to disclose credit card information online. And 50 percent said they mistrusted financial institutions for fear they would misuse their personal information.

But despite those concerns, only 36 percent of those queried said they were scaling back online purchases of goods and services.

Banks and financial institutions that want to push customers online are especially feeling the effects of these customer concerns, Penn said.

Forty-six percent of those surveyed who indicated they were no longer opening e-mails that appeared to come from their banks fell into the baby boomer or senior category--two groups with the most disposable income.

"This is affecting the banks' bigger customers," Penn said.

Companies across all sectors, he said, need to regain customer confidence through such means as assuring customers that firms are attempting to verify their identities--or those of anyone claiming to be them--and demonstrating that efforts are made to verify that transactions have been appropriately authorized.

Hacker attacks, identity theft and other online security breaches affect the trust of consumers whether they have been online for one year or five, Penn said.

"This makes this a multitrillion dollar problem."