We regularly discuss the topic of privacy and security as something company executives (CIOs, CEOs, CISOs, the Board, etc.) should keep in mind not only for meeting compliance regulations to avoid fines, but also for an effective holistic cybersecurity posture that brings with it a multitude of benefits, including a competitive advantage in this digital era where data is valuable (to every aspect of business, in addition to the people who take it from businesses for its worth).
Recently, a study was published by Cisco that shares some information to support this important notion of privacy and security going hand-in-hand; but with additional data points that might get the point across in a way that helps both CEOs and CIOs communicate on the matter; and finally, move forward with a privacy maturity plan alongside holistic cybersecurity for the long-run.
First noted by the study are that privacy-mature companies: complete sales more quickly; have fewer and less serious breaches; and recover from incidents faster.
The study also found that companies see a 270% average return on their investments, with seven out of 10 companies identifying a significant benefit from their privacy expenditures.
In addition to the ROI benefits from having privacy in the forefront, it was also noted how large companies with 10,000 or more employees spend about $1.9 million on privacy, while small companies with less than 500 employees spend an average of $800,000; and more than 40% of these businesses see benefits of more than double the amount they spend on privacy efforts.
If that’s not incentive enough to take privacy seriously, it’s also worth noting that from Cisco’s 2019 privacy report they found that GDPR-ready firms had fewer breaches: companies that were prepared for GDPR exposed an average of 79,000 files during a breach versus 212,000 files for businesses that weren’t compliant with GDPR. How’s that for strengthening security and keeping customers’ privacy in the forefront, as well as lessening costs that come with breach.
When GDPR became effective, companies were put on the spot to begin taking privacy seriously because now governments were holding them accountable for what happened to consumer data with the risk of fines when not meeting compliance.
After Europe, California followed suit with CCPA; but truth be told, existing cybersecurity compliance regulations, such as PCI DSS, put companies on track with privacy regulation compliance, and only required companies to make minor adjustments to meet the privacy regulations.
As with privacy though, meeting cybersecurity compliance requirements is just as challenging for companies to do. The biggest struggle stems from onboarding compliance regulations to simply avoid fines, and not with holistic cybersecurity in mind.
As long as the focus is solely on avoiding fines (that can be pretty hefty, such as British Airways who has to pay a £183 million (US$240 million) fine for website flaws that led to the harvesting of information on a half-million customers), there’s always something that is going to be missing from truly securing data, ensuring privacy, and seeing the benefits of privacy and security across the entire enterprise.
The Cisco study revealed that 82% of companies had a breach in the past year, and this number does not go down when you look at other studies either (in case you were wondering).
The sooner you implement privacy and security with a holistic cybersecurity posture in mind, the sounder you’ll sleep at night, the less worry over fines and breach, the more benefits you’ll see for your company overall (ROI, clients trust, business partnerships, and so on).
Photo Courtesy of FuzzBones