The Cisco 2023 Data Privacy Benchmark Report reveals something of a divide between consumer and organizational perceptions of how personal data should be handled, particularly when it comes to AI. As end users express a preference for transparency, organizations are focusing first and foremost on compliance as a means of gaining customer trust. And in the realm of AI, consumers are expressing a strong desire to opt out that does not seem to be registering with organizations as of yet.
Customer trust more crucial than ever in face of deep suspicions about AI
The study indicates that there is at least a strong awareness of the importance of taking meaningful data privacy measures in earning customer trust. 95% of respondents called privacy a “business imperative” and said that it was an “integral” part of company culture, and 94% believe customers will not buy from them if they are not protecting personal data. And after trending upward since 2019, spending on privacy at least held steady in 2022 as companies saw a small increase in financial benefits from these programs.
This has also become a global phenomenon, as countries all over the world generally report rates of 70% to 90% saying that privacy programs have had a positive impact, with 10% or less reporting a negative impact; the sharpest split was in Malaysia, which was still 57/33 in favor of it. And 98% of all organizations now report at least one privacy metric to the board of directors.
There remain some disconnects on customer trust, though, none more sharp than when it comes to the use of AI. Only 43% of consumers believe AI will prove useful in improving people’s lives, and only just over half (54%) are willing to share anonymized personal data to improve AI products. 60% say they are concerned about how business will make use of AI, and 65% say that existing uses have already eroded their trust.
This clashes with general business exuberance about the possibilities of AI, and in particular the strategies organizations are employing to build consumer trust in these new tools. The top consumer desire is the ability to simply opt out of these systems. That is barely on the radar for responding organizations, which are prioritizing human involvement and transparency into how AI applications work. The closest point of agreement between the two sides is a need for an AI ethics management program, which is high up the priority list for both.
And organizations do at least indicate a general awareness that consumers are not quite as excited about AI as they are; 92% said that they need to do a better job of reassuring customers that AI solutions will only use data for intended and legitimate purposes.
Expectations not always meeting on AI, data protection priorities
Building customer trust and making privacy investments is definitely showing returns on investment for organizations; the central question now is what to prioritize. Nearly half of respondents said that privacy investments yielded a 1x to 2x ROI, but 24% said they were at 3x or above and 12% are seeing over three times the return. Nearly 75% of all respondents also said that privacy investments promoted greater customer trust, mitigated security losses, made the company more agile and innovative, improved operational efficiency and overall made the organization more attractive to customers and partners. These numbers are up sharply from just 40% of organizations reporting positive returns on privacy investment in 2018.
There is some variance in what is reported to boards, however, and the most common elements indicate more of a reactive than proactive posture. Respondents most frequently report data breaches, data protection impact assessments and incident response; this is at nearly double the rate of reports on the progress of maturity models and the value of privacy to the organization.
Aside from the AI issue, there is another notable disconnect in terms of consumer trust. When asked what is most important to them, consumers said that their priority was clear transparency into how data is being used. Organizations are most focused on compliance with privacy laws, however, with transparency taking second place.
Another issue that was not thoroughly explored from the consumer end, but that might cause some disconnect, is that respondents show an overwhelming preference (90%) for global data storage providers in terms of security. In prior studies consumers have indicated a strong preference for data localization, but some of that support drops off when it becomes clear that costs will be increased.
Cisco’s recommendations to organizations based on this data are to continue focusing privacy investments on qualified professionals needed to handle issues such as compliance and handling emerging AI tools, implement AI ethics by design, and increase efforts to promote customer trust via transparency rather than simply touting compliance with required regulations.
