Cisco's 2023 Data Privacy Benchmark Study reveals that to build trust, organizations focus primarily on compliance, whereas consumers value transparency most. 92% of respondents say their organization needs to do more to reassure customers about how their data is used in AI.
Organizations are getting a strong 1.8 times return on their privacy investments, with estimated benefits up significantly in the past year.
90% of respondents believe global providers can better protect their data compared to local providers.
The benchmark is an anonymous survey across 26 geographies* of more than 3100 security professionals familiar with data privacy.
Today, Cisco published its 2023 Data Privacy Benchmark Study. The sixth annual global survey investigates professionals' perspectives on data privacy strategies. This year's study finds that despite a difficult economic environment, organizations continue to invest in privacy, with spending up significantly from $1.2 million just three years ago to $2.7 million this year. Yet, 92 percent of respondents believe their organization needs to do more to reassure customers about their data. The survey also finds that organizations' privacy priorities differ from those expressed by consumers.
Disconnect between consumers' expectations and organizations' privacy strategies
The study finds a significant disconnect between data privacy measures by companies and what consumers expect from organizations, especially when it relates to how organizations apply and use Artificial Intelligence (AI).
The Cisco 2022 Consumer Privacy Survey showed 60 percent of consumers are concerned about how organizations apply and use AI today, and 65 percent already have lost trust in organizations over their AI practices. Consumers also said the top approach for making them more comfortable would be to provide opportunities for them to opt out of AI-based solutions. Yet, the privacy benchmark shows providing opt-out opportunities was selected least (22 percent) among the options organizations would put in place to reassure consumers.
"When it comes to earning and building trust, compliance is not enough," said Harvey Jang, Cisco Vice President and Chief Privacy Officer. Transparency was the top priority for consumers (39 percent) to trust companies, whilst organizations surveyed felt compliance was the number one priority for building customer trust (30 percent).
Even though 96 percent of organizations believe they have processes in place to meet the responsible and ethical standards that customers expect for AI-based solutions and services, 92 percent of respondents believe their organization needs to do more to reassure customers about their data.
Despite a difficult economic environment, organizations continue to invest in privacy, with spending up from $1.2 million three years ago to $2.7 million this year. Over 70 percent of organizations surveyed indicated they were getting "significant" or "very significant" benefits from privacy investments, such as building trust with customers, reducing sales delays, or mitigating losses from data breaches. On average, organizations are getting benefits estimated to be 1.8 times spending, and 94 percent of all respondents indicated they believe the benefits of privacy outweigh the costs overall.
With privacy as a critical business priority, more organizations recognize that everyone across their organization plays a vital role in protecting data. This year, 95 percent of respondents said that "all of their employees" need to know how to protect data privacy.
"An organization's approach to privacy impacts more than compliance," said Dev Stahlkopf, Cisco Executive Vice President and Chief Legal Officer. "Investment in privacy drives business value across sales, security, operations, and most importantly, trust."
Costs of data localization and greater trust in global providers
Privacy legislation plays an important role in enabling governments to hold organizations accountable for how they manage personal data, and 157 countries (up from 145 last year) now have privacy laws in place. Even though complying with these laws involves significant effort and cost, 79 percent of all corporate respondents said privacy laws have had a positive impact.
Although 88 percent of respondents believe their data would be safer if stored only within their country or region, research indicates this does not hold up once costs, security and other trade-offs are considered. Remarkably, 90 percent also said that a global provider, operating at scale, can better protect the data compared to local providers.