Canadian Security Magazine

Cisco: businesses report sales delays caused by customer data privacy concerns

By Canadian Security   

News Data Security annex businesses cisco concerns data privacy privacy privacy maturity benchmark study sales delays

According to findings in the new Cisco 2018 Privacy Maturity Benchmark Study, data privacy concerns are causing significant sales cycle delays for up to 65 per cent of businesses worldwide.

The study also shows that privacy maturity is connected to lower losses from cyberevents: 74 per cent of privacy-immature organizations experienced losses of more than $500,000 last year caused by data breaches, compared with 39 per cent of privacy-mature organizations.

Privacy maturity is a framework defined by the American Institute of Certified Public Accountants (AICPA) and is based on Generally Accepted Privacy Principles (GAPP).

The study surveyed nearly 3000 global security professionals in 25 countries regarding their privacy maturity and any effects of data privacy on their business. Two-thirds of respondents indicated that data privacy was causing delays in their sales cycles, with an average estimated delay of 7.8 weeks.

Respondents were asked to assess their current privacy maturity level according to the standard AICPA model, which defines five privacy maturity levels: ad hoc, repeatable, defined, managed and optimized.


According to the study, the average sales delay by privacy maturity stage was as follows: ad hoc (16.8), repeatable (9.8), defined (5.1), managed (4.4) and optimized (3.3). Those that are “optimized” saw 80 per cent shorter delays.

Finally, privacy-mature companies experience fewer breaches and smaller losses from cyberattacks, says Cisco. Overall, 53 per cent of respondents reported losses greater than $500,000 related to cyberattacks in the last 12 months.

Meanwhile, privacy-immature operations (i.e., ad hoc stage) had the highest percentage (74 per cent), with the percentage decreasing with increasing privacy maturity. The other levels were repeatable (66 per cent), defined (49 per cent), managed (43 per cent) and optimized (39 per cent).

“Given these widespread and significant delays, every company should assess its own situation to evaluate where customer privacy concerns might postpone business,” says Cisco. “Aside from legal compliance, depending on the potential revenue effects and their current privacy maturity level, companies should explore the return on investment of privacy process improvements and the beneficial effects that deploying such measures could have on sales.”

Print this page


Stories continue below