PRIVACY & INFORMATION SECURITY Business enabler or innovation barrier?
November 2019
A TICKET TO TRADE. UNLESS YOU CAN SEE IT’S A MARKET DRIVER.
Strategic role of data protection is yet unclear for many companies. The key motivation factors for personal data protection: Compliance with laws and regulations
81%
Safeguarding privacy of individuals
39%
Compliance with internal policies
ďŹ nd it highly relevant for their business strategy
However Business enabler
75%
61%
28%
The survey involved 1,300 professionals worldwide in companies in the primary, secondary and tertiary sectors.
PERSONAL DATA
Handling entails risks for companies. The human factors worry companies more than external threats. They see high risk areas: Especially when it is customers’ data 46%
31%
29%
Customers
Business partners
End users/ consumers
27%
22%
17%
Employees and their families
Suppliers
External consultants
Lack of legal competence
Linked to human factors
Lack of employees awareness Lack of management awareness Human error
Linked to technology
InsufďŹ cient IT security
24% 22% 20% 20%
19%
INVESTMENT PRIORITIES
After years of focus on infrastructure, the human factor is part of the picture. Companies mainly invest in:
LEADERS
IT security enhancement
49%
50%
Training/awareness for staff
43%
50%
Risk assessment
38%
47%
LEADERS DO BENEFIT
They face fewer difďŹ culties and can seize competitive advantages.
40%
struggle to know where to focus their efforts to be compliant LEADERS
18%
34%
feel a lack of support and regulatory guidance
17%
51%
consider personal data management as a competitive advantage
62%
NEW TECHNOLOGIES AND REGULATIONS: VALUE OR COMPLICATION?
Many companies are still unsure of the impact.
17%
15%
34%
see beneďŹ ts
see threats
30% New digital technologies
do not see regulations as an obstacle to innovation projects
30%
MANAGING DATA PROTECTION
Leading companies are still few, but investments expected to increase.
TODAY
8% few companies see themselves as leading
2 YEARS FROM NOW
21%
with more aspiring to become leading
77%
expect to maintain or increase investments in privacy management in the next 12 months
93% LEADERS
ISO/IEC 27001
Certification is a valid support for data protection. The benefits from ISO/IEC 27001 match the most pressing privacy risks: Commitment by management
83%
of certified companies were greatly supported by their ISO/IEC 27001 management system
Linked to human factors
Ability to meet stakeholder’s requirements
Employeee engagement
Linked to technology
Implementing appropriate technical and organizational security measures
51% 50% 44%
46%
LEADERS' FEATURES
Personal data protection is key to their business strategies.
Beyond mere compliance, they are also motivated by market drivers.
Leaders know where to focus their efforts and manage regulations.
Privacy is managed through deďŹ ned company roles and responsibilities.
Will continue to make investments for data protection.
Leaders see beneďŹ ts from new digital technologies.
Consider ISO/IEC 27001 as a valuable support for managing personal data.
Privacy regulation is not perceived as a limit to innovative projects.