The benefits of spending on data privacy and protection average 2.7 times the original investment – 3.5 times in the UK – with 77% of buyers saying they have received “significant business benefits” from privacy, beyond merely compliance, according to Cisco’s 2020 Data privacy benchmark study.

This means that that for every dollar of privacy spend, global organisations are getting $2.70 of benefit, while British organisations are getting $3.50 worth of benefit. Nearly half of businesses saw a greater than twofold return, 33% were breaking even, and 8% were getting back less.

This is the third edition of Cisco’s now annual research paper, which looks at corporate data privacy practices worldwide, and this year shows significant growth in benefits for those that adopt strong privacy practices 18 months after the introduction of the European Union’s General Data Protection Regulation (GDPR), which unsurprisingly seems to have been a catalyst for privacy investment.

Based on a double-blind survey of 2,800 security professionals, the report shows how customer demands for increased protection, the threat of data breaches and misuse by insiders and threat actors, have also spurred organisations to plough cash into privacy.

“With this study, we now have empirical evidence of privacy investments paying off for companies – particularly with improved customer relationships, revenue impact and real bottom-line results,” said Cisco vice-president and chief privacy officer Harvey Jang.

Cisco noted that the return on investment (ROI) benefits appeared to be fairly similar regardless of organisational size. Although larger businesses are quantifiably spending more money and getting more benefits, the ratio of benefits to spending is persistent across large, mid-size and small businesses.

“We now have empirical evidence of privacy investments paying off for companies – particularly with improved customer relationships, revenue impact and real bottom-line results” Harvey Jang, Cisco

Besides growing RoI – over 40% saw benefits at least two times that of their spend – investment in data privacy also generates operational and competitive advantages, said Cisco. Over 70% of organisations – up from 40% in 2019 – now say they are now more agile, have a better competitive advantage over rivals, are more attractive to investors, and are better trusted by customers.

A higher degree of accountability was also found to translate to increased benefits, with those that had higher accountability scores – as per the Centre for Information Policy Leadership’s Accountability Wheel, a framework for managing and assessing organisational maturity – were spending less on rectifying breaches that did occur and experiencing fewer delays in their sales cycles.

Reflecting tighter worldwide regulations, 82% of respondents to the study said they now saw privacy certifications – such as ISO 27701, the EU/Swiss-US Privacy Shield and APEC Cross Border Privacy Rules – as a buying factor. Respondents in India and Brazil seemed most likely to agree external certifications are now important in their buying decisions.

Cisco provided a short checklist of steps organisations can take to improve their data privacy posture. These include: improving transparency about processing activities, and being upfront and clear about what you are doing with user data, and why; obtaining external certifications, as above; going beyond the legal bare minimum; and building strong internal governance and accountability to demonstrate to stakeholders that your privacy programme is mature.