Cisco study claims good privacy practices bring fewer breaches, shorter downtimes, lower incident costs, and swifter sales
For most organizations, getting compliant with Europe’s General Data Protection Regulation (GDPR) is seen as a soul-withering grind with little upside. For all those poor privacy officers and risk managers, a new Cisco Systems study offers some encouragement in the form of a link between good privacy practice and business benefits like shorter sales delays and fewer, less costly data breaches.
The Lowdown: Because customers are more concerned about privacy protections today, organizations that invest in data privacy to meet GDPR experience shorter sales delays due to privacy concerns, Cisco found. Privacy matters stall sales an average of 3.4 weeks for compliant firms versus 5.4 weeks for non-GDPR ready organizations. GDPR-compliant companies also boast a lower incidence of data breaches, fewer records impacted per breach, shorter system downtimes, and reduced financial loss.
Three-quarters of respondents say they’re realizing other benefits from their privacy investments as well, including greater agility and innovation driven by more effective data controls, and improved operational efficiency resulting from better organized and classified data.
The Details: Other key findings in the Cisco survey of 3,200 security and privacy pros in 18 countries:
• 87 percent of companies experience delays in their sales cycle due to customers’ privacy concerns, up from 66 percent last year.
• Sales delays by country varied from 2.2 to 5.5 weeks, with Italy, Turkey, and Russia at the lower end of the range, and Spain, Brazil, and Canada at the higher end.
• Top reasons for sales delays include investigating customer requests for privacy needs, translating privacy information into customer languages, educating customers about an organization’s privacy practices, and redesigning products to meet customer privacy needs.
• GDPR-readiness varied by country from 42 percent to 75 percent. Spain, Italy, the United Kingdom, and France were at the top of the range, while China, Japan, and Australia were on the lower end.
• Just 37 percent of GDPR-ready companies experienced a data breach costing more than $500,000, compared with 64 percent of the non GDPR-compliant firms.
Background: Enforceable since May 2018, GDPR focuses on increasing protection for EU residents’ privacy and personal data. According to Cisco’s data, 59 percent of organizations worldwide reported meeting all or most requirements, while 29 percent expect to do so within a year, and 9 percent expect to take more than a year.
The Buzz: “Organizations have a long way to go to maximize the value of their privacy investments. Data is the new currency, and as the market shifts, we see organizations realizing real business benefits from their investments in protecting their data,” said Cisco Chief Privacy Officer Michelle Dennedy. “Our research shows that the market is set and ready for those willing to invest in data assets, and privacy may be the path forward to get there.”
“This research provides evidence for something privacy professionals have long understood – that organizations are benefiting from their privacy investments beyond compliance,” said Peter Lefkowitz, chief digital risk officer at Citrix Systems and chairman of the International Association of Privacy Professionals (IAPP). “The Cisco study demonstrates that strong privacy compliance shortens the sales cycle and increases customer trust.”