Businesses banning or limiting use of GenAI over privacy risks
Privacy is much more than a regulatory compliance matter. Findings from a new Cisco study highlight the growing Privacy concerns with GenAI, trust challenges facing organizations over their use of AI, and the attractive returns from privacy investment.
“Organizations see GenAI as a fundamentally different technology with novel challenges to consider,” said Dev Stahlkopf, Cisco Chief Legal Officer. “More than 90% of respondents believe AI requires new techniques to manage data and risk. This is where thoughtful governance comes into play. Preserving customer trust depends on it.”
Among the top concerns, businesses cited the threats to an organization’s legal and Intellectual Property rights (69%) and the risk of disclosure of information to the public or competitors (68%).
Most organizations are aware of these risks and are putting in place controls to limit exposure: 63% have established limitations on what data can be entered, 61% have limits on which employees can use GenAI tools, and 27% said their organization had banned GenAI applications altogether for the time being. Nonetheless, many individuals have entered information that could be problematic, including employee information (45%) or non-public information about the company (48%).
AI and transparency progress
Consumers are concerned about AI use involving their data today. Yet, 91% of organizations recognize they need to do more to reassure their customers that their data was being used only for intended and legitimate purposes in AI. This is similar to last year’s levels, suggesting little progress has been achieved.
Organizations’ priorities to build consumer trust differ from those of individuals. Consumers identified their top priorities as getting precise information on how their data is being used and not having it sold for marketing purposes. When asked the same question, businesses identified their top priorities as complying with privacy laws (25%) and avoiding data breaches (23%). It suggests additional attention to transparency would be helpful — especially with AI applications where it may be difficult to understand how the algorithms make their decisions.
The role of external certifications and laws
Organizations recognize the need to reassure their customers about how their data is being used. “94% of respondents said their customers would not buy from them if they did not adequately protect data,” explains Harvey Jang, Cisco VP and Chief Privacy Officer.
“They are looking for hard evidence the organization can be trusted as 98% said that external privacy certifications are an important factor in their buying decisions. These stats are the highest we’ve seen in Cisco’s privacy research over the years, proving once more that privacy has become inextricably tied to customer trust and loyalty. This is even more true in the era of AI, where investing in privacy better positions organizations to leverage AI ethically and responsibly.”
Despite the costs and requirements privacy laws may impose on organizations, 80% of respondents said privacy laws have positively impacted them, and only 6% said the impact has been negative. Strong privacy regulation boosts consumer confidence and trust in the organizations where they share their data.
Further, many governments and organizations implement data localization requirements to keep specific data within a country or region. While most businesses (91%) believe their data would be inherently safer if stored within their country or region, 86% also said that a global provider operating at scale can better protect their data than a local provider.
Privacy is a valuable investment
Over the past five years, privacy spending has more than doubled, benefits have trended up, and returns have remained strong. This year, 95% indicated that privacy’s benefits exceed its costs, and the average organization reports getting privacy benefits of 1.6 times their spending. Further, 80% indicated getting significant “Loyalty and Trust” benefits from their privacy investments, and this is even higher (92%) for the most privacy-mature organizations.
In 2023, largest organizations (10,000+ employees) increased their privacy spending by seven to eight percent since last year. However, smaller organizations saw lower investment, for example, businesses with 50-249 employees, decreased their privacy investment by a fourth on average.