Almost 30% of customers will turn away from cyber attack victims

Nearly 30% of customers would not shop at a store that had previously experienced a cyber attack if they had other retail options, according to KPMG’s 2014 Holiday Shopping Survey, conducted in November last year.

The survey also shows that a security breach can have a devastating impact on a retailer’s reputation.  More than a third of customers (38%) stated that they perceive the company in a negative light once it has experienced a security breach.

Bad security habits 

Online shopping continues to increase in popularity, though, despite a comparative surge of data breaches and credit card fraud, with 22% of customers saying they were planning to shop more online.  Despite this planned increase in activity, consumers are not taking the necessary measures to improve their online security.  Although 47% of online shoppers indicated that they store credit card information on retailer websites for quick and easy access to their accounts, at least 40% of online shoppers have not changed their password in the past year. Most consumers who opted not to change their passwords felt that their passwords were secure enough, while others stated that changing their passwords was too much of an inconvenience.

Regularly changing online shopping passwords and using strong passwords (read  Why four-letter obscenities as passwords don’t work) are essential principles for fostering an environment of cyber security awareness and vigilance in your organisation.


With harsher penalties for PCI non-compliance becoming more commonplace, it is critical to make your employees aware that they can put your organisation at risk by simply visiting the wrong website or clicking the wrong link in an email.

Compliance with the PCI DSS might seem onerous but it is not solely a matter of legal obligation – its requirements offer strong data security measures that will benefit your organisation.  The Verizon 2014 PCI Compliance Report found a strong correlation between non-compliance with the PCI DSS and the likelihood of suffering a data breach.

IT Governance’s extensive range of PCI DSS products and services provide a comprehensive solution for your organisation to meet its PCI DSS obligations. Whether you are a merchant or service provider, a large entity or a small enterprise looking to achieve and maintain compliance with PCI DSS, IT Governance can help.