Cisco published its 2022 Data Privacy Benchmark Study*, an annual global review of privacy corporate practices, on the impact of privacy on organizations and their views towards data privacy. The 2022 report found that privacy is mission-critical, as 90 percent consider privacy a business imperative. The survey showed privacy investment continues to rise and organizations see a high return on investments from privacy spending.
Privacy has become a true business imperative and a critical component of customer trust for organizations around the world. For the second year in a row, 90 percent of the respondents said they would not buy from an organization that does not properly protect its data, and 91 percent indicated that external privacy certifications are important in their buying process.
“With 94 percent of organizations saying they are reporting one or more privacy-related metrics to their board, and privacy investment rising with an average budget up 13 percent, there’s no doubt that privacy continues to grow in importance for organizations, regardless of their size or location,” explains Harvey Jang, Cisco Vice President and Chief Privacy Officer. “We also see privacy growing to be part of the vital skills and core responsibilities for security professionals. This year’s study confirmed that aligning privacy with security creates financial and maturity advantages compared to other models.”
Privacy’s Return on Investment (ROI) remains high for the third straight year, with increased benefits for small to medium size organizations. More than 60 percent of respondents felt they were getting significant business value from privacy, especially when it comes to reducing sales delays, mitigating losses from data breaches, enabling innovation, achieving efficiency, building trust with customers, and making their company more attractive.
Respondents estimate their ROI to be 1.8 times spending on average. While this continues to be very attractive, it is slightly less than last year (1.9 times spending). This could be due to ongoing needs in responding to the pandemic, adapting to new legislation, uncertainty over international data transfers, and increasing requests for data localization.
Privacy legislation continues to be very well received around the world even though complying with these laws often involves significant effort and cost (e.g., cataloging data, maintaining records of processing activities, implementing controls – privacy by design, responding to user requests). Eighty-three percent of all corporate respondents said privacy laws have had a positive impact, and only 3 percent indicated the laws have had a negative impact.
As governments and organizations continue to demand further data protection, they are putting in place data localization requirements. Ninety-two percent of survey respondents said this has become an important issue for their organizations. But it comes at a price – across all geographies, 88 percent said that localization requirements are adding significant cost to their operation.
Finally, when it comes to using data, 92 percent of survey respondents recognize that their organization has a responsibility to only use data in a responsible manner. And nearly as many (87 percent) believe they already have processes in place to ensure automated decision-making is done in accordance with customer expectations. Yet, Cisco’s 2021 Consumer Privacy Study showed many individuals want more transparency and 56 percent are concerned about the use of data in AI and automated decision-making. Forty-six percent of surveyed consumers felt they cannot adequately protect their data, chiefly because they do not understand what organizations are collecting and doing with their data.
“Cisco is committed to data privacy, including governance of emergent technologies such as artificial intelligence,” says Anurag Dhingra, Cisco Vice President and Chief Technology Officer, Collaboration. “We’re publishing the Responsible AI Framework as part of Cisco’s commitment to transparency and adaptability by establishing a governance process and concrete working practices for our development teams, including vital communication channels with our customers and constituencies. The framework defines clear principles in alignment with the values of our customers.”