Thanks to regulations like GDPR and CCPA, it’s easy to look at any investment in privacy as a mere wheel fix that you must do to avoid stiff penalties. That makes it a little like insurance, because it’s hard to see any revenue-generating value in it. It’s just a cost of doing business. Now, a survey from Cisco challenges those assumptions, suggesting that every dollar invested in privacy can generate multiple returns in specific areas like product sales.
For its Data Privacy Benchmark Study 2020, Cisco conducted a double-blind survey of 2800 security pros across 13 countries. It asked about their previous investments, and found an average spend of $1.2m. Among small businesses with 250-499 employees, the average investment was $800,000.
Most companies (typically over 70%) said that they were seeing significant or very significant benefits across several areas. Some of these were obvious, such as building loyalty and trust with customers and mitigating losses from data breaches. Some of them were more nuanced, such as enabling agility and innovation, reducing sales delays and improving operational efficiency.
As an example, not giving proper thought to developing and communicating privacy standards can affect the sales cycle by causing customers to ask what data a company is capturing with its products or services and how it is being used. This year, that caused an average delay of 4.2 weeks, according to Cisco.
Where can companies invest in privacy? One area generating solid returns is privacy certifications, according to the survey. Cisco identifies certifications like ISO 27701 (a privacy extension for ISO 27001), along with the EU/Swiss US Privacy Shield, which is the legal mechanism that replaced Safe Harbor a couple of years ago. These certifications both apply to international sales, and they are a buying factor when selecting a vendor or product, according to 82% of respondents.
How does that translate into financial impact? On average, businesses identified a benefit-to-expenditure ratio of 2.7, meaning that every dollar invested in privacy generated $2.70 in benefit.
Investing in privacy isn’t optional these days, because if you don’t do it, you’re likely to find a regulator coming to talk to you about it. So, if you’re going to do it, you may as well focus on the positive. You might just find that refining your privacy measures and communicating them properly to customers generates some side benefits that you hadn’t expected.