Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk //

Compliance

Greater Focus on Privacy Pays Off for Firms

Privacy-mature companies complete sales more quickly, have fewer and less serious breaches, and recover from incidents faster, according to Cisco's annual survey.

Companies that invest in privacy see an average return of 270% on their investments, with seven out of 10 companies seeing significant benefits from their privacy expenditures, according to an annual survey published by Cisco today.

In addition, more mature companies — as measured by a five-point accountability score — saw greater returns on their privacy investments, with high-scoring companies seeing an average benefit of 3.1 times return, compared to low-scoring companies, which saw an average benefit of 2.3 times return, according to the "Cisco Data Privacy Benchmark Study 2020." The report, based on a survey of 2,500 security professionals familiar with their companies' privacy practices, underscores that privacy programs are no longer just about avoiding fines but about building trust with customers, says Robert Waitman, director of privacy insights and innovation at Cisco.

"Privacy is not just about being minimally compliant with the laws, which have been changing and becoming more comprehensive. We are seeing other business value from our privacy investments," he says. "Companies that made privacy investments saw fewer breaches, less costly ones, and less down time. That's not a coincidence."

Privacy and data security has grown to become an enormous issue for companies. The European Union's General Data Protection Regulation (GDPR) has cost companies significantly: British Airways faces a £183 million (US$240 million) fine for website flaws that led to the harvesting of information on a half-million customers. Hotel chain Marriot also faces a significant fine — £99 million (US$130 million) — for a breach that affected 500 million guests of subsidiary Starwood Hotels

Overall, 82% of companies had a breach in the past year, according to the survey.

Yet businesses are just beginning to see mature privacy practices as a competitive advantage, Waitman says.

"Companies who may be taking the minimalistic approach, who are looking to just avoid fines from GDPR or other private actions and legislation — that is not the right approach," Waitman says. "This is about enabling and building trust and loyalty with your customers to provide the business value that comes from having your privacy act together.

Cisco published the survey the day before World Privacy Day, Jan. 28, a decade-old holiday that focuses on promoting privacy and raising awareness of the issues around storing people's data. The survey found that the largest benefits accrue to companies in the UK, with a 3.5 times return, and Brazil and Mexico, both with a 3.3 times return. Companies in India benefit the least but still estimated that the average return for their firms were 1.9 times.

Interestingly, the relative benefit from privacy investment does not change for small companies as compared to large companies. Small firms may have less need for comprehensive privacy programs, but they also tend to spend much less than larger companies.

"Small companies spend a little, get a little, and large companies spend a lot, get a lot," Waitman says. "The ratio is kind of similar."

The company found that large enterprises with 10,000 or more employees spent $1.9 million on privacy, and small companies of less than 500 employees spent $800,000, on average. More than 40% of businesses see benefits of more than double the amount spend on privacy efforts, according to the study.

The study's findings extend Cisco's 2019 privacy report, which found GDPR-ready firms had fewer data breaches. Firms prepared for the EU privacy regulations exposed an average of 79,000 files during a breach, compared to 212,000 files for companies not compliant with GDPR.

The reports are based on survey responses and security professionals' estimates of the benefits of privacy programs.

In the end, companies still need to focus on serving their customers need rather than collecting data indiscriminately, Cisco's Waitman says.

"Legislation has provided power back to the people in terms of controlling their data, to some extent," he says. "The No. 1 complaint of consumers right now is that they do not know what is going on with how their data is being used by the people they share it with."

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "7 Steps to IoT Security in 2020."

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
jim.raykowski
50%
50%
jim.raykowski,
User Rank: Apprentice
2/1/2020 | 1:16:10 PM
Re: Scale
I think we do need to focus more on these smaller business. Our business is based in San Diego and our largest client is in 5 states and two countries, no where near 5K employees. We have a total of 18 clients and all under 300 people. What has a bigger impact 5 companies at 10K employees each or 1000 companies with 500 or less employees each. Scale is an important factor to us. One screw up and shutdown a business and cost tens or dozens of people their jobs impacting a lot of people. I am hoping that someone finds a way to scale to the largest sector, small business. We need to help them as well. Jim
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
1/31/2020 | 6:57:35 PM
Re: Control
Agreed, and I think we will see an uptick in control with California based regulations and GDPR.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
1/31/2020 | 6:56:53 PM
Re: Data collection
I know I always do. It leads me to think why is this pertinent for what I am trying to accomplish.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
1/31/2020 | 6:56:05 PM
Re: Cisco's survey
Many providers that fancy themselves as security or privacy centric have reports like this. From the security side I would suggest the VBIR from Verizon. It gives a review of what was seen and what to expect based on trends.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
1/31/2020 | 6:54:19 PM
Re: Scale
Thats a good point Jim. This article is really not geared toward SMB's. I typically find companies with that quantity of employee base don't prioritize privacy as high as other priorities that are more revenue generating. Not to say thats right, but that's what I've seen.

Has your experience been different?
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2020 | 9:17:13 PM
Control
Legislation has provided power back to the people in terms of controlling their data, to some extent, Very good point. Customers should have some control on their personal data. Otherwise conflicts will arise.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2020 | 9:15:29 PM
Data collection
In the end, companies still need to focus on serving their customers need rather than collecting data indiscriminately This is a good point. Customers may turn away if they feel unnecessary data collection.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2020 | 9:12:48 PM
Re: Scale
This is good question. At the end of the day there is more SME than big enterprises.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2020 | 9:11:04 PM
Re: Cisco's survey
Same here. But important information provided obviously. That is great.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2020 | 9:10:03 PM
270% ?
return of 270% on their investments, This is a big number, I would just wonder where in those returns are.
Page 1 / 2   >   >>
Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems
Jai Vijayan, Contributing Writer,  2/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-1842
PUBLISHED: 2020-02-18
Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. An attacker can access the device physically and perform specific operations to exploit this vulnerability. Succe...
CVE-2020-8010
PUBLISHED: 2020-02-18
CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.
CVE-2020-8011
PUBLISHED: 2020-02-18
CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash the Controller service.
CVE-2020-8012
PUBLISHED: 2020-02-18
CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code.
CVE-2020-1791
PUBLISHED: 2020-02-18
HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system has a logic judging error under certain scenario, successful exploit could allow the attacker to switch to third desktop after a series of operation in ADB mode.