Consumers are wary of the increased frequency of cyber-attacks against retailers, such as the recent breach at Eddie Bauer, and many are ready to walk away from their favorite retailers if a breach occurs. According to the 2016 Consumer Loss Barometer, the audit, tax and advisory firm KPMG found that 19 percent of 448 consumers surveyed said they would stop shopping at a retailer that had been a victim of a cybersecurity hack, even if the company took the necessary steps to remediate the issue.

In addition to those who would abandon the retailer entirely, 33 percent of the consumers indicated that fears of further exposure of their personal information would prevent them from shopping at a breached retailer for at least three months. When asked which factors most likely contribute to a customer not returning – or delaying a return – to the store, consumers surveyed cited a lack of a solid plan to prevent further attacks as a top factor.

KPMG also conducted a survey of 100 retail senior cybersecurity executives. Despite consumer concerns, the survey suggested that the issue is not as top of mind with retail executives as it should be. 55 percent said that they haven’t invested capital funds in cybersecurity protection in the past 12 months – placing the industry third out of the four industries featured in the report. Additionally, 42 percent state that their company does not have a leader who is responsible for information security – again placing the industry third out of the four industries in the report.

“Make no mistake, there is a lot at stake here for retailers,” said KPMG National Line of Business Leader for Consumer Markets and Global and U.S. Sector Leader for Retail Mark Larson. “Consumers are clearly demanding that their information be protected and they’re going to let their wallets do the talking. Retailers that don’t make cyber security a strategic imperative are taking a big gamble.”

To view the full 2016 Consumer Loss Barometer report, visit

“Quite frankly, many retailers are not doing enough to protect their businesses from cyber-attacks or react to them when they occur, and the effects of their inaction will end up harming them in the long run,” said Tony Buffomante, principal and retail cyber security leader for KPMG. “If retailers pay more attention to the issue of cybersecurity and are more transparent with their customers on their awareness, it could serve as a key business differentiator.”

The Consumer Loss Barometer details how consumers of internet-enabled services would react in the event of a hack against key consumer industries. The consumer data was then matched up to the reactions of the cyber security executives across those identified industries on how each is preparing for cyber-attacks.

Other Key Findings:

  • More than half (52 percent) of the consumers surveyed said they are not comfortable with shopper personalization, citing a reluctance to have personal shopping habits and information be collected.
  • 40 percent of consumers would not feel comfortable using a mobile pay app that had recently been hacked.