Data Privacy: The New Competitive Moat in 2024 (and beyond)
Rethink your PII approach– from compliance checkbox to revenue driver
(TL;DR version)
2024 has been the ‘Year of Endless Data Breaches’
But, why should we put up with personal data breaches?This blog post invites business leaders to see data privacy in a new light. I’m not talking about just updating policies or adding another security tool. I’m proposing a shift in how you view sensitive data (like PII) and how you architect your data systems to avoid PII leakage during a data breach:
➤ Different Mindset for Biz: Rethink PII protection as a compliance headache. Start seeing it as a business opportunity and competitive differentiator
➤ New Approach to Tech: Adopt “privacy by architecture” principles. Re-engineer your data infrastructure with privacy at its foundation, not as an afterthought.Think of it this way: What if you could turn data privacy from a cost center into a revenue generator? What if your approach to handling sensitive customer data became a reason customers choose you over competitors?
It’s time to move beyond “good enough” data protection. Make data privacy a cornerstone of your business strategy and a driver of growth.
Imagine this: You’re at a summer BBQ get-together, chatting with fellow business leaders, and the topic of data privacy comes up. You mention your company’s efforts to comply with regulations, and suddenly, the conversation shifts.
Someone asks, “But what if safeguarding PII (Personally Identifiable Information) could be your competitive edge?” It’s a thought-provoking moment that challenges the usual compliance mindset.
As a curious observer of data privacy trends, I have been noticing that data breaches have become increasingly frequent and rampant in 2024. These breaches are occurring at an alarming rate — almost weekly — and the consequences are severe– damaging the affected company’s brand reputation, negatively affecting stock price, giving ammo to competitors and causing an overall drop in their customers’ trust and their likelihood to buy/refer.
These incidents highlight how data privacy could become a key differentiator for enterprises dealing with large amounts of customer data. Other trends I believe driving this need for data privacy: Cloud migrations, Generative AI / LLM adoption, Regulatory compliances and Data residency.
In the age of AI, data privacy is not just a legal obligation or hollow term; it’s a strategic approach to building a competitive advantage. Companies prioritizing privacy can build trust, enhance their brand reputation and gain an edge.
By embedding privacy into their AI initiatives, businesses can navigate the complexities of the digital landscape while fostering growth and innovation. Privacy, ultimately, is not just about compliance — it’s about building a sustainable and trustworthy future in the digital age.
— Sean McElroy (Chief Risk & Security Officer, Lumin Digital ; Co-founder of Alkami Technology)
The Great Data Heist of 2024
2024 has already seen a wave of high-profile data breaches affecting millions of customers. PYMNTS.com has in fact called “2024 as the Year of the Cyberattack” following damaging attacks on more than a dozen enterprises globally, such as:
- National Public Data: ~2.9 billion
- Ticketmaster: ~500 million
- AT&T: ~110 million
- Dell: ~49 million
- MediSecure: ~13 million
- Evolve Bank: ~7.6 million
- Advance Auto Parts: ~2.3 million
Here’s a list compiled by TechCrunch:
The True Costs of Poor Data Privacy
Here are a few key findings from the Cost of a Data Breach 2024 report by IBM Security and Ponemon Institute:
- Reasons for USD 4.88M cost: Business disruption, post-breach customer support and remediation drove this cost spike. Hidden costs may include: Lost revenue, Reputational damage, Ransom payments (in 2023, these payments totaled $1.1 billion), Regulatory Fines and Penalties
– Example: Change Healthcare’s systems were down for over a month, creating a $14 billion backlog in payments through its claims clearinghouse (as per Activant Capital)
– These costs don’t include indirect expenses like management distraction and loss of intellectual property, which can be substantial but harder to quantify. - The costs could go up to ~USD 10M for industries with highly sensitive data, like healthcare and financial services industries:
3. The most common type of data stolen or compromised was customer PII, at 46%.
4. Employee PII: While customer PII was the most frequently compromised data type, employee PII emerged as the costliest. Breaches involving employee personal information resulted in significantly higher financial impacts. This underscores the critical importance of safeguarding not just customer data, but also the sensitive information of your workforce.
5. 40% of data breaches involved data stored across multiple environments. Breached data stored in public clouds incurred the highest average breach cost at USD 5.17M
6. The long road to full recovery: Recovery from a data breach is a marathon, not a sprint. Over 75% of organizations that fully recovered took more than 100 days to do so.
The Business Case for Data Privacy
According to Cisco Data Privacy Benchmark Study 2024:
ROI of Privacy Investments
Privacy has continued to provide attractive financial returns for organizations around the world. In this year’s Data Privacy Benchmark study, 95% indicated privacy’s benefits exceed its costs.
While privacy budgets remained roughly flat, on average, for 2023, at USD 2.7M, the average return on privacy investment was 1.6 times, meaning the average organization gets USD 160 of benefit for each USD 100 of privacy investment. Thirty percent of organizations are getting returns of at least two times their privacy investment. — Robert Waitman (Director - Privacy Center of Excellence, Cisco)
These statistics underscore a crucial point: data privacy is not just about avoiding fines — it’s about maintaining customer trust and driving business growth.
The Privacy Pioneers
Some companies are already leveraging data privacy as a key differentiator. Apple, for instance, has been leading the charge by building initiatives like Private Cloud Compute– solidifying its position as a privacy-focused brand.
Other examples include Netflix, Google, Goldman Sachs et al, who have engineered innovative solutions to protect customer PII.
The Cybersecurity Conundrum
While cybersecurity and data privacy are related, they’re not the same. The cybersecurity industry, despite being worth $200 Billion, has struggled to prevent these massive breaches.
The takeaway? We need to start thinking about privacy solutions as their own thing, separate from traditional cybersecurity. It’s not just about building higher walls; it’s about being smarter about what we keep inside those walls in the first place.
We should expect more from the software industry. We don’t want an email product that is so horribly designed that I need to go out there and buy an email security product; and a router that needs a router security product.
We want secure products. They need to be built right. Security and privacy by design, and by engineering. — Anshu Sharma (Co-founder & CEO, Skyflow)
So, What’s a Company to Do?
Companies rich in customer data have several options to ensure data privacy and protect PII/PCI/PHI:
- DIY: Build in-house solutions
- Mix and match: Integrate multiple point solutions
- Old school: Use traditional encryption methods
- Back to basics: Implement standard database security measures
- Go pro: Buy (read: Invest) a comprehensive privacy solution
What an Effective Privacy Solution may look like:
First things first, get your CTO (or Head of Engineering / Architecture / Privacy) in the driving seat.
A reliable privacy solution should ideally offer these capabilities to start off with:
- Zero-trust architecture
- Privacy-enhancing techniques
- Privacy by design and architecture
- Capabilities for data analysis (for marketing and support)
- Comprehensive data governance
What else?
Would love to hear your thoughts on transforming data privacy into a competitive advantage. Share your insights in the comments
Conclusion
As we move forward in 2024, it’s clear that prioritizing data privacy can build customer trust, boost reputation, and drive business growth. Companies that view data privacy as a strategic asset rather than a compliance burden will be better positioned to succeed in an increasingly privacy-conscious world.
By treating privacy as fundamental building block, investing in robust privacy solutions and making data protection a core part of their business strategy, companies can turn the challenge of data privacy into a powerful competitive advantage.
The future belongs to companies that go beyond “good enough” data protection.😎
Sources:
- McElroy, S. (2024, July 5). Leveraging AI’s impact to data privacy as a strategic advantage | Forbes Technology Council. Forbes. https://www.forbes.com/councils/forbestechcouncil/2024/07/05/leveraging-ais-impact-to-data-privacy-as-a-strategic-advantage/
- Whittaker, Z. (2024, August 12). The biggest data breaches in 2024: 1 billion stolen records and rising. TechCrunch. https://techcrunch.com/2024/08/12/2024-in-data-breaches-1-billion-stolen-records-and-rising/
- IBM Security. (2024). Cost of a data breach 2024. https://www.ibm.com/reports/data-breach
- Vickery, J., & Matthews, N. (2024, June). Data security (Shifting data left: How this minor piece of the cybersecurity stack could be the most fundamental). Activant Capital. https://activantcapital.com/research/data-security
- Cisco. (2024). Data privacy benchmark study 2024: Privacy as an enabler of customer trust. https://www.cisco.com/c/en/us/about/trust-center/data-privacy-benchmark-study.html
- Waitman, R. (2024). Study: Privacy is a key to customer trust. International Association of Privacy Professionals (IAPP). https://iapp.org/news/a/study-privacy-is-a-key-to-customer-trust
- Sharma, A. (2023). The software industry has failed at cybersecurity. What, now? LinkedIn. https://www.linkedin.com/pulse/software-industry-has-failed-cybersecurity-what-now-anshu-sharma/
