50 percent of companies over the past two years have increased the involvement of privacy professionals on their information security teams to enhance the prevention of data breaches, a joint study released at RSA Conference by the International Association of Privacy Professionals (IAPP) and TRUSTe has found.
The study – How IT & InfoSec Value Privacy – polled 550 privacy, IT and information security professionals across the globe in December and January.
The findings reveal a significant increase in privacy-related investments, with 42 percent of firms spending more on privacy technology, nearly keeping pace with increases in security tools.
The study also confirms the well-documented extent of the cybersecurity threat as 39 percent reported an incident in the last two years and increased their information security and privacy investments alike to address the growing threat.
“As the threat of cybersecurity breaches increases every day, companies are getting smarter about protecting themselves against this threat, and more are recognizing the importance of security and privacy working hand in hand to mitigate the risk and enhance accountability,” IAPP President and CEO J. Trevor Hughes, CIPP said.
In fact, findings from the study show the most important way to protect against cybersecurity risk is through constant communication between the privacy and security teams, many of which are now populated with staff from each discipline.
Companies are also using core privacy functions to better understand the extent of their corporate risk, with 42 percent of companies increasing investment in privacy technology, 41 percent increasing use of privacy impact assessments and data inventory and classification, and 40 percent increasing use of data retention policies.
“They say you can’t have privacy without security but this research shows it cuts both ways and privacy has a vital role to play in achieving security objectives and mitigating data breach,” TRUSTe CEO Chris Babel said. “Privacy adds value through data classification and minimization, establishing good policy, and communicating thoroughly so that organizations understand the value of the information they have and can better plan how to protect it and allocate resources. After years of reliance on external counsel and auditors the research also finds privacy technology spending is now outpacing investment in personnel,” said Babel.
Additional highlights of the study include:
- Some 75 percent of IT/infosecurity professionals ranked data minimization and data inventory and mapping as the most important privacy functions in mitigating the risk of a data breach, followed by privacy policies and privacy impact assessments.
- Privacy technology spending is outpacing investment in personnel, as privacy growth maps that of infosecurity over the last 10 years, and spend on privacy related technology was ahead of external counsel (34 percent) and external auditors (26 percent).
- In addition, although regulatory enforcement actions are rare, firms find privacy investments highly important after they occur. When a regulator became involved, the privacy budget increased and the emphasis on privacy practices became more pronounced.