Suffering a breach is scary. The loss of crucial data and records can deal a crippling blow for any organization forced into extended downtime. But the worst part of a breach may not be the attack itself; the repercussions of this attack can have much further reaching effects.

We’ve speculated about this effect in the past, but a new study by Carnegie Mellon University (reported on by The Register) confirms our suspicions: suffering a breach can cost you customers.

Lack of Information

Studies connecting consumer loyalty to breaches or fraud have been hard to come by in recent years, making this study especially noteworthy. Generally, we know that stock prices of organizations – especially financial institutions – take a hit after suffering breaches, as noted in the study. However, these stocks also tend to rebound after these short dives.

Furthermore, there is a general assumption that stricter regulations in industries like finance will lead to organizations being forced to protect their customers’ information, but once again, there is still little data on how this actually effects consumers’ behavior. The trend has been to rely on anecdotal evidence. As this new study notes, “both policy makers and firms make certain assumptions about user behavior when designing policies or firm specific strategies.”

So the key question remains – how likely are customers to make organizations pay by taking their business elsewhere?


This study took a look at 500,000 customer reports culled over a five-year period from an unnamed US bank. Close to 20,000 of these customers encountered “unauthorized fraudulent transactions on their account,” which were then reported to the bank. Generally the bank ended up compensating most customers for their losses, but a loss in trust was noticeable.

The study notes that, “these adverse events cause users to terminate the relationship with the bank. In particular, a user is three percentage points more likely to terminate the relationship with the bank within six months of such an event. We also find that users are more likely to churn when they have higher tenure or lower age groups.”

The breaking point for most customer to leave and find a new bank seems to a $500 loss and upwards, with most average losses settling in at around $125.

Still Unknown Costs

The study concludes by noting that, “it is clear that these frauds carry both direct and indirect costs to banks, in particular. The banks incur a direct cost of identifying frauds, investing in customer service, and in compensating users. On top, there is an indirect cost of potentially losing the customers.”

Though 1 to 3% of customers leaving may not seem devastating at first glance, imagine you didn’t take proper security precautions, became a more frequent target for cyber attackers, and suffered losses like this regularly. It would add up quickly, and when combined with a short stock loss and potential fines, could be much more harmful than even previously thought.

Consumers don’t forget about fraud in any industry. If you’re breached once, it’ll forever be in the back of their mind that it happened and can happen again. Taking appropriate precautions like having your cybersecurity profile analyzed and tested regularly is a must in today’s environment. Consumers need to have the confidence that you take these threats seriously. A true dedication to security will help you in the long-run, should you ever suffer an attack.