At Toorcon Seattle yesterday, I presented “Security Breaches are Good for You (like a root canal).” It’s similar to “Security Breaches Are Good for you” (my shmoocon talk) but added a number of points about people agreeing, but not wanting to change. “Psychology & Security & Breaches (Oh My!?)” and “When Do Customers Flee.” I also talked about TJX being well publicized as the largest breach out there, and their increased profits.
One of the questions that someone asked was “Why don’t customers flee?” I offered up several reasons for this:
- Customers view these things as mistakes, and are willing to accept a single mistake. (I covered this in “When do customers flee?”
- People don’t have the opportunity to leave because they no longer have a relationship with the entity who made a mistake. For example, the USC admissions breach covered eight years of applicants.
- My final reason was that many breaches are by government agencies, and even regime change is unlikely to curb the state’s enthusiasm for identifiers. For example, Massachusett’s mandatory health care apparently requires a company that prints the SSN on your health card.
Frank Heidt of Leviathan offered up a fourth reason, which is the “Jack in the Box” effect. After an e. coli incident killed four customers, sales apparently went up, as people expected that they’d clean up their act.
Another questioner challenged the idea that people had heard about TJX, or associated it with TJ Max. I think the later is more likely, since the incident got major play on TV and in newspapers.
Toorcon, incidentally, was loads of fun, and props for the best badge presentation I’ve seen. (Photo by Mattdork.) The badges were in the form of a Willy Wonka candy bar, and were wrapped in a golden ticket to get you into ToorCon.Seattle 09.