Cisco’s 2022 data privacy study finds that privacy budgets are up, and companies are seeing good return on these investments.

IT and security professionals say government laws about data security have many more advantages than disadvantages, according to a new survey by Cisco.

Survey respondents cited strong support for privacy laws with 83% saying these rules have had a positive impact. Based on the survey, respondents value a strong governmental role in protecting privacy as this guidance can provide:

• More consistent standard of care
• Greater clarity on the rights and resources of data owners
• Guidelines as to what data processing activities are allowed or prohibited

The Cisco 2022 Data Privacy Benchmark Study also found that:

• Privacy has become more important to buying processes, management metrics and employee responsibilities
• The ROI of improved privacy practices remains high for the third straight year
• Customers want more transparency about how data is used in automated decision-making
• Data localization requirements are important but expensive
• Aligning privacy with security creates financial and maturity advantages when compared with other organizational models

According to the report, these two metrics show the increased importance of privacy:

1. 94% of respondents report privacy metrics to boards of directors
2. Data privacy ranked second in the top three priorities for security professionals

The survey includes more than 5,300 security professionals from 27 countries who completed the survey in summer 2021. Survey respondents represent all major industries and a mix of company sizes. The report also includes data from the Cisco 2021 Consumer Privacy Survey.

Privacy budgets are up 13% from 2020 spending levels at an average of $2.7 million in 2021. Respondents also reported a positive return on investment from this spending with 60% or more indicating significant benefits in these areas:

• Loyalty and trust
• More attractive company
• Operational efficiency
• Agility and innovation
• Mitigating security losses
• Reducing sales delays

In another survey question about costs, 88% respondents said data localization requirements are adding significant costs to operations. In the 27 countries represented in the survey between 77% (Russia) and 94% (Singapore) said complying with these rules made costs go up. Respondents in the U.S. were in the middle with 87% reporting increased costs, while the UK was at 83%.

When it comes to allocating responsibility for managing privacy, most companies put the IT team (37%) or the security team (34%) in charge. Compliance carries the responsibility in 11% of organizations surveyed with legal and operations at 9% and 8% respectively. The security team edged out the IT team in terms of generating the highest ROI from privacy best practices. Companies that have put security teams in charge of this work are most likely to say that privacy maturity is more advanced than their peer companies.

Not so much progress on the consumer front

IT and security professionals feel confident about progress in protecting privacy and security at work, according to the survey. Consumers are not seeing the same improvements, based on Cisco’s consumer survey. That research found that 46% of respondents can’t protect personal data because it’s “too hard to figure out what companies are doing with my data.”

The survey included questions about acceptable use cases for personal data, including matching sales representatives with customers, deciding credit worthiness and setting prices. About half of all respondents said they would have less trust in a company if artificial intelligence is used for these decisions:

• Mental health counseling
• Job interviews
• Sports equipment marketing
• Credit worthiness