GDPR-ready organizations see lowest incidence of data breaches

Organizations worldwide that invested in maturing their data privacy practices are now realizing tangible business benefits from these investments, according to Cisco’s 2019 Data Privacy Benchmark Study. The study validates the link between good privacy practice and business benefits as respondents report shorter sales delays as well as fewer and less costly data breaches.

Business benefits of privacy investments

GDPR-ready organizations

The GDPR, which focused on increasing protection for EU residents’ privacy and personal data, became enforceable in May 2018. Organizations worldwide have been working steadily towards getting ready for GDPR. Within the study, 59 percent of organizations reported meeting all or most requirements, 29 percent expect to do so within a year, and 9 percent will take more than a year.

“This past year, privacy and data protection importance increased dramatically. Data is the new currency, and as the market shifts, we see organizations realizing real business benefits from their investments in protecting their data,” said Michelle Dennedy, Chief Privacy Officer, Cisco.

Customers are increasingly concerned that the products and services they deploy provide appropriate privacy protections. Those organizations that invested in data privacy to meet GDPR experienced shorter delays due to privacy concerns in selling to existing customers: 3.4 weeks vs. 5.4 weeks for the least GDPR ready organizations. Overall the average sales delay was 3.9 weeks in selling to existing customers, down from 7.8 weeks reported a year ago.

GDPR-ready organizations cited a lower incidence of data breaches, fewer records impacted in security incidents, and shorter system downtimes. They also were much less likely to have a significant financial loss from a data breach.

Beyond this, 75 percent of respondents cited that they are realizing multiple broader benefits from their privacy investments, which include greater agility and innovation resulting from having appropriate data controls, gaining competitive advantage, and improved operational efficiency from having data organized and catalogued.

GDPR-ready organizations

More than 3,200 global security and privacy professionals in 18 countries across major industries responded to the Cisco survey about their organizations’ privacy practices. Key findings include:

  • 87 percent of companies are experiencing delays in their sales cycle due to customers’ or prospects’ privacy concerns, up from 66 percent last year. This is likely due to the increased privacy awareness brought on by GDPR and the frequent data breaches in the news.
  • Sales delays by country varied from 2.2 to 5.5 weeks, with Italy, Turkey and Russia at the lower end of the range, and Spain, Brazil and Canada at the higher end. Longer sales delays can be attributed to areas where privacy requirements are high or in transition. Delayed sales can cause revenue shortfalls related to compensation, funding, and investor relations. Delayed sales also can become lost sales if a potential customer buys from a competitor or decides not to buy at all.
  • Top reasons cited for sales delays included investigating customer requests for privacy needs, translating privacy information into customer languages, educating customers about an organization’s privacy practices, or redesigning products to meet customer privacy needs.
  • By country, GDPR-readiness varied from 42 percent to 75 percent. Spain, Italy, UK and France were at the top of the range, while China, Japan and Australia were on the lower end.
  • Only 37 percent of GDPR-ready companies experienced a data breach costing more than $500,000, compared with 64 percent of the least GDPR-ready companies.