No matter where we go in our online world, we leave behind a digital footprint. And this same personal information that we put out there has become an integral component of powering everyday business operations and strategies. With the rapid escalation of data privacy laws across the globe, growing threats of ransomware attacks and heightened consumer concerns over the commercial use of personal data, privacy continues to rise to the top of boardroom agendas. Here are 28 data privacy stats that are shaping business and security priorities:
- 69% of countries around the world now have data protection and privacy legislation in place. A further 10% have draft legislation; 5% have no data and 16% of countries have no data protection or privacy laws. (UN)
- 76% of global consumers believe that companies need to do more to protect their data privacy online (Global Consumer State of Mind Report)
- The average total cost of data breach rose from $3.86m in 2020 to $4.24 million in 2021. Healthcare topped the costliest industries for data breaches, averaging $9.23 million (IBM).
- Most organizations are seeing very positive returns on privacy investments, and more than 40% are seeing benefits at least twice that of their privacy spend. (Cisco)
- 70% of risk and compliance experts said the pandemic has increased their reliance on technology to improve decision making, performance monitoring, and risk management. (Thomson Reuter’s Fintech, Regtech and the Role of Compliance report)
- Between July 2020 and July 2021, the number of GDPR violations increased by 113.5%. Over the same period, the number of GDPR fines saw a 124.92% growth. (Finbold)
- Between January 2021 and January 2022, nearly €1.1 billion in fines were imposed for a wide range of GDPR infringements. This represents a 594% annual increase in fines. (DLA Piper)
- Ireland now ranks second in the EU for total fines issued under GDPR to-date. It was also the country that imposed the second largest individual fine in 2021. (DLA Piper)
- The highest individual fines in the EU in 2021 were in Luxembourg (€746m), Ireland (€225m) and France (€50m)
- 82% of organizations view privacy certifications, such as ISO 27701 and Privacy Shield, as a buying factor when selecting a product or vendor in their supply chain. (Cisco)
- One data privacy stat that is capturing the shifting landscape is the percentage of organizations saying they receive significant business benefits from privacy; this percentage has grown to over 70%. (Cisco)
- In recent years, threat actors have moved from just infesting systems with ransomware to double extortion, whereby they also threaten to exfiltrate the data and release it to the public or sell it. Threats to leak the pilfered data have seen a sharp increase, going from 8.7% in 2020 to an extraordinary 81% in the second quarter of 2021. (ENISA Threat Landscape 2021)
- 60% of global consumers say they would spend more with a brand that they trust to handle their personal data responsibly. (Global Consumer State of Mind Report)
- The leading risk among organizations was business interruption (41%), including supply chain disruptions. This was followed closely by cyber incidents such as cybercrime, data breaches, and fines and penalties at 40%. (Statista)
- Risk and compliance programs are maturing. Navex Global found that the number of “mature and advanced” risk and compliance programs grew by 29%, while the number of “reactive and basic” ones declined by 35%. (Definitive Risk and Compliance Benchmark Report 2021)
- 44% of organizations say their top compliance management challenges are handling compliance assessments, undergoing control testing, and implementing policy and process updates. (MetricStream State of Compliance Survey Report 2021)
- 55% of organizations say their compliance culture is based around a “Can we?” rather than “Should we?” attitude, pointing towards a new mindset that focuses on building a more proactive and positive compliance culture. (Deloitte: State of Compliance Report)
- 65% of organizations say that they predict that they will be spending more on cybersecurity and privacy resources. (ACA Key Trends and Forces Shaping Risk & Compliance Management in 2021)
- 78% of companies worldwide say ‘zero trust’ has increased in priority, and nearly 90% are currently working on a zero-trust initiative. (Okta’s State of Zero Trust Security Report 2021)
- One compelling data privacy stat born out of the accelerated pace of digital transformation pivots around risks associated with remote work. IBM found that remote work poses a new threat for data breaches. In fact, breaches cost over $1 million more on average when remote work was considered a factor in the event. (IBM)
- Customer personal data (such as name, email, and password) is included in 44% of data breaches. (IBM)
- 62% of companies expect more compliance involvement in cyber resilience in the coming years. (Thomson Reuter’s Cost of Compliance Report 2021)
- When surveyed, 1,100 compliance and GRC professionals ranked their top priorities for 2022 as
- Marketing and advertising
- Cyber and privacy
- Environmental, social, and governance. (ACA Virtual Fall Conference Report 2021)
- Organizations spend $5.47 million on compliance compared to an average of $14.82 million for non-compliance. (GlobalScape The Total Cost of Compliance with Data Protection Regulations)
- The worldwide information security market is forecast to reach $170.4 billion in 2022. (Gartner)
- The global data centric security market value was US$ 2.71 billion in 2020. The global data centric security market is forecast to reach US$ 39.341 billion by 2030, and the market will grow at a compound annual growth rate (CAGR) of 30.3% during the forecast period from 2021-2030. (MarketWatch)
- From April 2020 – July 2021 the frequency and the complexity of ransomware attacks increased (by more than 150%) and became one of the greatest threats that organisations face today regardless of the sector to which they belong. (ENISA Threat Landscape 2021)
- Through 2022, privacy-driven spending on compliance tooling will rise to $8 billion worldwide. (Gartner)
Not sure where to start with implementing a future-ready data strategy? You’re not alone! Taking the time to match the right technologies and expertise with your business needs is a critical step in overcoming everyday data challenges and leveraging privacy as a commercial differentiator. Get in touch today to let us know what you need help with.