Businesses investing in their privacy experience pronounced financial benefits, a new Cisco study suggests. According to the paper, entitled ‘Cisco Data Privacy Benchmark Study 2020’, businesses see an average return of 2.7 times on their original investment when they bankroll data privacy practices — confirming for the first time what had long been suspected by privacy advocates.
In essence, the research suggests that for every $1.00 a business puts toward their privacy spend, they gain $2.70 in return. This figure is even higher for firms in the United Kingdom (UK), which gain as much as $3.50 in return.
The annual study, aimed at investigating the relationship between businesses and data privacy practices, conducted a double-blind survey on more than 2,800 security professionals across a wide range of companies in 13 countries. It found that not only were financial benefits made in terms of a return on investment (ROI) for companies that invested in data privacy practices, but also that a considerable majority of companies surveyed (70%) reported “significant business benefits” from going above and beyond mere compliance when it comes to privacy.
This comes after the widespread adoption of improved data privacy practices by companies around the world ever since the General Data Protection Regulation (GDPR) came into force in May 2018.
Furthering financial benefits
With more than 40% of companies seeing the returns on their privacy spend double, according to Cisco’s study, the new insights seem to clearly suggest favorable prospects for organizations when it comes to the adoption of data privacy practices.
However, the financial benefits don’t merely end at higher returns. Companies which invest in privacy, according to Cisco, also tend to also gain a clear operational and competitive advantage over their rivals. These companies also tend to score higher in terms of their accountability rating, as gauged by the ‘Accountability Wheel’ of the Centre for Information Policy Leadership (CIPL). Higher accountability, according to CIPL, correlates with higher financial returns, shorter sales delays, and lower data breach costs.
This is because such companies tend to have “mature and accountable processes to manage, control, and curate data,” the Cisco researchers explain.
This is affirmed by the President of the CIPL, Bojana Bellamy, who points out that “it is a business imperative and competitive advantage for companies, their boards, and senior leaders to embrace accountability and transparency in how they manage personal data.”
Cisco adds that the financial benefits enjoyed by data-friendly companies don’t appear to vary much in relation to the size of the company. While a larger organization with a larger budget naturally would indeed reap a higher ROI on privacy spend; the rate of return is nonetheless consistent across companies of all sizes.
In order for businesses to improve their data privacy practices, Cisco recommended that several steps be undertaken, including acting forthrightly with regards to how data is processed and for what reasons the data is needed in the first place. Cisco also points out that businesses with external privacy certifications are at an operational and competitive advantage.
Data privacy practices and the bigger picture
In recent years, customer demands for increased data privacy protection have forced corporates to take the issue more seriously. Combined with the ongoing threat of data breaches and misuse and the weighty demands of the GDPR, this has effectively compelled organizations to become privacy-friendly in a relatively short period of time.
When taking a look at the bigger picture, it becomes clear that tighter regulations are responsible for the surge in interest in privacy and the financial benefits that this interest brought along. According to Cisco, 82% of businesses reported that privacy certifications (i.e. the ISO 27701, EU/Swiss-US Privacy Shield, and APEC Cross Border Privacy Rules) were a “buying factor” when it came to choosing vendors in their supply chain. This trend seemed to be even more pronounced in India, Brazil, and China, according to the researchers.
All things considered, data privacy practices seem to be paying off for companies in terms of financial benefits. Whether by goodwill, legislative force, financial incentive, or some combination of these; corporations around the globe are not only beginning to take privacy seriously, but they are beginning to benefit from doing so.
However, as the legislative landscape surrounding privacy continues to evolve, it seems likely that the financial benefits which organizations glean from their privacy practices will evolve too. As the researchers at Cisco suggest, the domain of research is still very much in its infancy, and there is still much to discover with regards to how corporations, governments, and consumers incentivize financial benefits in terms of data privacy practices.
“Future research will explore how these investments, benefits, and returns might change over time,” the study concludes, specifically in response to “evolving privacy regulations and customer expectations worldwide.”