The News: Cisco has released its 2024 Data Privacy Benchmark Study, its annual review of key privacy issues and their impact on businesses. Based on responses from 2,600 privacy and security professionals across 12 geographies, the findings highlight the growing data privacy concerns with generative AI, the challenges facing organizations over their use of AI, and the disconnects between consumers and organizations, with respect to the elements that engender trust around data privacy. You can read more about this study on Cisco’s website.
Companies and Consumers Focus on Privacy, with Differing Priorities
Analyst Take: Cisco has released its 2024 Data Privacy Benchmark Study, the company’s annual review of data privacy issues and their impact on businesses and consumers. The study was based on responses from 2,600 privacy and security professionals from 12 geographies and focuses on several aspects relating to data privacy strategies, increasing privacy concerns with generative AI, transparency around AI and personal data, the ROI around privacy initiatives, and perhaps most interestingly, the apparent disconnect around data privacy strategies that are important to consumers versus those that are important to organizations.
Growing Privacy Concerns with Generative AI
The use of generative AI is still in its infancy, but the impact of the technology is being felt across many organizations and through consumer-facing experiences. Perhaps due to its newness, the survey found that more than 90% of respondents believe generative AI requires new techniques to manage data and risk. Another key element to consider is that when ChatGPT, Bard, and other generative tools were first announced and made available to the public, few users—and organizations—fully understood how the tools worked, and as a result, did not have specific policies and guardrails put in place to ensure safe use. This is still largely the case in most organizations, which are still evaluating the most appropriate use cases, from both a workflow and ROI perspective. As such, best practices for how to use these tools and for data management and security/protection are still evolving.
Indeed, according to the study, many individuals have entered information that could be problematic, including employee information (45%) or non-public information about the company (48%). As such, organizations have realized these issues, with 69% of business respondents citing the threats to an organization’s legal and intellectual property rights, and the risk of disclosure of information to the public or competitors (68%).
Most organizations are aware of these risks and are putting in place controls to limit exposure: 63% have established limitations on what data can be entered, 61% have limits on which generative AI tools can be used by employees, and 27% said their organization had banned generative AI applications altogether for the time being. Nevertheless, proper education on the risks of using non-sanctioned or unvetted generative AI tools needs to be provided to employees to safeguard sensitive and proprietary company and customer data.
Concerns around AI and Transparency
It is not just organizations that are concerned about generative AI. According to the report, consumers also are concerned about AI use involving their data today. The report found that 91% of organizations recognize they still need to do more to reassure their customers that their data is being used only for intended and legitimate purposes in AI.
There is a disconnect between organizations’ priorities to build consumer trust, compared with the priorities of individual consumers. Consumers identified their top priorities as getting clear information on exactly how their data is being used, and not having their data sold for marketing purposes. However, when asked the same question, businesses identified their top priorities as complying with privacy laws (25%) and avoiding data breaches (23%). This portends a need for organizations to spend more time developing clear strategy around data transparency, particularly with AI applications where it may be difficult to understand how the algorithms make their decisions.
Organizations Receiving Value from External Privacy Certifications and Laws
According to the report, 98% of customers say that external privacy certifications are an important factor in their buying decisions. Similarly, 94% of organizational respondents said that their customers wouldn’t buy from them if they did not adequately protect data.
Additionally, 80% of respondents said privacy laws have had a positive impact on them, and only 6% said the impact has been negative. Despite the costs and requirements privacy laws often impose on organizations, strong privacy regulation boosts consumer confidence and trust in the organizations they choose to share their data with and creates a level playing field for all companies operating within a given industry.
Data Privacy Investments Delivering ROI
The report noted that over the past five years, privacy spending has more than doubled, benefits have trended up, and the financial returns from these investments have remained strong. Based on the data in the study, the largest organizations (10,000+ employees) increased their privacy spending in 2023 by seven to eight percent since last year, though smaller organizations with 50-249 employees decreased their privacy investment by a fourth on average.
That said, for 95% of respondents, the benefits of privacy spending exceed its costs, with the average organization reporting a return of 1.6x. In addition, 80% of respondents indicated deriving significant Loyalty and Trust benefits from their privacy investments, with this figure jumping to 92% for the most privacy-mature organizations.
The Impact of Localization Strategies on Data Security and Privacy
Many governments and organizations are putting in place data localization requirements to keep certain data within a specific country or region. According to the report, while most businesses (91%) believe that their data would be inherently safer if stored within their country or region, 86% also said that a global provider can better protect their data compared to a local provider.
Data localization presents a complex dilemma for generative AI in terms of security and privacy. It requires a nuanced approach that balances security and privacy with the ethical imperative of responsible AI development and equitable access to its benefits. While data localization reduces vulnerability to international data breaches and strengthens compliance with regional regulations, it could hinder model training and innovation. By limiting access to diverse datasets, localization could restrict the quality and generalizability of AI outputs, potentially perpetuating biases and hindering progress in fields like healthcare and scientific research. Additionally, concerns linger around potential misuse of localized data by governments, raising the specter of censorship and stifled dissent.
Conclusion
Generative AI stands to be transformative both for business operations and competitive advantage, as well as the consumer experience. However, its successful implementation and utilization requires careful navigation of compliance requirements and vulnerabilities. 2024 will see the development of best practices, as business use cases continue to emerge, and in accordance with evolving compliance and legal implications—as well as emerging security threats.
Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.
Other Insights from The Futurum Group:
Cisco Partner Summit 2023: AI, Security, and Observability Shine
Cisco Makes a Strategic Move in Acquiring Isovalent
Cisco Unveils Cutting-Edge Capabilities in AppDynamics
Author Information
Keith Kirkpatrick is Research Director, Enterprise Software & Digital Workflows for The Futurum Group. Keith has over 25 years of experience in research, marketing, and consulting-based fields.
He has authored in-depth reports and market forecast studies covering artificial intelligence, biometrics, data analytics, robotics, high performance computing, and quantum computing, with a specific focus on the use of these technologies within large enterprise organizations and SMBs. He has also established strong working relationships with the international technology vendor community and is a frequent speaker at industry conferences and events.
In his career as a financial and technology journalist he has written for national and trade publications, including BusinessWeek, CNBC.com, Investment Dealers’ Digest, The Red Herring, The Communications of the ACM, and Mobile Computing & Communications, among others.
He is a member of the Association of Independent Information Professionals (AIIP).
Keith holds dual Bachelor of Arts degrees in Magazine Journalism and Sociology from Syracuse University.
Krista Case brings over 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.
