Nearly 3,000 global security professionals in 25 countries have taken part in Cisco’s Privacy Benchmark Study.
An extensive survey conducted by Cisco has shown data privacy concerns are causing significant sales cycle delays for up to 65pc of businesses around the world, and privacy maturity is connected to lower losses from cyberattacks and breaches.
Two-thirds of respondents said that data privacy issues were causing delays in their sales cycles with an average delay estimated at 7.8 weeks. The impending GDPR is also a factor in the delays, as more customers are concerned with products they buy having the correct privacy protections.
74pc of organisations that could be classed as ‘privacy-immature’ experienced losses of more than $500,000 last year caused by data breaches, compared with just 39pc of privacy-mature organisations.
What is privacy maturity?
Privacy maturity is a framework defined by the American Institute of Certified Public Accountants (AICPA) and is based on Generally Accepted Privacy Principles (GAPP). The AICPA defines five privacy maturity levels: ad hoc, repeatable, defined, managed, and optimised.
Privacy procedures or processes are generally informal, incomplete and inconsistently applied.
Privacy procedures or processes exist, however, they are not fully documented and do not cover all relevant aspects.
Privacy procedures and processes are fully documented and implemented and cover all relevant aspects.
Reviews are conducted to assess the effectiveness of the privacy controls in place.
Regular review and feedback measures are used to ensure continuous improvement towards optimisation of privacy processes.
The average sales delay for those with ad hoc maturity was 16.8 weeks, but delays decreased for businesses with higher privacy maturity levels.
Businesses with optimised privacy processes reported 3.4 weeks of sales delay, which is an 80pc reduction compared to ad hoc organisations. Geography and industry also appear to play a significant role in the length of delay.
Where are the longest delays?
Latin America and Mexico are experiencing the longest sales delays, at 15.4 weeks and 13 weeks, respectively. China and Russia have the shortest delays, at 2.8 weeks and 3.3 weeks, respectively.
In terms of industries, companies in the utilities, pharmaceuticals and manufacturing sectors reported the shortest average delays at three weeks or less. The longest delays were reported by companies within the government and healthcare space.
So, what can companies experiencing delays in sales due to privacy immaturity do to remedy the situation?
Measure the current delays
Every organisation should assess the scope of sales delays due to data privacy issues and understand how much of their sales revenue might be affected by the delays.
Assess root causes
Portions of the delay might be caused by sales teams being unable to address customer concerns, incomplete or inaccessible corporate policies, or engineering/design issues. Finding the kernel of the problem is key.
Establish ongoing metrics and targeted initiatives
The sales delay metric should be regularly measured and tracked, along with a set of priorities designed to reduce the delays by appropriate investments.
Explore effects of privacy level on cyber losses
Organisations also should assess the cause of any cyber events and losses that might have been avoided through more mature data privacy processes.
Develop a data privacy and protection plan
If such a plan does not currently exist, businesses should look to create policies and protocols as part of maintaining good security hygiene to protect their organisations.
For more information on the importance of privacy in business, check out the infographic below.