How does a "complex breach" differ from a "sophisticated" breach?
I joked about the severity of complex versus sophisticated on the DtR podcast [link] on Monday. I even saw some friends on twitter picked up on the same theme.
Wording aside, does a premium brand like Neiman Marcus face more harm, or the potential for a greater impact, than Target (or others)?
Do breaches impact elasticity? Should they?
Elasticity is an economic measurement of how one variable, like income, pricing, supply, and demand impacts others. Elasticity is an important aspect of understanding consumer choice.
Perhaps data breach, and the harm or inconvenience associated with it, is a variable in elasticity going forward.
Each breach since TJX renews scrutiny of financial filings, stock performance, and other economic indicators to determine if or how the company was impacted. Largely, the people shopping have continued to visit those stores and spend money.
Maybe that's due to a lack of suitable substitutes.
Consumers who shopped at TJX before the recession were likely to continue to shop there during the recession and even increase their limited spend at the store. I predict the same happens in the wake of the Target breach. There just aren't a lot of substitutions consumers can easily make.
Neiman Marcus is different. It's a premium brand. To an extent, that is reflected in the smaller number of compromised accounts.
Neiman Marcus is a premium target; does that mean premium harm?
Hard to assess at this point the intention of the attacker; was Neiman Marcus attacked because of the type of processing solution they had in place, or because of the status of the brand?
Are the payment cards compromised in the Neiman Marcus breach worth more than the cards compromised in the Target breach? If so, does that suggest Neiman Marcus customers are likely to experience more inconvenience?
Are Neiman Marcus customers more lucrative targets? Now identified with the brand, are they at higher risk for identity theft?
I realize Neiman Marcus stated that no personal information in the form of Social Security Numbers, birth dates, or pins were taken. Still, it's a smaller pool of consumers that may hold more wealth.
Is it easier to substitute a premium brand?
While the harm from the Target breach is elusive, anecdotes of the inconvenience of canceling credit cards and reestablishing automatic payments are shared on Facebook and around the dinner table with colleagues. And while some have expressed their intent to avoid Target, I shopped there the other day.
What about Neiman Marcus?
If a customer experiences the aggravation of canceling a credit card to dispute fraudulent charges and attributes that to Neiman Marcus, they have many more options.
Are those inconvenienced consumers more or less likely to patronize other, competing premium retailers?
The integration of breaches into our experience
Or are data breaches, for everyone, becoming part of the fabric?
It's too soon to tell how the latest data breaches will impact consumers or the companies themselves. Risk isn’t one-size-fits-all; perhaps the harm and other impacts from breaches are not all the same either.
While analysts continue to focus on Target, the more telling indicator could be what happens to Neiman Marcus.
We don't need to wait to see how the market responds to develop and implement better and more effective protections and actions that benefit everyone.