Many organisations have been investing in resources and processes to meet GDPR standards ahead of the May deadline according to Cisco's first Privacy Maturity Benchmark Study.
However, increases in data breaches reported have led companies to ask more about which organisations they partner with and the products they buy. Concern about how data is captured, transferred, stored and erased has slowed down the buying cycle.
Cisco's study found that 74 percent of privacy-immature organisations experienced losses of more than £350,000 last year caused by data breaches. Companies that are privacy-mature have fewer data breaches and smaller losses from cyber-attacks; only 39 percent of privacy-mature companies experienced losses demonstrating is a huge difference between those that are privacy-mature and privacy-immature.
Customers are growing increasingly concerned by whether the products and services they buy will provide appropriate privacy protections that will meet the GDPR standards. Two thirds of the respondents from Cisco's study said that data privacy was causing a delay in their sales cycles, with an average delay of 7.8 weeks.
Companies in the government and healthcare sectors exhibited the longest average sales delays, 19 weeks and 10.2 weeks respectively, compared to other industries. By geography, Latin America and Mexico have the longest delays, and China and Russia have the shortest.
John Gevertz, chief privacy officer, Visa Inc said about the study: “Privacy professionals and sales executives all know that privacy/data protection concerns can slow the sales cycle. Having good data to support that knowledge will help drive the actions needed for improvement.”
Sarb Sembhi CTO and CISO of Virtually Informed emailed SC Media UK to comment: “This is an interesting study about the in's and out's of “Sales delays due to data privacy issues”, my only problem with the study is that I couldn't find any information on what data privacy issues caused what delays. This information would have been extremely useful and added weight to all the other data on geographical variations would make a lot more sense then.
“The other challenge of asking people in organisations about their level of maturity is that a high percentage may not understand the full extent of what that level of maturity requires in real terms, especially given that there is an international skills gap on GDPR. My feeling is that especially on this topic the results may be a little over optimistic compared to the reality.”