Privacy as a Competitive Advantage, & Other Key Learnings

February 22, 2024

CISCO recently released its 2024 Data Privacy Benchmark Study, and it’s a standout report in our opinion. The study surveyed 2,600 security and privacy professionals in organizations in Europe, Asia, and the Americas. You can read the full report here, but we’ve summarized our key learnings below:

Our Key Learnings from the CISCO Data Privacy Benchmark Study

Privacy is a Key Competitive Advantage

“Ninety-four percent of organizations [surveyed] said their customers would not buy from them if they did not adequately protect customer data.” – CISCO 2024 Data Privacy Benchmark Study

CISCO’s survey highlighted the importance of privacy in building trust with customers. It noted that 94% of organizations surveyed said their customers would not buy from them if they did not adequately protect customer data.

It seems customers are increasingly looking for proof of privacy credentials, with many organizations noting that external privacy certifications and/or signals play an important role in their buying process.

The Economics of Privacy

CISCO’s study noted that the average organization realizes a 1.6x return on investment for privacy spending. The specific benefits companies gained from their privacy investment include:

  • Reduced sales delays.
  • Reduced risk posed by data breaches.
  • Agility and innovation.
  • Operational efficiencies.
  • Improved customer trust.

Loyalty and trust are the most significant drivers of the ROI of privacy, according to those surveyed.

Where We’re Falling Short

The survey also highlighted the following areas where privacy professionals generally felt that organizations were falling short:

  • Adequately reassuring customers about how the organization uses data with AI. Many privacy professionals indicated that their customers are concerned about how organizations use and apply AI. It seems that only using the data supplied for intended and legitimate purposes was a significant concern.
  • Organizations and customers have different priorities. It seems that most customers want clear information about how their data is used and for their data not to be sold for marketing purposes. Organizations, on the other hand, are prioritizing legal compliance and avoiding data breaches.

Next Steps: Implementing Privacy Changes That Matter

Companies should consider the following changes to their privacy programs:

  • Improve the way you communicate about privacy to your customers.

Very broadly speaking, companies aren’t doing a great job of communicating about privacy. We see this in the opaque way companies often communicate data breaches (if they elect not to cover it up), and these results also point to a strong demand for clear information about privacy practices.

If your company can clearly and concisely outline its privacy practices, it is likely that increased customer trust (and all the benefits that entails) will follow.

  • Clearly communicate how and when you use AI in decision making.

Automated systems are basically a staple in hiring processes (we’ve written about the risks of AI in hiring previously). But AI use cases are expanding rapidly, particularly in the marketing department, and the use of customer data and machine learning is generally not transparent.

If you’ve adopted AI that you feed customer data, whether it’s for predictive analytics, product recommendations, or any other purpose, your customers want to hear about it. Sharing that information with them could offer a significant competitive advantage.

  • Strongly consider minimizing the amount of data you hold to maintain trust and minimize cost and risk.

Companies that invested in privacy saw a significant benefit in terms of mitigating security losses. Why? Because the less data you collect and store, the less data you have to lose in a data breach.

From our perspective, minimized data collection can also help to improve customer trust and loyalty. Individual consumers and companies alike are increasingly weary and wary of the overcollection of data. Simply decreasing the amount of data you collect can streamline the sales process, improve trust, and help you focus your attention on fewer key metrics in one fell swoop.

If you’re looking to improve your company’s privacy framework, reach out. Our attorneys are available to help.


The materials available at this website are for informational purposes only and not for the purpose of providing legal advice. You should contact your attorney to obtain advice with respect to any particular issue or problem. Use of and access to this website or any of the e-mail links contained within the site do not create an attorney-client relationship between CGL and the user or browser. The opinions expressed at or through this site are the opinions of the individual author and may not reflect the opinions of the firm or any individual attorney.

Other Articles

External Privacy Policy with hand hovering above it and reading glasses sitting on it Is an External Privacy Policy Enough?
GDPR Explained: A Quick Guide for U.S. Businesses
Children’s Data Privacy: Five Takeaways from the FTC’s Recent Workshop

    Ready to Talk?
    Contact Us

    We would to hear from you

    Please take a moment to tell us a few things about your needs and someone from our team will reach out to you as soon as possible.

    We would to hear from you

    Thank you for reaching out!

    Someone from our team will get back to you shortly

    We would to hear from you