Online or at counter, shoppers worry about hacks

506588523MC002_20TH_ANNIVER
Getty Images

Retail hacks have consumers thinking twice about how they will shop this holiday season.

Read More As cyberthreats increase, big money chases patches

After a year of breaches, consumers don't feel safe anymore when shopping online, and some are even straying from their favorite retailers as a result, according to a recent survey.

"The number of breaches and the caliber of breaches has people very worried. But it's also the fact that many of these breaches have moved from not only being on online stores, but also into physical stores," said Gunter Ollman, the chief technology officer of NCC Group, a U.K.-based information assurance firm.

Read MoreSelling stolen card info online? That's the least of it

Sixty-two percent of consumers say they are more concerned about online security than they have ever been, and 23 percent of consumers already say they are doing less online because of their concerns, according to data from NCC Group and the International Data Group.

What's more, 64 percent of consumers said they believe they will be the victim of a breach within the next 12 months. And unfortunately, that may be the case, Ollman said.

"There will be bigger breaches going forward. If you just look at the last five years, every year there has been a bigger breach," Ollman said.

Security goes from bad to worse

In the last year alone, 20 U.S. retailers were breached, according to data from the security benchmarking firm BitSight.

And it doesn't look like things will improve dramatically next year, said Stephen Boyer, the chief technology officer of BitSight.

BitSight recently assessed the security of 300 retailers and found that 58 percent of the companies had worse security performance this year than in 2013.

"The data suggests that this could continue," Boyer said. "It's going to take some time for retailers to right this ship. If everybody had cleaned up we would see very different results. I hope that we don't see another Target-like breach this year, but when we look at the sector we see that they are actually worse off."

Although the Target breach impacted about 40 million credit and debit cards, the Home Depot breach earlier this year was even bigger, affecting some 56 million payment cards.

One reason retailers are failing to defend themselves is because they are still investing primarily in old security technology, like firewall defenses, instead of more advanced methods, such as software that uses data to predict threats, said Aleksandr Yampolskiy, the CEO and co-founder of SecurityScorecard, which is a firm that rates businesses on their level of security.

"It's going to get worse before it gets better," Yampolskiy said. "I think companies need to realize that they need to have more proactive ways to fight the bad guys and to get better at sharing information with each other."

Consumers changing

Considering things are going from bad to worse for the sector as a whole, it's likely that consumers may begin to change their behavior this holiday season.

Read MoreMost holiday shoppers undeterred by breaches

According to a recent survey conducted by the Princeton Survey Research Associates on behalf of CreditCards.com, 45 percent of respondents said they would definitely or probably avoid shopping this holiday season at a retailer that had experienced a data breach. And 48 percent said that they would likely use cash instead of their credit or debit card to make purchases.

Consumers may want to rethink avoiding retailers who have already been breached, though, as they could be safer.

According to BitSight data, 75 percent of U.S. retailers who had suffered a breach this year showed improved security performance.

"The companies who have been breached did better, which is saying something," Boyer said. "If you suffer a loss, people realize what that means and they take steps to improve. The sad part is that many of them wait for it to happen before they take action."

By CNBC's Cadie Thompson.