Nearly 20 percent of consumers would permanently abandon a retailer that was the victim of a data breach, according to a recent report. In its 2016 KPMG Consumer Loss Barometer , the global business consultancy illustrated the potential costs of not protecting consumer data. In addition to the permanent loss, the report also identified an additional 33 percent who reported they would avoid the breached retailer for at least three months. A key takeaway for KPMG is the gap between consumers’ response and that of retail executives. Despite the obvious direct damage a data breach wreaks on retailers’ sales, 55 percent of retail CIOs, CTOs and CSOs said they haven’t invested capital funds in cybersecurity protection in the last 12 months.

“Quite frankly, many retailers are not doing enough to protect their businesses from cyber-attacks or react to them when they occur, and the effects of their inaction will end up harming them in the long run,” said Tony Buffomante, principal and retail cyber security leader for KPMG. “If retailers pay more attention to the issue of cybersecurity and are more transparent with their customers on their awareness, it could serve as a key business differentiator.”

For CNP merchants, the damage could be even more extreme. In addition to the erosion of sales revenue that could be caused by a data breach, cyber thieves can turn around and use the very data they are stealing to commit fraud on retail e-commerce sites.