Cisco's 2020 Data Privacy Benchmark Study is part of a three-year effort that involves surveying thousands of organizations worldwide. Their research has shown to them that -- beyond meeting compliance requirements -- good privacy is good for business and individuals.
The data in the report is derived from the Cisco Annual Cybersecurity Benchmark Study, which is a double-blind survey of 2,800 security professionals in 13 countries. They asked privacy-specific questions to more than 2,500 respondents who stated they were familiar with the privacy processes at their organizations.
The results of the study quantified how privacy affects their business.
Most organizations saw "very positive returns" on their privacy investments, and more than 40% saw benefits at least twice that of their privacy spend. Among large enterprises (10,000 or more employees), average spend was $1.9 million, and 2% of these enterprises spent more than $5 million. On the other end of the spectrum, the average privacy spend of small businesses (250 to 499 employees) was $800,000, and 41% of them spent less than $500,000.
Using the "Accountability Wheel" (a framework for helping organizations build, manage, assess and adapt their privacy programs which was created by the Centre for Information Policy Leadership (CIPL)), they found strong correlations between an organization's privacy accountability and lower breach costs, shorter sales delays, and higher financial returns.
The percentage of organizations saying they receive significant business benefits from privacy (e.g., operational efficiency, agility and innovation) has grown to over 70%. The benefits also showed up in fewer and less costly data breaches, reduced sales delays, and improved customer loyalty and trust. Across all companies in the survey, the average estimated benefit was $2.7 million.
Across all respondents, the average ratio of benefits to spend was 2.7, meaning that for every dollar of investment, the company received $2.70 worth of benefit. Nearly half (47%) of the companies saw greater than a twofold return, 33% are breaking even, and only 8% appear to be spending more than they receive back in benefits.
They also found that the average return on privacy investment varies significantly by country, with the highest average returns located in the UK (3.5x), Brazil (3.3x) and Mexico (3.3x).
Lastly, the vast majority (82%) of organizations viewed privacy certifications such as ISO 27701 and Privacy Shield as a buying factor when selecting a product or vendor in their supply chain. By country, the highest percentages were in Brazil (95%), India (95%) and China (94%). But even in the countries with the lowest percentages (e.g., Canada), roughly two thirds of organizations still agreed.
— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.