Data privacy concerns are causing significant sales cycle delays for up to 65% of businesses worldwide.
This is according to findings in the new Cisco 2018 Privacy Maturity Benchmark Study, which also shows that privacy maturity is connected to lower losses from cyber-events: 74% of privacy-immature organisations experienced losses of more than $500 000 last year caused by data breaches, compared with only 39% of privacy-mature organisations.

Privacy maturity is a framework defined by the American Institute of Certified Public Accountants (AICPA) and is based on Generally Accepted Privacy Principles (GAPP).

The study surveyed nearly 3 000 global security professionals in 25 countries regarding their privacy maturity and any effects of data privacy on their business. A surprising two-thirds of respondents indicated that data privacy was causing delays in their sales cycles, with an average estimated delay of 7,8 weeks.

The pending May 2018 enforcement of the General Data Protection Regulation (GDPR), the new law enacted to increase protections of European Union (EU) citizens’ privacy and personal data, might also be a factor in these delays. Customers are increasingly concerned that products and services they buy provide appropriate privacy protections. GDPR’s provisions apply to any company that processes, stores, or uses this data.

Respondents were asked to assess their current privacy maturity level, according to the standard AICPA model, which defines five privacy maturity levels: ad hoc, repeatable, defined, managed, and optimized. The study found that:

* The average sales delay for those with ad hoc maturity was 16,8 weeks, but delays decreased for businesses with higher privacy maturity levels.

* Businesses with optimised privacy processes reported 3,4 weeks of sales delay, which is an 80% reduction compared to ad hoc organisations.

* Geography and industry also appear to play a significant role in the length of delay.

Given these widespread and significant delays, every company should assess its own situation to evaluate where customer privacy concerns might postpone business. Aside from legal compliance, depending on the potential revenue effects and their current privacy maturity level, companies should explore the return on investment of privacy process improvements and the beneficial effects that deploying such measures could have on sales.

The Cisco 2018 Data Privacy Maturity Benchmark Study highlights include:

Data privacy concerns drive sales delays

* Companies in the government and healthcare sectors exhibited the longest average sales delays – 19 weeks and 10,2 weeks, respectively – compared to other industries.

* Companies in the utilities, pharmaceuticals, and manufacturing sectors reported the shortest average delays, all three weeks or less.

* By geography, Latin America and Mexico are experiencing the longest sales delays, at 15,4 weeks and 13 weeks, respectively.

* China and Russia have the shortest delays, at 2,8 weeks and 3,3 weeks, respectively.

Privacy-mature organisations experience shorter sales delays

* The average sales delay (in weeks) by privacy maturity stage were as follows: ad hoc (16,8), repeatable (9,8), defined (5,1), managed (4,4), and optimised (3,3).
* Since organisations in the defined stage experienced 70% shorter sales delays vs. those in the ad hoc stage, companies might benefit significantly from moderate improvements in privacy maturity. Those that are “optimised” saw 80% shorter delays

Privacy-mature companies experience fewer breaches and smaller losses from cyberattacks

* Overall, 53% of respondents reported losses greater than $500 000 related to cyberattacks in the last 12 months.

* Privacy-immature companies (i.e., ad hoc stage) had the highest percentage (74 percent), with the percentage decreasing with increasing privacy maturity. The other levels were repeatable (66%), defined (49%), managed (43 percent), and optimised (39%).

Given the potential effects of these delays on sales and revenues, Cisco advises organisations to take the following steps:

* Measure current delays: Assess the scope of sales delays due to data privacy issues and understand how much sales revenue might be affected by the delays.

* Assess root causes: Portions of a delay may be caused by sales teams being unable to address customer concerns, incomplete or inaccessible corporate policies, or engineering/design issues. Executives need to know root causes to determine resolutions.

* Establish ongoing metrics and targeted initiatives: Regularly measure and track the sales delay metric, and set priorities for appropriate investments to reduce the delays.

* Explore effects on cyber losses: Assess the cause of any data breaches and losses that might have been avoided through more mature data privacy processes.

* Develop a data privacy and protection plan: If such a plan does not currently exist, plan to create policies and protocols that contribute to good security hygiene.