"Privacy has become an attractive investment even beyond any compliance requirements. Organizations that get privacy right improve their customer relationships, operational efficiency, and bottom-line results."
- Cisco Data Privacy Benchmark Study 2020
In this year's Data Privacy Benchmark Study, Cisco determined that investments into consumer data privacy can have significant financial benefits for organizations. Let's take a look at some of the key findings.
1. Large ROI on Privacy Investments
Depending upon size, most companies reported spending somewhere between $800,000 and $1.9 million annually on data privacy, with an average of about $1.2 million. On the other hand, respondents estimated that the financial benefits of privacy investments ranged from $1.8 million up to $4.1 million, with an average estimated benefit of $2.7 million.
Here's a quick breakdown of the approximate ROIs by company size:
- 250-500 Employees:
- Average spend: $0.8 million
- Average return: $1.8 million
- ROI = 125%
- 500-999 Employees:
- Average spend: $1.2 million
- Average return: $2.3 million
- ROI = 92%
- 1,000-9,999 Employees:
- Average spend: $1.3 million
- Average return: $2.9 million
- ROI 123%
- >9,999 Employees:
- Average spend: $1.9 million
- Average return: $4.1 million
- ROI 116%
- All companies:
- Average spend: $1.2 million
- Average return: $2.7 million
- ROI 125%
By and large, companies saw returns that were twice as large as their spend. On average, every $1 spent on data privacy equated to a return of $2.25.
2. Positive Correlations with Privacy Accountability
Cisco also factored in the level of privacy accountability of their respondents based on the Centre for Information Policy Leadership's (CIPL) "Accountability Wheel". The Accountability Wheel consists of seven elements that respondents were asked to grade themselves on. These elements are leadership and oversight, risk assessment, policies and procedure, transparency, training and awareness, monitoring and verification, and response and enforcement. The score is determined by calculating the combined average score of each of these seven elements. Overall, respondents with a higher accountability score tended to see greater benefits in a number of areas.
Higher accountability scores correlated with greater economic returns. While a higher accountability score necessitated a larger investment in privacy, the key takeaway is that ROI remains stable, even as privacy spend increases. While there is indubitably a point of diminishing returns, it is in a company's economic interest to make an investment in privacy commensurate to its size.
Furthermore, companies with higher accountability scores saw reduced incidence and impact of data breaches. Companies with the highest accountability scores were breached half as often. Among those that did suffer data breaches, a higher score was associated with significantly less downtime, fewer records being compromised, and 10% lower costs.
On average, companies that did experience breaches had related delays in sales of over 3 weeks. However, higher accountability scores correlated strongly with shorter delays. Companies with the highest scores experienced delays of 3.6 weeks on average, while those with the lowest scores had an average of 5.5 weeks of delays.
3. Data Privacy Enables Innovation, Agility, and Efficiency
Beyond the obvious benefits of compliance, more and more companies are starting to take the operational benefits of privacy into account as well.
71% of respondents saw benefits in terms of enabling agility and innovation.
72% attributed increased operational efficiency from data controls to their data privacy investments.
Many projects are encumbered by or don't even start at all because of risks to sensitive data. When data is protected, such as with tokenization, it can be processed, analyzed, and transferred more quickly. This leads to more streamlined operations.
4. Data Privacy Brings Competitive Advantages
Privacy Certifications reflect positively on the way a company is received and has a clear influence on companies' selection of vendors and products. According to the survey, 82% of respondents confirmed that privacy certifications were taken into account before choosing a vendor or product.
In additional to potential customers, investments in privacy also provide competitive advantages when trying to attract new capital. 73% of respondents saw "significant" or "very significant" benefits in terms of attractiveness to investors.
Conclusion: Data Privacy is a more than Worthwhile Investment
Due to standards and regulations like PCI DSS and GDPR and the associated pains of non-compliance, the economic reasons for investing in data privacy was already obvious. GDPR violations can carry exorbitant fines and the European Commission has not shied away from doling them out. Failure to comply with PCI DSS can mean losing the ability to accept payments from the most popular credit card brands.
The Cisco Data Privacy Benchmark Study has demonstrated year after year that the benefits of investing in data privacy go far beyond compliance. Data Privacy means more revenue, greater business agility, reduced risk, and lower costs.