In general, security vendorslove consumer surveys where consumers say that they would never, ever, ever do business with a retailer or a bank with poor security practices.
But consumers have historically been terrible predictors of their own behavior, and they also tend to tell retailers and banks what they want to hear, rather than the truth.And the truth, based on the public financial filings of plenty of companies that have suffered public data breaches, is that consumers — partially thanks to zero liability programs from the payment card companies — tend to not change retailers or banks when such data breaches happen.
Why? Quite a few reasons.
First, zero liability sees to it that they don't lose any money (it actually limits losses to $50, but almost no business enforces that, and they tend to simply eat all of the consumer losses).
If consumers lost large amounts of money from breached retailers or banks, yes, they'd flee, but that doesn't happen.