If anyone doubts the financial or business importance of developing an effective privacy strategy, even a brief look at to Cisco 2019 Consumer Privacy Survey for 2020, published in January shows that most organizations that implement such a strategy are receiving significant business benefits from it. Based on a double-blind survey of 2800 security professionals in 13 countries in companies of all sizes, it found that:
- Most organizations are seeing very positive returns on their privacy investments, and more than 40% are seeing benefits at least twice that of their privacy spend.
- That there is a strong correlation between organizations’ privacy accountability and lower breach costs, shorter sales delays, and higher financial returns.
- The percentage of organizations saying they receive significant business benefits from privacy (e.g., operational efficiency, agility, and innovation) has grown to over 70%.
- The vast majority (82%) of organizations view privacy certifications such as a buying factor when selecting a product or vendor in their supply chain.
It’s an interesting time for privacy professionals. While the nonprofit Identity Theft Resource Center (ITRC) reported that as of the end of June publicly reported U.S. identity compromises dropped 33% in the first half of 2020 compared to the first half of 2019.
However, that is not the full picture. Richmond, Va.-based RiskBased Security pointed out in its mid-year QuickView report published earlier this month that although the number of publicly reported data breaches stands at its lowest point in five years, the number of records exposed is more than four times higher than any previously reported equivalent time period. The report covers publicly disclosed data breaches first reported between January 1, 2020 and June 30, 2020.
The problem also appears to have gotten worse as the year progressed. In the second quarter of 2020, just two breaches alone were responsible for more than 18 billion of the 27 billion records put at risk, the report found. The main cause of data breaches were misconfigured databases and services, and the total exceeded the total number of records exposed during all of 2019 by more than 12 billion records.
Privacy, then, and protecting data is a core organizational concern. When we contacted a few companies to find out how they viewed it, five principle concerns were identified, as well as the advantages of mitigating risk.
1. The Importance Of Training
Alia Luria is cofounder and chief technology officer of Lewisville, Texas-based vendor risk management platform InFront Compliance. She pointed out that training is one of the key elements in avoiding breaches. “Attention to data privacy drives the usual expected financial benefits, such as lower costs for litigation or remediation when it comes to breaches or security incidents. Investments in training personnel on privacy practices, running tabletop exercises to improve incident response, and forming relationships with attorneys all contribute to these financial savings,” she said.
She added that, increasingly, there’s a general business benefit as well, as clients and consumers alike tend to prefer services and partners that prioritize good privacy practices. Privacy moves from a necessity to a competitive advantage as the market evolves its understanding in how this impacts their lives and businesses directly.”
2. Data Privacy Culture
Making a commitment to data privacy sets a good culture across the organization that in turn facilitates lawful and transparent data collection and purpose-limited processing, as well as security practices that provide safeguards, compliance, and the development of applications that help users exercise their rights, deputy CISO at San Jose, Calif.-based BlueJeans by Verizon deputy CISO, Kandasamy Muniasamy, told us
He said this this builds trust with customers and provides a competitive advantage for companies — leading to brand loyalty, retention, and new customer acquisition. “Good privacy practices keep the company accountable and reduce regulatory and operational risks, which can help you avoid reputational harm and indirect costs,” he said.
3. Privacy Drives RevenueMany view data privacy and compliance as revenue protection, of which it is. But, if leveraged properly, it can also be a major revenue driver for business, Chicago-based LogicGate’s CEO Matt Kunkel told us. Companies and buyers alike are more concerned with the protection of data than ever before. It’s why over half of Americans according to the Pew Research Center, don’t use services or products where there’s concern regarding the collection of personal information and data.
It is also where companies can gain an upper hand on the competition and generate financial and market growth. “Those who’ve showcased first-class data security and have security processes in place reflecting modern-day risk management practices are more likely to win throughout the sales cycle with companies that have greater compliance standards for vendors,” he said. “Companies that have used risk management are also enabling themselves to open new lines of business without becoming vulnerable to internal or external threats.”
4. Data Privacy And Compliance
Organizations have discovered that data privacy adherence is essentially a different name for managed and proactive data governance, at Cary, NC-based SAS. For years business leaders have had ideas around implementing data governance programs, Todd Wright, head of data privacy solutions at Cary, NC-based SAS, said.
However, those ideas rarely made it past the planning stage and were forgotten for other pressing projects. Data privacy regulations have given those organizations that extra push to finally implement data governance programs. And it is no surprise that organizations are finding that not only does data privacy adherence keep regulators away, but the financial benefit of trusted data means better predictive analytical outcomes, fewer manual tasks to correct poor data, and the ability to know who exactly your customers are — and the relationship they have with you.
5. Privacy Attracts Investors
Data privacy attracts quality investors. As a co-founder, attracting quality value-adding investors is a primary concern. Adhering to data privacy guidelines gives investors peace of mind that your company will not be sued for flouting laws, Jonathon Wright, co-founder of UK-based QA Lead, a QA community for software development. Data privacy also reassures users of the longevity of your brand.
“Consumers are wary of interacting with a brand that has suffered a data breach. That lowers the value of your brand. A good example to consider is what happened with Yahoo,” he said. “After the data breach, their value dropped by approximately $300 million. Verizon acquired the company at $4.5 billion instead of $4.8 billion.”