Privacy continues to be a priority investment for organizations globally, as it delivers a higher average benefit and a 1.8 times return on investment, according to the 2023 Cisco Data Privacy Benchmark Study. Almost all (98%) organizations have integrated privacy into their priorities and processes, and 95% reported privacy-related metrics to their Board of Directors. While organizations recognize the need to protect personal data, they are not fully aligned with consumers when it comes to building trust, especially with the use of AI and automated decision-making.
The report also revealed that organizations are recognizing the benefits of global providers, which operate at scale and can better protect data compared to local providers. The study surveyed more than 4,700 security professionals from 26 countries and directed privacy-specific questions to the 3,100 respondents who indicated they were familiar with the data privacy program at their organizations. The study also included results from the Cisco 2022 Consumer Privacy Survey, completed by 2,600 adults in 12 countries.
The report reveals that 95% of survey respondents consider privacy to be a business imperative, up from 90% last year. Ninety-four percent believe that customers would not buy from them if their data was not properly protected, up from 90% a year ago. Ninety-five percent of respondents said privacy is an integral part of their organization’s culture, up from 92% the previous year.
Despite the difficult economic climate in 2022, privacy spending did not decrease and, in some cases, grew. The average spending was $2.7 million, a significant increase from $1.2 million three years ago. The most substantial growth in spending from 2021 to 2022 was seen in smaller organizations. At organizations with 50-249 employees, spending increased more than 17% to $2.0 million from $1.7 million. At organizations with 500-999 employees, spending rose more than 13% to $2.6 million from $2.3 million. Spending at larger organizations remained relatively unchanged after steep increases from 2019 to 2020.
Furthermore, the study revealed that the estimated dollar value of benefits from privacy has significantly increased. The average estimate rose more than 13% to $3.4 million from $3.0 million last year, with significant gains across the various organization sizes. Estimated benefits at organizations with 50-249 employees rose 35% to $2.7 million from $2.0 million, and those with 500-999 employees rose 18% to $3.3 million from $2.8 million. Estimated benefits at larger organizations of 1,000-9,999 employees and 10,000+ employees also rose 6%.
Conclusion and recommendations
As privacy continues to become more deeply integrated into organizational priorities and processes, it is imperative that organizations meet the growing expectations of consumers with respect to transparency and the use of personal information in AI-driven decision-making. By doing so, organizations can enhance their privacy posture, establish trustworthiness, and derive maximum benefits from their privacy investments.
Based on the findings of this research, several specific recommendations emerge:
- Organizations should continue investing in privacy and expand privacy capabilities throughout their organization, particularly among security and IT professionals and those involved directly in personal data processing and protection. A comprehensive and well-embedded approach to privacy is essential in today’s data-driven economy.
- Organizations must increase transparency with their customers about how personal data is used in the solutions and services they provide. While compliance with the law is crucial, it is not sufficient. Transparency is key to building and maintaining trust.
- When using AI in solutions, organizations should be guided by ethical principles and provide options to customers for managing AI decisions to assure them of greater transparency and human involvement inconsequential decisions. This will help build consumer trust in AI applications and reduce the risk of negative impacts from the use of automated decision-making.
- Organizations should carefully weigh the costs and consequences of data localization. Local providers may be more expensive and may compromise the functionality, privacy, and security of data compared to global providers who operate at scale. Organizations must consider these trade-offs carefully in light of their unique circumstances and priorities.
In summary, this research highlights the multifaceted nature of privacy and the need for organizations to adopt a comprehensive and proactive approach to privacy management. The recommendations outlined above, while not exhaustive, provide a starting point for organizations seeking to enhance their privacy posture, build trust with their customers, and maximize the benefits of privacy investments.
The full report can be read here:
