A new Cisco data privacy report reveals that the roles of security professionals around the world are evolving in response to regulatory changes and the specific pressures created by the COVID-19 pandemic. Security operations increasingly include data privacy as a core responsibility and competence. This is largely due to regulations and new security requirements created by moving to work-from-home models, but also a growing awareness of the link between privacy practices and the ability to mitigate data breaches.
Cisco Privacy Report: More than 1/3 of Organizations Have Made Privacy Skills a Core Component of Security
According to the privacy report, 34% of respondents (a group of 4,700 security professionals from 25 countries) say that data privacy is now a core competency for security personnel and is one of the primary responsibilities of security. Department.
The privacy report sees the pandemic as one of the main drivers of this change. You find that privacy budgets and resources have increased, and investments in privacy exceed what is required to meet legal obligations.
Privacy teams appear to have been a critical resource in navigating unknown pandemic conditions – 93% of respondents said they relied on these teams to navigate and guide their pandemic response. As a result, privacy budgets doubled last year to an average of $ 2.4 million. While the return on privacy investments has slightly decreased overall from 2019, the trend remained fairly strong, with 35% of respondents saying they at least doubled their investment in terms of overall benefits. There appears to be a correlation with the maturity of the privacy program and the sum of the benefits obtained from these investments. Regardless of the investment amounts or the result, 79% of organizations say that the world’s developing privacy laws are having a positive impact; only 5% feel there is a negative impact.
While the regulations were on fire, the throttle was the sudden switch to remote work models. The number of organizations where the majority of employees worked remotely increased from 40% in 2019 to 67% in 2020, with 91% of organizations reporting that at least 25% of their workforce now worked remotely. remote. The change seemed to catch most organizations off guard; 59% said they were not fully prepared for it in terms of privacy and security results, and 87% expressed concern about privacy protections in the tools that were adopted to facilitate change.
Although pandemic need forced an increase in resources dedicated to privacy matters and security professionals, budgets would likely have been trending up anyway due to the perceived return on investment. 2/3 of organizations said they saw significant benefits in all six areas associated with investing in privacy: reducing sales delays, mitigating security losses, enabling innovation, achieving operational efficiency, building trust, and making privacy more attractive company. The constant overall value of these benefits increased 10% since 2019 and held across all but the largest organization types.
The overall return on investment per dollar spent fell somewhat according to the privacy report, from 2.7 in 2019 to 1.9 in 2020; however, only 15% saw a negative return, while 16% saw their profits increase at least threefold.
The rise in global privacy legislation is far from being a top-down imposition by governments, but is driven by very strong sentiments in favor of data privacy laws among ordinary people. Organizations seem to recognize this, and 90% acknowledge that they will lose sales if they are not clear about their privacy and data protection policies. Roughly a third of consumers are now viewed as “privacy assets,” or those who will stop doing business with a company if they have a problem with these policies.
Security professionals embedded in privacy programs
34% of security professionals responding to the privacy report said that privacy and data governance was now one of their top three responsibilities, making it the most common choice among all roles. It slightly outperformed more standard job descriptions: 31% chose to assess and manage risk, 29% chose threat analysis and response, and 21% chose software and application development.
Much of this change for security professionals likely has to do with a significant increase in boards of directors becoming involved in privacy issues. 93% of the privacy report respondents now report at least one metric to the board, while 14% report five or more. The most frequently reported metrics are the results of privacy program audits, privacy impact assessments, and data breach reports.
34% of #security professionals who responded to the report said that #privacy and data governance was now one of their top three responsibilities. #respectdata
The privacy report ends with several suggestions to ease the burden on security professionals and obtain an optimal return on investment: improve transparency about personal information processing activities, optimize vendor due diligence processes through obtaining external privacy certifications (such as ISO and Shield) and a strong culture of governance and accountability that allows program maturity to be easily communicated to stakeholders.
Source: CPO Magazine