- Data privacy has become a major issue among security and IT executives as companies scramble to manage heightened concerns about health data and vaccination due to the COVID-19 pandemic, according to the Cisco 2021 Data Privacy Benchmark Study.
- About ¾ of respondents saw a direct correlation between privacy investments and the ability to mitigate security losses, according to 4,400 security professionals worldwide who were asked privacy-specific questions. In 2020, privacy budgets reached about $2.4 million, which was double the year-ago figure.
- Data privacy has become a top area of responsibility for security professionals, with 34% of respondents saying privacy is one of their top core competencies and responsibilities, according to the report.
The report highlights the growing importance that companies are placing on the secure collection, storage and analysis of employee data, which is now considered an essential function of data security professionals.
"What we found in this survey is, remarkably, the pandemic put a lot of challenges on everyone," Robert Waitman, director of data privacy at Cisco. "In particular, the challenges organizations face around security and privacy allow them to reinforce, maintain and really strengthen some of these capabilities."
The pandemic has created a number of concerns that companies have to manage, including issues around making sure the workplace is safe, contact tracing and managing the privacy of employee health information, according to Waitman. Companies also have to manage the security of data that is transmitted back and forth with employees that are working in their homes.
But companies are taking privacy far more seriously, compared with prior years. For example, 93% of companies have turned to their internal privacy teams to help guide their pandemic response, according to the report. In addition, 93% of companies are reporting privacy metrics, including data breaches, privacy audit results and privacy impact assessments to their board of directors.
Among the critical issues that security professionals are focused on include compliance with data laws, such as Europe's General Data Protection Regulation and more regional or local laws like the California Consumer Privacy Act.
Companies are becoming more involved in meeting compliance with external privacy certifications, for example the EU Binding Corporate Rules or the APEC Cross-Border Privacy Rules, according to the report. These certifications act as almost an external seal of approval to demonstrate that compliance is meeting local regulatory standards.
The pandemic played a very important role in the results of this study, as remote work increased dramatically following the spring 2020 lockdowns. During that time companies had to keep track of health to accurately forecast their business security and spending requirements going forward.
This data will remain critical as companies assess their plans for 2021 as to whether they will return to their offices in a hybrid work environment, according to Waitman.