Customer privacy concerns led to sales delays for most businesses last year as fears escalated in the wake of massive data hacks at Equifax, Yahoo and other companies.
About 65 percent of businesses say privacy concerns impacted how quickly they were able to sell their products and services, according to a Cisco study released Thursday. The average length of a sales delay was nearly 8 weeks.
"We're seeing that good privacy, mature privacy, well measured and studied privacy is good for business, and we have the data to show it," said Michelle Dennedy, Cisco's chief privacy officer, in an interview.
Companies could lose money from delayed sales, especially if a customer switches to a competitor during that time, according to the study.
More government regulation, including in Europe, and consumer awareness may explain why privacy concerns delayed sales, Dennedy said.
Cisco, which sells security products, also found that businesses with better privacy processes reported lower losses from data breaches.
About 74 percent of businesses with incomplete or inconsistent privacy procedures reported losing more than $500,000 last year because of a data breach.
The San Jose technology firm surveyed more than 3,600 security professionals in 25 countries across multiple industries, including government, healthcare, retail and education.
Companies in government and healthcare, which handle more confidential data than other industries, saw the longest average sales delays. Utilities and pharmaceutical businesses had the shortest sales delays.
Businesses in Latin America, Mexico and Japan reported the longest sales delays while China and Russia had the shortest delays. In the United States, the average sales delay was 7.7 weeks -- nearly equal to the overall average delay.
The double-blind survey was conducted between October and December and included businesses of various sizes, according to Cisco.
Businesses are also taking consumer privacy concerns more seriously because of a new European data privacy protection law that takes effect in May, some analysts say.
Called the General Data Protection Regulation, the law aims to give people in Europe better control over the data companies collect on them. Under the law, for example, businesses have 72 hours to report a data breach and consumers will have the right to request that firms erase their personal data.
Companies that fail to comply with this law will face fines of up to 4 percent of their global annual revenue, or 20 million euros.
"When you're a global company, even if you're U.S. based and you have operations in Europe, it's more expensive to have two systems," said Avivah Litan, a Gartner analyst who focuses on cybersecurity. "It's just more cost effective to treat European customer data the same way you treat American customer data."
Businesses should not only educate employees about how to protect data, but make sure they're using the right tools to safeguard consumer information, Dennedy said.
Cisco's study comes just ahead of Data Privacy Day on Jan. 28, an annual celebration of the signing of the first legally binding international treaty for privacy and data protection.
On Thursday, the National Cyber Security Alliance [held] an event at LinkedIn's San Francisco office with data privacy experts, which was also to be streamed live online.
© 2018 San Jose Mercury News
syndicated under contract with NewsEdge/Acquire Media. All rights reserved.