Pandemic response has improved privacy posture, says Cisco

by Joseph K. Clark

Over 90% of organizations polled during the compilation of Cisco’s annual Data privacy benchmark study reported that their data privacy teams played a crucial role in helping them respond to the challenges brought on by Covid-19, such as the shift to remote work, adjusting data-sharing arrangements and implementing data access controls. In findings that might seem somewhat counterintuitive at first glance, Cisco said that rather than being pushed aside, privacy advocates became more prominent over the past nine months or so. “When any serious threat to our safety and well-being arises, many would think privacy protections would take a back seat,” said Robert Waitman, a director in Cisco’s privacy office, in an introductory blog post.


“After all, our data, including our health status, social contacts, and physical locations, have been needed to help control the spread of Covid-19. What’s more, the rapid shift to remote working has left organizations scrambling to keep their functions up and running, and privacy protections might well have been an afterthought.” The report drew on responses from 4,400 organizations in 25 countries and found that across the board, businesses turned to their security teams to address the fact they were mainly entirely unprepared for such an event. Some 87% of individuals said they had had concerns about the privacy protections of the tools they were being asked to use, particularly in light of high-profile coverage of issues arising from the breakout conferencing platform Zoom.


The newly mission-critical nature of privacy policies is reflected in the day-to-day work of CISOs and other security pros. Over a third who identified as such said privacy, alongside risk assessment and management and threat response, was now one of their top areas of responsibility. This also means privacy measures are attracting board-level attention – Cisco said 90% of organizations are now rolling-up and reporting privacy metrics to the C-suite and boardroom. This may also be reflected in privacy budgets, which have doubled yearly. Cisco’s report also noted that external certifications such as ISO 27701 became a critical buying factor.

Waitman said it was clear data privacy has come of age and is no longer considered just a consumer benefit. The report revealed that over 66% of organizations benefit from enhancing their data privacy postures, including reducing sales delays and other operational efficiencies, improving innovation, and creating more loyal, trusting customers. Perhaps needless to say, this translates into bottom-line value, he said – with the average organization estimating a twofold return on their investment. In the future, the researchers found evidence of strong support for maintaining the privacy principles and protections established at the onset of the pandemic and for legal protections – 62% of respondents wanted little or no change to existing privacy laws.

However, while individuals tended to support their employers’ efforts to maintain a Covid-safe working environment, they were less optimistic about any mechanisms that track their location or collect or disclose information on one’s Covid-19 status, such as contact-tracing apps. People agree that using their data for such purposes should be limited and strictly controlled transparently, reasonably, and accountable. “The days of thinking about privacy as merely a compliance issue are over. Forged by the pandemic, privacy has become essential for management, employees, and customers alike,” said Waitman.

Related Posts