Cisco Study: Over 25% of Organizations Ban GenAI Due to Privacy Risks

Cisco unveiled its 2024 Data Privacy Benchmark Study, offering an annual examination of pivotal privacy issues affecting businesses. Timed with International Data Privacy Day, the report underscores mounting concerns regarding GenAI, trust hurdles confronting organizations in AI utilization, and the compelling benefits of privacy investments. Surveying 2,600 privacy and security experts across 12 regions, the seventh iteration of the Benchmark emphasizes that privacy risks transcend mere regulatory compliance, signaling its integral role in contemporary business landscapes.

Growing Privacy Concerns with Generative AI

“Organizations see GenAI as a fundamentally different technology with novel challenges to consider,” said Dev Stahlkopf, Cisco's Chief Legal Officer. “More than 90% of respondents believe GenAI requires new techniques to manage data and risk. This is where thoughtful governance comes into play. Preserving customer trust depends on it.”

Primary concerns for businesses include potential threats to organizational legal and intellectual property rights (69%), alongside the risk of information disclosure to the public or competitors (68%).

While most organizations acknowledge these risks, many are implementing controls to mitigate exposure: 63% have set restrictions on data entry, 61% have limitations on employee use of GenAI tools, and 27% have temporarily prohibited GenAI applications altogether. Nevertheless, significant numbers of individuals have inputted potentially problematic data, such as employee information (45%) or non-public company data (48%).

Slow Progress on AI and Transparency

Presently, consumers harbor concerns about AI usage with their data, with 91% of organizations acknowledging the necessity to provide further reassurance to customers regarding the legitimate and intended purposes of their data in AI applications. This mirrors the levels observed last year, indicating minimal progress in addressing these concerns.

Organizational priorities for building consumer trust diverge from individual concerns. Consumers prioritize receiving clear information about their data usage and preventing their data from being sold for marketing purposes. Conversely, businesses prioritize compliance with privacy laws (25%) and averting data breaches (23%). The findings indicate a need for increased transparency, particularly with AI applications where understanding algorithmic decision-making processes may be challenging.

Privacy and Trust: The Role of External Certifications and Laws

Businesses acknowledge the necessity of reassuring their customers regarding data usage, with 98% affirming that external privacy certifications significantly influence their purchasing decisions. This figure represents the highest level recorded in recent years.

“94% of respondents said their customers would not buy from them if they did not adequately protect data,” explains Harvey Jang, Cisco Vice President and Chief Privacy Officer. “They are looking for hard evidence the organization can be trusted. Privacy has become inextricably tied to customer trust and loyalty. This is even more true in the era of AI, where investing in privacy better positions organizations to leverage AI ethically and responsibly.”

Despite the costs and requirements privacy laws may impose on organizations, 80% of respondents said privacy laws have had a positive impact on them, and only 6% said the impact has been negative. Strong privacy risks regulation boosts consumer confidence and trust in the organizations they choose to share their data with.

Moreover, numerous governments and organizations are implementing data localization mandates to confine specific data within a country or region. While a majority of businesses (91%) assert that storing data within their country or region inherently enhances its security, 86% also express confidence that a global provider, operating at scale, can offer superior data protection compared to a local provider.

Privacy: a Valuable Investment

In the last five years, privacy expenditure has more than doubled, with increasing benefits and sustained robust returns. This year, 95% of respondents stated that the benefits of privacy outweigh its costs, with organizations reporting an average of 1.6 times return on privacy spending. Additionally, 80% experienced significant "Loyalty and Trust" benefits from their privacy investments, rising to 92% for the most privacy-mature organizations.

In 2023, the largest organizations (10,000+ employees) augmented their privacy spending by seven to eight percent compared to the previous year to contain privacy risks. Conversely, smaller organizations witnessed reduced investment, with businesses employing 50-249 individuals decreasing their privacy expenditure by a quarter on average.