Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk //

Compliance

Greater Focus on Privacy Pays Off for Firms

Privacy-mature companies complete sales more quickly, have fewer and less serious breaches, and recover from incidents faster, according to Cisco's annual survey.

Companies that invest in privacy see an average return of 270% on their investments, with seven out of 10 companies seeing significant benefits from their privacy expenditures, according to an annual survey published by Cisco today.

In addition, more mature companies — as measured by a five-point accountability score — saw greater returns on their privacy investments, with high-scoring companies seeing an average benefit of 3.1 times return, compared to low-scoring companies, which saw an average benefit of 2.3 times return, according to the "Cisco Data Privacy Benchmark Study 2020." The report, based on a survey of 2,500 security professionals familiar with their companies' privacy practices, underscores that privacy programs are no longer just about avoiding fines but about building trust with customers, says Robert Waitman, director of privacy insights and innovation at Cisco.

"Privacy is not just about being minimally compliant with the laws, which have been changing and becoming more comprehensive. We are seeing other business value from our privacy investments," he says. "Companies that made privacy investments saw fewer breaches, less costly ones, and less down time. That's not a coincidence."

Privacy and data security has grown to become an enormous issue for companies. The European Union's General Data Protection Regulation (GDPR) has cost companies significantly: British Airways faces a £183 million (US$240 million) fine for website flaws that led to the harvesting of information on a half-million customers. Hotel chain Marriot also faces a significant fine — £99 million (US$130 million) — for a breach that affected 500 million guests of subsidiary Starwood Hotels

Overall, 82% of companies had a breach in the past year, according to the survey.

Yet businesses are just beginning to see mature privacy practices as a competitive advantage, Waitman says.

"Companies who may be taking the minimalistic approach, who are looking to just avoid fines from GDPR or other private actions and legislation — that is not the right approach," Waitman says. "This is about enabling and building trust and loyalty with your customers to provide the business value that comes from having your privacy act together.

Cisco published the survey the day before World Privacy Day, Jan. 28, a decade-old holiday that focuses on promoting privacy and raising awareness of the issues around storing people's data. The survey found that the largest benefits accrue to companies in the UK, with a 3.5 times return, and Brazil and Mexico, both with a 3.3 times return. Companies in India benefit the least but still estimated that the average return for their firms were 1.9 times.

Interestingly, the relative benefit from privacy investment does not change for small companies as compared to large companies. Small firms may have less need for comprehensive privacy programs, but they also tend to spend much less than larger companies.

"Small companies spend a little, get a little, and large companies spend a lot, get a lot," Waitman says. "The ratio is kind of similar."

The company found that large enterprises with 10,000 or more employees spent $1.9 million on privacy, and small companies of less than 500 employees spent $800,000, on average. More than 40% of businesses see benefits of more than double the amount spend on privacy efforts, according to the study.

The study's findings extend Cisco's 2019 privacy report, which found GDPR-ready firms had fewer data breaches. Firms prepared for the EU privacy regulations exposed an average of 79,000 files during a breach, compared to 212,000 files for companies not compliant with GDPR.

The reports are based on survey responses and security professionals' estimates of the benefits of privacy programs.

In the end, companies still need to focus on serving their customers need rather than collecting data indiscriminately, Cisco's Waitman says.

"Legislation has provided power back to the people in terms of controlling their data, to some extent," he says. "The No. 1 complaint of consumers right now is that they do not know what is going on with how their data is being used by the people they share it with."

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "7 Steps to IoT Security in 2020."

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jim.raykowski
50%
50%
jim.raykowski,
User Rank: Apprentice
1/28/2020 | 3:33:00 PM
Scale
 What about companies with 10, 15, 25, 50, or so employees? Its a great read for big companies how do we scale this down to smaller business? 

Thanks

Jim
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Introducing 'Secure Access Service Edge'
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  7/3/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15526
PUBLISHED: 2020-07-09
In Redgate SQL Monitor 7.1.4 through 10.1.6 (inclusive), the scope for disabling some TLS security certificate checks can extend beyond that defined by various options on the Configuration > Notifications pages to disable certificate checking for alert notifications. These TLS security checks are...
CVE-2020-10756
PUBLISHED: 2020-07-09
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, re...
CVE-2020-12421
PUBLISHED: 2020-07-09
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 6...
CVE-2020-12422
PUBLISHED: 2020-07-09
In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78.
CVE-2020-12423
PUBLISHED: 2020-07-09
When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. *Note: This issue only affects the Windows operating system; other operating sys...