Data privacy and protection has become mission critical for organizations on a global scale—from corporate training to business operations to interactions with customers. More than two-thirds of countries have enacted privacy laws, and customers are not buying from organizations who don't make extra effort to protect their data. As a result, privacy metrics are regularly being reported to boards of directors. Privacy skills are becoming more important due to this, especially among security professionals. Organizations are ultimately benefiting financially from their investments in privacy.
Earlier this year, Cisco released its fifth annual review of key data privacy issues for organizations. The Cisco 2022 Data Privacy Benchmark Study surveys over 4,900 cybersecurity professionals in 27 countries for an in-depth examination of data privacy's impact on businesses around the world. In this post, we will cover key findings from the survey and explore why data privacy is important to global business practices.
Organizations say data privacy is important to workplace operations
The purpose of data privacy and protection is not lost on today's business leaders. According to Cisco's survey, a vast majority of respondents (91%) consider data privacy a business imperative. The same percentage (91%) also said that external privacy certifications are a factor in their buying processes. And a whopping 92% said data privacy is integral to their workplace culture.
Most respondents (83%) also believe regional privacy laws around the world have had a positive impact. In fact, every geography in Cisco's benchmark survey had at least two-thirds of respondents view privacy regulations favorably—including 76% in France, 77% in the UK, 79% in Germany, and 87% in the US.
In benchmarking exercises, privacy professionals are particularly interested in understanding where the privacy function sits within other organizations, and where might be the best fit. Across the respondents in our survey, there did not appear to be one dominant model. Privacy was most often located in IT (37% of respondents), followed by Security (34%), Compliance (11%), Legal (9%), and Operations (8%). Fortunately, data privacy goes beyond just workplace operations and into the upper ranks of companies.
Data privacy and protection is a boardroom issue
According to Cisco’s report, 94% of organizations are reporting one or more privacy metrics to their board of directors. While some companies are reporting as many as 10 privacy metrics, most are reporting between one and three, with the overall average being 2.6.
The most reported metrics include:
- Privacy program audit findings (34%).
- Personal data breaches (33%).
- Privacy impact assessments (32%).
At present, only one-fifth of respondents (20%) report training metrics to their board of directors.
It’s encouraging to see that more boards are prioritizing data privacy and protection issues, but are they worth the investment to organizations?
Investing in data privacy and cybersecurity yields greater trust and other benefits
As data privacy becomes more integrated into organizational priorities, investments are continuing to rise annually. The average privacy budget was up 13% from $2.4 million in 2021 to $2.7 million in 2022.
The business value associated with these investments remains high. Cisco asked respondents about the potential benefits of investing in data privacy across six areas: reducing sales delays, mitigating losses from data breaches, enabling innovation, achieving operational efficiency, building trust with customers, and making their company more attractive. For each area, greater than 60% of respondents felt they were getting significant or very significant benefits—a measure that's been broadly consistent for the past two years. It's worth noting that "Loyalty and Trust" ranked the highest at 71%.
While it’s great see customer trust rank so high as a value companies investing in data privacy practices, these organizations have a lot of work to do to improve trust with their audiences.
How consumers feel about data privacy, AI, and companies handling information
Cisco’s report found that 90% of respondents—who, as a reminder, were all cybersecurity professionals—agreed that their customers would not buy from them if they did not adequately protect their data. And 92% believe they already have processes in place for responsible automated decision-making. However, another recent Cisco report on consumer privacy revealed that half of consumers (50%) feel they can't protect their data because they don't really know how it's being used.
This obviously creates a major challenge for companies in bringing better communication methods to customers who want to know how their information is utilized. Many companies are starting to use AI to handle customer information, something that seems to have split opinion by customers who encounter it every day. For some, talking with an AI bot is a more impersonal method of sharing data.
Cisco found that 84% of organizations say they have processes in place to meet customer expectations on use of AI. Regardless, more than half of consumers (56%) are still concerned about the use of AI by today's organizations. The concern is understandable, considering the recent debates about how ethical AI is in terms of its programming and storing of data.
The key takeaway
The reality is, data privacy has become important to every organization's culture and business practices. This includes their buying processes, management metrics, employee areas of responsibility, and trust with their consumer audience. When clients and colleagues put their data into a company's hands, they trust their data will be protected, including being transparent when data is stolen. To help protect data privacy, company employees must know the types of data they hold, who has access to the data, where data is held, what it is used for, and the consequences of a data privacy breach.
Investing in company-wide data privacy and protection training is a great first step to building this knowledge and trust between parties. One effective way to get this done is to gain some training for your boardroom and company employees. To learn more, sample LRN’s data privacy and protection courses for free.