Cisco’s annual Data Privacy Benchmark Study for 2022 highlights how digital privacy has become a primary “mission critical” concern for organizations of all types and sizes, as consumers demand better treatment of personal data and nations around the world put privacy laws into action.
In addition to becoming a regular part of business practices, the report finds that the return on investment (ROI) of mature digital privacy programs continues to be high – particularly when privacy is aligned with security.
Digital privacy becomes increasingly essential for business operations
Calling digital privacy a “mission critical” item for organizations is far from an exaggeration, as the report notes: more than two-thirds of the world’s nations now have some form of data privacy law, and studies show that consumers are increasingly avoiding businesses that do not secure their personal data.
The Cisco survey, the fifth now of its kind, draws its information from over 5,300 security professionals from 27 countries (with about 4,900 of these respondents also reporting familiarity with their organization’s privacy program). Some information gathered in the prior Cisco 2021 Consumer Privacy Survey (conducted in mid-2021) is also included.
The survey notes that 90% of consumers now say they will not buy from organizations that do not protect personal data, and 91% say that they consider external privacy certifications as part of their buying process. 92% of organizations now say that digital privacy is integral to their culture.
There is also the matter of privacy laws continuing to come online around the world, with 128 of 194 countries now having some measures that require organizational compliance when doing business there. Support for digital privacy laws is strong, with 83% of respondents saying that they have had a positive impact and only 3% with a negative outlook toward them. When broken out by country, support for these laws is sometimes over 90% (particularly in the Asia Pacific region).
Another indication of the mission critical status of digital privacy is the increasing frequency with which these matters are reported to Boards of Directors. 94% of respondents report at least one privacy metric to their boards regularly, the lead item being privacy program audit findings. Some organizations are now reporting as many as 10 metrics; the average is 2.6.
And security professionals are also increasingly finding privacy training and awareness to be a mission critical aspect of their jobs. 33% named “detecting and responding to threats” as one of their top three responsibilities, but 32% also put data privacy in that group.
“Mission critical,” but also fiscally sound
Digital privacy isn’t just a “mission critical” obligation, or even a security consideration; it’s proving to be a smart investment.
Privacy budgets increased by 13% for small-to-medium organizations in 2021, with a corresponding increase in business value in six key areas: loyalty and trust, appeal of the company, operational efficiency, agility and innovation, mitigating security losses and reducing sales delays.
ROI in terms of pure financial value was down slightly for the first time in several years, but remained high overall; the dip was in part due to a decrease in privacy spend among the largest organizations and unique pandemic needs, as well as emerging data localization requirements. Roughly half of all organizations are still seeing a 1x to 2x return on privacy investments in terms of total value, however, and 14% are seeing a 3x or greater increase. The value of returns also correlates with the maturity of privacy programs, meaning that ROI should be expected to increase in the coming years.
The AI question
Consumers are concerned about the handling of their data, but they are becoming increasingly concerned about how companies use AI.
92% of organizations agree they have a responsibility to use personal data in an ethical manner, and the same number feel that they have processes in place to ensure AI meets this expectation. 46% of consumers do not agree, with serious concerns about protection of their data and 56% concerned about how businesses are using AI.
Over half of consumers say that they would trust a company less if AI was used for mental health counseling or as part of the job application process. Nearly half lose trust in companies that use it for judgments of credit worthiness or setting prices.
Matching privacy with security for the greatest benefits
Respondents said that they were seeing the highest returns on privacy investment in data security operations, and that security offices were ahead of other departments in privacy maturity. Privacy is becoming mission critical for a variety of aspects of business, but none more so than cyber security.
Cisco’s recommendations include a focus on building privacy capabilities among security and IT professionals, increasing transparency into customer data use, and focusing on developing an ethical framework for AI programs.
