Login
As part of Cisco’s recognition of International Data Privacy Day, today we released the Cisco 2023 Data Privacy Benchmark Study, our sixth annual review of key privacy issues and their impact on business. Drawing on responses from more than 3100 organizations in 26 geographies, the findings show that organizations continue to prioritize and get attractive returns from their privacy investments, while integrating privacy into many of their most important processes, including sales motions, management metrics, and employee responsibilities.
Nearly all organizations have recognized the importance of privacy to their business. Ninety-four percent (94%) of respondents said their customers wouldn’t buy from them if their data was not properly protected, and 95% said privacy has become a business imperative.
Even in a difficult economic environment, the average privacy spend in 2022 was $2.7 Million, up 125% from 3 years ago. Estimated benefits from privacy rose to $3.4 Million with significant gains across all organization sizes. The average organization is getting benefits of 1.8 times spending, meaning they get $180 of benefit for each $100 invested in privacy. Thirty-six percent (36%) of organizations are getting returns at least twice their spending with many getting returns upwards of 3 or 5 times.
More organizations are recognizing that everyone across the organization plays a vital role in protecting personal data. Ninety-five percent (95%) of survey respondents said that “all of their employees” need to know how to protect data privacy. Among the security professionals who completed our survey, one-third (33%) included data privacy in their top three areas of responsibility.
Another important indication of privacy’s importance to the organization is the use of privacy metrics. Ninety-eight percent (98%) of organizations said they are reporting one or more privacy-related metrics to the Board of Directors. The average number of privacy metrics was 3.1, which is up from 2.6 in last year’s survey. The most-reported metrics include the status of any data breaches, impact assessments, and incident response.
Privacy legislation continues to be very well-received around the world. Seventy-nine percent (79%) of all corporate respondents said privacy laws have had a positive impact, and only 6% indicated that the laws have had a negative impact.
Ninety-six percent (96%) of organizations said they have an ethical obligation to treat data properly. However, when it comes to earning and building customer trust, their priorities are not fully consistent with those of consumers. Transparency – providing easily accessible and clear information about how their data is being used – was the top priority (39%) for respondents in the consumer survey, well ahead of not selling personal information or complying with privacy laws. Yet, when asked what builds trust for consumers, organizations in the Benchmark Survey selected compliance over transparency. It seems consumers consider legal compliance to be a “given” with transparency more of a differentiator.
This disconnect can also be seen when it comes to the use of Artificial Intelligence (AI). Ninety-six percent (96%) of organizations in our survey believe they have processes already in place to meet the responsible and ethical standards that customers expect. Yet, the majority of consumers don’t see it that way. As reported in our 2022 Consumer Privacy Survey, 65% already have lost trust in organizations over their AI practices. Fortunately, organizations may be starting to get the message that they aren’t doing enough. Ninety-two percent (92%) of respondents said that when it comes to AI applications, their organization needs to be doing more to reassure customers that their data is only being used for intended and legitimate purposes.
Many governments and organizations are putting in place data localization requirements, which forces data to be kept within a country or region. The vast majority (88%) of survey respondents believe that their data would be inherently safer if it is only stored locally. Remarkably, 90% also said that a global provider, operating at scale, can better protect the data compared to local providers. When viewing these two statements together, it seems that while organizations would ideally like to keep their data local, they still prefer and trust a global provider over a local provider. Of course, if they can get both — a local instance set up by a global provider — they would presumably like that even better.
This research suggests that organizations should continue to build and apply privacy capabilities into their operations and solutions, particularly among engineering, IT and security professionals, and those who work with personal data. Transparency is particularly important to customers, and organizations need to do more to reassure customers on how their data is being used, especially when applying and using AI and automated decision-making. Finally, organizations should consider the consequences of data localization requirements and recognize that these add cost and may degrade functionality, privacy, and security.
To learn more, check out the Cisco 2023 Data Privacy Benchmark Study, Infographic, and our Principles for Responsible AI.
Also, the new Cisco 2022 Purpose Report (Power section) and the Cisco ESG Reporting Hub (Integrity and Trust section) to see how trustworthiness, transparency, and accountability are key to Cisco’s approach to security, privacy, and trust.
All this and more can be found on the Cisco Trust Center.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
It’s been my pleasure to work alongside the Centre for Information Policy Leadership (CIPL) for over a decade to advocate for privacy to be respected as a fundamental human right and managed by organizations as a business imperative. CIPL works with industry leaders, regulators, and policymakers to deliver leading practices and solutions for privacy and responsible data use around the world.
Our organizations share the belief that privacy is key to trust and provides a critical competitive advantage for those who get it right. As privacy professionals, we live and breathe the importance of privacy every day and understand its value. We must help business leaders and other key stakeholders recognize and realize data privacy’s true worth and invest appropriately — beyond just meeting legal or compliance requirements.
We’re excited today to share this new, jointly-published research report Business Benefits of Investing in Data Privacy Management Programs. This report offers insights into the material business benefits that organizations are realizing from the time, monetary, and resource investments they have applied to building their Data Privacy Management Programs (DPMPs).
Here are some of the key findings:
Customers want accountability. While organizations are expected to meet their legal, compliance, and data security requirements, customers also demand organizations to be responsible stewards of their personal data. DPMPs not only enable organizations to gain a competitive edge, they empower them to earn and grow confidence and trust in the business.
Significant benefits from investing in DPMPs. Risk mitigation and compliance benefits, like avoiding regulatory scrutiny and fines, minimizing breaches, and evading damage to reputation, are among the most substantial benefits experienced by organizations that implement a DPMP. Other tangible benefits include greater agility, operational efficiency, and making the organization more attractive to investors.
Strong, attractive returns from DPMPs. More than half of organizations surveyed experienced at least $1 million in benefit from investing in privacy over the past year, with 28% realizing over $10 million in benefit.
Widespread Use of Privacy Maturity Models. Most organizations are using some form of a privacy maturity model to show accountability, including the CIPL Accountability Framework, ISO standards, Generally Accepted Privacy Principles, and the NIST Privacy Framework, among others. And CIPL members had an average score of 4.13 out of 5 with respect to implementing the seven elements of organizational accountability as described in the report.
There is considerable interest in further understanding the value DPMPs bring to their organization. Discussions about privacy and how DPMPs positively impact organizations will continue to be an increasing area of focus for corporate leadership, including the C-suite and at the Board level.
These findings offer valuable information and perspective for those building and operationalizing privacy. We’ll continue to research and share other qualitative and quantitative evidence that highlights privacy’s growing priority and value for organizations and the individuals they serve.
Check out this report Business Benefits of Investing in Data Privacy Management Programs and more related privacy research on consumer and organizational perspectives on the Cisco Trust Center.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Last week, I was privileged to participate in an important national summit on IoT Security convened by Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technologies.
Representatives from across the US government, industry, and academia were invited to the White House to discuss a National Consumer IoT Security Labeling program.
In short, we were all there to solve the same problem: how do we raise awareness of the IoT security challenge among all consumers? Cisco appreciates the Biden administration’s efforts to drive better security into the consumer space given how interconnected our world is. We also underscored the importance of intelligent, intuitive networks in securely connecting the “things” being brought online daily—and in managing the billions of smart devices already in our homes and offices.
Consumer devices—from televisions and cameras to drones and baby monitors—have become attack targets as we have embraced connectivity without necessarily following proper security measures. This has been demonstrated by attacks that access cameras within these smart devices. But this issue extends beyond attacks and includes breaches of privacy too. If improperly secured, capabilities intended to enable smart features and accessibility, or improve user experience, can be abused by hackers to steal identities, generate data breaches, facilitate device failure, or even serve as stepping-stones to broader attacks on critical infrastructure.
A prominent example of how security flaws in consumer devices can lead to broader disruption was demonstrated by the Mirai botnet in 2016. What appeared initially as a targeted attack, quickly spread and caused global havoc. Fueled by compromised connected consumer devices—like cameras, DVRs and home routers—a Distributed Denial of Service attack (DDoS) impacted its customers’ sites such as Twitter, Netflix, and CNN to name a few. Mirai highlighted how consumer devices connecting to the network can go beyond the walls of a consumer’s home to breach larger institutions and services—all the while being unknown to the consumer and without impact the devices’ functions.
So how do we raise consumer awareness about these breaches? And how do we protect users and prevent these breaches in the future? The discussion at the White House focused on now best to effectuate the national program for IoT security labeling, which was required by President Biden’s executive order last May. Key stakeholders presented potentially promising new ideas for device certification, labels for secure devices, and ways to incentivize adoption of these standards.
Though the focus was on consumer IoT devices, we also discussed the broader implications of the need to raise awareness among consumers about the devices they use at home and in the office. This is where the importance of visibility and network security becomes a strong protector: once these devices can be identified, the network can provide the right access controls (e.g., segmenting the network so that such devices do not infiltrate the main network).
As the IoT market continues to evolve and mature, we look forward to working with the US government, policymakers, industry forums, and partners to drive open, standardized holistic IoT security and privacy practices. Accomplishing this will help more power a more secure, connected future for all.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
How do organizations earn and build trust when it comes to the personal data that customers share with them? Customers certainly expect these organizations to comply with all privacy laws that are now in place in more than 130 countries. Customers also expect them not to sell personal data without consent and to try to avoid data breaches that could expose personal data. While these actions are necessary, organizations still need to do more when it comes to customer trust. According to our latest research, consumers’ top priority is, in fact, for organizations to be more transparent about how they use personal data.
The Cisco 2022 Consumer Privacy Survey, released today, explores what organizations can do to earn and build trust with customers, the actions individuals are taking to protect their data, the impact of privacy laws around the world, and some of the benefits and costs of Artificial Intelligence (AI) and data localization requirements. The report, our fourth annual look at consumer privacy issues, draws on anonymous responses from 2600 adults in 12 countries.
Here are some highlights from the survey:
Check out the associated infographic that provides visual and easily consumable descriptions of the key data.
At Cisco, we believe that privacy is a fundamental human right. Privacy continues to be a high priority for consumers, and organizations need to do their part to protect personal data and build consumer confidence in how this data is being used. Some recommendations for organizations include:
Privacy remains a critical element of trust. Consumers want more transparency and control of their personal data, especially as we continue to see innovations in technology. As we are now in the midst of Cybersecurity Awareness Month in the US and other countries around the world, it’s a great time to learn more and join in activities and discussions that advance cybersecurity.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
FreshRSS 