Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk //

Compliance

Greater Focus on Privacy Pays Off for Firms

Privacy-mature companies complete sales more quickly, have fewer and less serious breaches, and recover from incidents faster, according to Cisco's annual survey.

Companies that invest in privacy see an average return of 270% on their investments, with seven out of 10 companies seeing significant benefits from their privacy expenditures, according to an annual survey published by Cisco today.

In addition, more mature companies — as measured by a five-point accountability score — saw greater returns on their privacy investments, with high-scoring companies seeing an average benefit of 3.1 times return, compared to low-scoring companies, which saw an average benefit of 2.3 times return, according to the "Cisco Data Privacy Benchmark Study 2020." The report, based on a survey of 2,500 security professionals familiar with their companies' privacy practices, underscores that privacy programs are no longer just about avoiding fines but about building trust with customers, says Robert Waitman, director of privacy insights and innovation at Cisco.

"Privacy is not just about being minimally compliant with the laws, which have been changing and becoming more comprehensive. We are seeing other business value from our privacy investments," he says. "Companies that made privacy investments saw fewer breaches, less costly ones, and less down time. That's not a coincidence."

Privacy and data security has grown to become an enormous issue for companies. The European Union's General Data Protection Regulation (GDPR) has cost companies significantly: British Airways faces a £183 million (US$240 million) fine for website flaws that led to the harvesting of information on a half-million customers. Hotel chain Marriot also faces a significant fine — £99 million (US$130 million) — for a breach that affected 500 million guests of subsidiary Starwood Hotels

Overall, 82% of companies had a breach in the past year, according to the survey.

Yet businesses are just beginning to see mature privacy practices as a competitive advantage, Waitman says.

"Companies who may be taking the minimalistic approach, who are looking to just avoid fines from GDPR or other private actions and legislation — that is not the right approach," Waitman says. "This is about enabling and building trust and loyalty with your customers to provide the business value that comes from having your privacy act together.

Cisco published the survey the day before World Privacy Day, Jan. 28, a decade-old holiday that focuses on promoting privacy and raising awareness of the issues around storing people's data. The survey found that the largest benefits accrue to companies in the UK, with a 3.5 times return, and Brazil and Mexico, both with a 3.3 times return. Companies in India benefit the least but still estimated that the average return for their firms were 1.9 times.

Interestingly, the relative benefit from privacy investment does not change for small companies as compared to large companies. Small firms may have less need for comprehensive privacy programs, but they also tend to spend much less than larger companies.

"Small companies spend a little, get a little, and large companies spend a lot, get a lot," Waitman says. "The ratio is kind of similar."

The company found that large enterprises with 10,000 or more employees spent $1.9 million on privacy, and small companies of less than 500 employees spent $800,000, on average. More than 40% of businesses see benefits of more than double the amount spend on privacy efforts, according to the study.

The study's findings extend Cisco's 2019 privacy report, which found GDPR-ready firms had fewer data breaches. Firms prepared for the EU privacy regulations exposed an average of 79,000 files during a breach, compared to 212,000 files for companies not compliant with GDPR.

The reports are based on survey responses and security professionals' estimates of the benefits of privacy programs.

In the end, companies still need to focus on serving their customers need rather than collecting data indiscriminately, Cisco's Waitman says.

"Legislation has provided power back to the people in terms of controlling their data, to some extent," he says. "The No. 1 complaint of consumers right now is that they do not know what is going on with how their data is being used by the people they share it with."

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "7 Steps to IoT Security in 2020."

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Page 1 / 2   >   >>
SEODan
100%
0%
SEODan,
User Rank: Apprentice
1/28/2020 | 5:50:54 AM
Cisco's survey
I haven't heard about this Cisco's annual survey before your post. Thanks !
jim.raykowski
50%
50%
jim.raykowski,
User Rank: Apprentice
1/28/2020 | 3:33:00 PM
Scale
 What about companies with 10, 15, 25, 50, or so employees? Its a great read for big companies how do we scale this down to smaller business? 

Thanks

Jim
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2020 | 9:10:03 PM
270% ?
return of 270% on their investments, This is a big number, I would just wonder where in those returns are.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2020 | 9:11:04 PM
Re: Cisco's survey
Same here. But important information provided obviously. That is great.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2020 | 9:12:48 PM
Re: Scale
This is good question. At the end of the day there is more SME than big enterprises.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2020 | 9:15:29 PM
Data collection
In the end, companies still need to focus on serving their customers need rather than collecting data indiscriminately This is a good point. Customers may turn away if they feel unnecessary data collection.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2020 | 9:17:13 PM
Control
Legislation has provided power back to the people in terms of controlling their data, to some extent, Very good point. Customers should have some control on their personal data. Otherwise conflicts will arise.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
1/31/2020 | 6:54:19 PM
Re: Scale
Thats a good point Jim. This article is really not geared toward SMB's. I typically find companies with that quantity of employee base don't prioritize privacy as high as other priorities that are more revenue generating. Not to say thats right, but that's what I've seen.

Has your experience been different?
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
1/31/2020 | 6:56:05 PM
Re: Cisco's survey
Many providers that fancy themselves as security or privacy centric have reports like this. From the security side I would suggest the VBIR from Verizon. It gives a review of what was seen and what to expect based on trends.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
1/31/2020 | 6:56:53 PM
Re: Data collection
I know I always do. It leads me to think why is this pertinent for what I am trying to accomplish.
Page 1 / 2   >   >>
HackerOne Drops Mobile Voting App Vendor Voatz
Dark Reading Staff 3/30/2020
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5347
PUBLISHED: 2020-04-04
Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.
CVE-2020-5348
PUBLISHED: 2020-04-04
Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.
CVE-2020-8142
PUBLISHED: 2020-04-03
A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144. Revive Adserver, like many other applications, requires the logged in user to type the current password in order to change the e-mail address or the password. It was how...
CVE-2020-8143
PUBLISHED: 2020-04-03
An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the “/...
CVE-2020-8147
PUBLISHED: 2020-04-03
Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using utils-extend.