Data privacy concerns are causing sales cycle delays for up to 65 percent of businesses worldwide, according to the Cisco 2018 Privacy Maturity Benchmark Study. It suggests that privacy maturity is connected to lower losses from cyber events: most, 74 percent of ‘privacy-immature’ organisations experienced losses of more than $500,000 last year caused by data breaches, compared with only 39 percent of ‘privacy-mature’ organisations, according to the firm.
Privacy maturity is a framework defined by the American Institute of Certified Public Accountants (AICPA) and is based on Generally Accepted Privacy Principles (GAPP). The study surveyed nearly 3000 global security people in 25 countries on their privacy maturity and any effects of data privacy on their business. A surprising two-thirds of respondents indicated that data privacy was causing delays in their sales cycles, with an average estimated delay of 7.8 weeks.
The May 2018 deadline for the General Data Protection Regulation (GDPR), the new law across the European Union (EU) on privacy and personal data, might also be a factor, the study suggests. For the study in full visit the Cisco website.
Comments
Michelle Dennedy, Chief Privacy Officer, Cisco, said: “This research demonstrates that good privacy is good for business, and organizations need to invest in data privacy governance and process to reap the benefits.”
Sarah Armstrong-Smith, Head Continuity and Resilience at Fujitsu UK & Ireland, said: “The news that three-quarters (74pc) of privacy-immature organisations experienced losses of more than £350,000 last year caused by data breaches makes one thing clear: the potential cost of suffering a major security breach is enormous and the threats that we face are only increasing. What’s more, with our latest report revealing that a fifth of the UK public believe cybercrime and hacking are the biggest challenges facing the UK today (above global economic uncertainty and the skills gap), each organisation has an obligation to make data protection as much of a priority as the public, who are regularly asked to hand over financial and other personal data.
“Although organisational awareness of potential attacks is on the rise, online criminals are finding new and creative ways to dupe people into compromising sensitive financial and personal data. This means that “unusual behaviour” is getting harder to detect and might not seem unusual at all. And with employees on the front line of this battle, more must be done to improve user awareness and training – especially of regulations like GDPR which should help gain more control of the data we all hold. Upskilling employees and making them more cyber aware is one of the most cost effective ways of reducing the probability and impact of human error.
“But it won’t work as a standalone policy. Organisations need to continue to invest in technical and security controls, whilst doing more to proactively identify and manage threats instead of waiting for breaches to happen.
“Even the best-run company could suffer from a hack or data breach. The ripple effects of an attack no longer stay within the four walls of an organisation, and businesses of all sizes must rethink their approach and stop defying cybersecurity practices.”
And James Longworth, Head of Solution Architecture at Insight, said: “The road to (business) hell is paved with good intentions, and this research has revealed that this is especially the case when it comes to cyber-security. Organisations which don’t deploy effective data protection don’t only often pay the price to a tune of over a third of a million pounds – they also suffer all the reputational consequences too.
“It is in this context that so many suffer sales delays as customers agonise over their data privacy; the issue of data protection has become so prominent that it is now a major feature in many purchase decisions. In our own research, we found that the majority (54%) of business leaders feel that it’s very important to their customers to know where their data is being stored. And yet there remains a gap between this commendable attitude and actual execution. This same proportion (54%) of respondents who highlighted the significance of giving customers the peace of mind of knowing where their data also admitted to finding it extremely challenging to store data securely.
“The key to effective cyber security is to understand that vulnerabilities don’t solely originate with technology, but with people. Consider the modern flexible employee – accessing company information on the move, carrying everything they need on mobile devices, and working with sensitive data every day, regardless of job function or department. Employees are on the frontline of the cyber security war, and organisations therefore need to look beyond the IT department to establish good cyber-security awareness and practise across the organisation.
“However, organisations should not neglect the importance of investing new technologies such as analytics or artificial intelligence. It is only by pairing such tools with strong, all-encompassing training programmes, that organisations can best safeguard themselves and their customers from the many threats of today. The key to driving this dual approach will be working with trusted partners who have deep expertise in cyber security and executional nous to match.”
