The Zappos breach is generating a lot of conversation among people who have no interest whatsoever in overall cybersecurity. When places like Lockheed Martin or RSA suffer a breach, the average person doesn’t think twice about it. They may not even know the breach happened unless it is headlined on a news site, and even then, what are the chances they’ll even read the piece? But it is a whole different matter when you get a letter saying that your own information may have been compromised. People take notice. They chat about it. They worry about it. One friend came out and said that a breach like this is why she avoids shopping online; she can’t trust it.
For the business world, I think one lesson of the Zappos breach comes from the reactions of the company and the customers. No doubt about it, a breach will cause some damage to the company brand. How much damage will depend on the company action. (I’m not sure that Sony has totally regained the trust of its customer base. I personally know more than a few people who canceled their accounts and walked away, not because of the breach but because of the way Sony handled it.)