Companies believe effective privacy management improves trust, transparency, and provides a return on investment, scotching the notion data protection is a compliance burden and additional cost.

According to technology vendor Cisco’s “2022 Data Privacy Benchmark Study,” published Jan. 26, 83 percent of the more than 4,900 security professionals globally who responded to the survey said privacy laws have had a positive impact on their business. Another 90 percent said they would not buy from an organization that does not properly protect its data, while 91 percent indicated external privacy certifications are important in their buying process.

Respondents said effective privacy management increased loyalty and trust, made the company more attractive, and improved operational efficiency. Of those surveyed, 90 percent said they consider privacy a “business imperative.”

The survey found the average privacy budget was up 13 percent from $2.4 million last year to $2.7 million this year. Respondents estimated their average return on investment on data privacy management to be 1.8 times spending, remaining high for the third year running.

Aligning privacy with security also seems to create further financial and maturity advantages, compared to other organizational models, said Cisco.

The survey found nearly all (94 percent) respondents said their organizations report one or more privacy-related metrics to the board. While some companies are reporting against as many as 10 privacy metrics, most are reporting between one and three, with popular options including privacy program audit findings (34 percent), personal data breaches (33 percent), and the results of privacy impact assessments (32 percent).

Other metrics include data subject requests, incident response, privacy gaps identified, third-party contracts, training, maturity, and return on investment.

Cisco’s report also highlighted key privacy challenges for companies. Transparency around what data is used to generate AI decision-making and how the impacts of these decisions are justified and assessed is one area where respondents said trust is problematic, particularly regarding job interviews, assessing credit worthiness, and setting prices.

Meanwhile, data localization requirements—aimed at ensuring greater data protection when personal data is transferred to third countries—are seen as “important but costly.” While 92 percent of respondents said this has become an important issue for their organizations, 88 percent said the requirements are adding significant cost to their operations.