The EU’s General Data Protection Regulation (GDPR) became enforceable on May 25, 2018, and privacy laws and regulations around the globe continue to evolve and expand.
Most organizations have invested, and continue to invest, in people, processes, technology, and policies to meet customer privacy requirements and avoid significant fines and other penalties. In addition, data breaches continue to expose the personal information of millions of people, and organizations are concerned about the products they buy, services they use, people they employ, and with whom they partner and do business with generally. As a result, customers are asking more questions during the buying cycle about how their data is captured, used, transferred, shared, stored, and destroyed.
In last year’s study (Cisco 2018 Privacy Maturity Benchmark Study), Cisco introduced data and insights regarding how these privacy concerns were negatively impacting the buying cycle and timelines. This year’s research updates those findings and explores the benefits associated with privacy investment. Cisco’s Data Privacy Benchmark Study utilizes data from Cisco’s Annual Cybersecurity Benchmark Study, a double-blind survey completed by more than 3200 security professionals in 18 countries and across all major industries and geographic regions.
Many of the privacy specific questions were addressed to more than 2900 respondents who were familiar with the privacy processes at their organizations. Participants were asked about their readiness for GDPR, any delays in the sales cycle due to customer data privacy concerns, losses from data breaches, and their current practices related to maximizing the value of their data.
“Privacy is such a vital ingredient to organizational success, both to protect data and foster innovation.”
John N. Stewart,
Senior Vice-President and Chief Security and Trust Officer, Cisco
The findings from this study provide strong evidence that organizations are benefitting from their privacy investments beyond compliance. Organizations that are ready for GDPR are experiencing shorter delays in their sales cycle related to customers’ data privacy concerns than those that are not ready for GDPR. GDPR-ready organizations have also experienced fewer data breaches, and when breaches have occurred, fewer records were impacted, and system downtime was shorter. As a result, the total cost of data breaches was less than what organizations not ready for GDPR experienced. Even though companies have focused their efforts on meeting privacy regulations and requirements, nearly all companies say they are receiving other business benefits from these investments beyond compliance. These privacy-related benefits are providing competitive advantages to organizations, and this study can help guide investment decisions as organizations work to mature their privacy processes.