Privacy ROI: Benefits from data privacy averaging 2.7 times the investment

Customer demands for increased data protection and privacy, the ongoing threat of data breaches and misuse by both unauthorized and authorized users, and preparation for the GDPR and similar laws around the globe spurred many organizations to make considerable privacy investments – which are now delivering strong returns, Cisco reveals.

The study is based on results from a double-blind survey of over 2,800 security professionals in organizations of various sizes across 13 countries.

Privacy ROI: Organizations experiencing positive returns

Organizations, on average, receive benefits 2.7 times their investment, and more than 40 percent are seeing benefits that are at least twice that of their privacy spend. Privacy ROI is real, it’s time for organizations to realize the benefits.

Operational and competitive advantages

Up from 40 percent last year, over 70 percent of organizations now say they receive significant business benefits from privacy efforts beyond compliance, including better agility, increased competitive advantage and improved attractiveness to investors, and greater customer trust.

Higher accountability translates to increased benefits

Companies with higher accountability scores (as assessed using the Centre for Information Policy Leadership’s Accountability Wheel, a framework for managing and assessing organizational maturity) experience lower breach costs, shorter sales delays, and higher financial returns.

82% of organizations see privacy certifications as a buying factor

Privacy certifications such as the ISO 27701, EU/Swiss-US Privacy Shield, and APEC Cross Border Privacy Rules system are becoming an important buying factor when selecting a third-party vendor. India and Brazil topped the list with 95 percent of respondents agreeing external certifications are now an important factor.

As markets continue to evolve, organizations should consider prioritizing their privacy investments on:

• Improving transparency about processing activities – be up front and clear about what you are doing with data and why
• Obtaining external privacy certifications – ISO, Shield, CBPRs and BCRs have all become important factors in the buying process by streamlining vendor due diligence
• Going beyond the legal bare minimum – privacy is a business imperative and most organizations are seeing very positive returns on their spend
• Building strong organizational governance and accountability to be able to demonstrate to internal and external stakeholders your privacy program maturity.