From Privacy to Trust and ROI
As we embark on a new decade, data privacy has become top-of-mind for business executives and consumers worldwide. Data breaches frequently expose the personal data of millions, and many companies have not done enough to protect themselves from intentional or unintentional misuse. While it is often hard to reach agreement on new legislation, one issue that governments around the world seem to agree on is the need to help protect the personal data of their constituents. The EU’s General Data Protection Regulation (GDPR) became enforceable in May 2018, and many countries, from China to Brazil, have updated or passed their own regulations. The new California Consumer Privacy Act (CCPA) became effective at the beginning of 2020, other states are following suit, and a U.S. Federal privacy law is now under consideration.
Insights from the Cisco Data Privacy Research Program
The Cisco Chief Privacy Office has provided groundbreaking research and insights to help organizations and consumers understand what they can and should do to keep data safe and maximize their investments in data privacy. Two years ago, we launched our Data Privacy Benchmark Study, which explored privacy maturity and investments across thousands of organizations worldwide. We found that two-thirds of organizations were experiencing significant sales delays due to customer’s data privacy concerns, but that privacy investment was minimizing those delays. Last year, we expanded our inquiry to explore a wide range of business benefits, including the connection between privacy investment and security benefits such as fewer and less costly breaches. In November, we released a companion study looking at the attitudes and behaviors of consumers worldwide. We identified a large group we call “Privacy Actives” – that is, consumers who care about privacy, are willing to spend time or money to protect their data, and have already switched companies or providers based on their data policies.
The 2020 Data Privacy Benchmark Study and the ROI of Privacy
Today, in observance of International Data Privacy Day, I am pleased to share our 2020 Data Privacy Benchmark Study. Drawing on data from 2800 organizations in 13 countries, we have – for the first time – calculated the ROI for privacy. In addition, we updated the privacy metrics we have been tracking over several years. The study explores the value of privacy certifications in today’s market, as follows:
- For every dollar spent on privacy, the average organization is getting $2.70 in associated benefits. We asked respondents to quantify their annual privacy investment and business benefits, and we used this to calculate their privacy ROI. Most organizations are seeing very positive returns, and over 40% are realizing at least double their investment.
- 70% of organizations say they received significant business benefits from privacy beyond compliance. This is up from 40% last year, and includes better agility and innovation, increased competitive advantage, improved attractiveness to investors, and greater customer trust.
- Higher accountability translates to increased benefits: Companies with higher accountability scores (as assessed using the Accountability Wheel of the Centre for Information Policy Leadership) experience lower breach costs, shorter sales delays, and higher financial returns.
- Eighty-two percent of organizations see privacy certifications as a motivation for purchasing: Privacy certifications such as the ISO 27701 and the EU-U.S. Privacy Shield are becoming an important purchasing factor when selecting a third-party vendor.
What does this mean for organizations?
The results of this study highlight that privacy is good for business, beyond any compliance requirements. We recommend that organizations:
- Invest in privacy beyond the legal minimum; most organizations are seeing very positive returns on their privacy spending.
- Work to obtain external privacy certifications; these have become an important factor in the buying process.
- Build in privacy accountability and maturity to achieve security benefits, reduced sales delays, and higher returns.
In future blogs, I will explore these results more fully, including some of the interesting differences in results across geographies and company size.
Follow Robert on Twitter @RobertWaitman