This month must be “Get Serious Month” for BlackBerry, Cisco, and Microsoft, because two of these firms’ CEOs came out personally very strongly on privacy and the third—Cisco—released a powerful study that points dramatically to the need for privacy protection and the negative impacts on companies that have been unable to adequately supply it.
These are important voices that are standing up for something that never should have gotten as far out of hand as it has, and the lack of protection has put us all at extreme risk. Let’s cover all three things in the context of this dramatic need for privacy protection starting with the Cisco study to set a foundation.
Cisco’s 2019 Data Privacy Study and Organization Update
Cisco has always taken security very seriously, and privacy is a major component of keeping a firm or an individual secure. But, with GDPR, this has now translated to monetary damage with the survey reporting that a whopping 87 percent of companies responding—up significantly from 66 percent last year—are experiencing significant delays to their sales cycle due to prospects’ privacy concerns.
Interestingly, sales delays by country varied significantly as well with from 2.2 weeks for Italy, Turkey, and Russia, to around 5.5 weeks for Spain, Brazil and Canada. The longer sales delays were attributed to either higher privacy requirements, or a country in transition to new privacy requirements (so what was needed for compliance was likely in question). As you know, delayed sales cause revenue shortfalls that can either defer revenue to later periods or shift revenue to more responsive/effective competitors.
The top reasons reported by respondents included requests by customers for privacy needs, translation of privacy information into different languages for customers, educating customers about the firms’ privacy practices, and/or redesigning products to specifically meet customer privacy needs.
GDPR readiness generally sucked in Europe, ranging from around 75 percent for Spain, Italy, the UK, and France to around 42 percent for China, Japan, and Australia. Given the associated penalties, this should be closer to 99 percent at this time and—I expect—this will result in some significant fines across Europe.
It would seem obvious that those that were prepared for GDPR would be far more resistant to data breaches, and this is true given 37 percent of these firms reported a breach vs. 64 percent of firms that weren’t prepared being breached. The 37 percent should be much lower for prepared companies, however, suggesting some firms that think they are prepared aren’t (and it remains likely that both groups are under reporting breaches because, sadly, not reporting a breach, has been a common practice).
This all points to the extreme importance of privacy and the increasingly massive costs associated with not getting privacy protection post-GDPR right.
Satya Nadella Promotes Global GDPR At Davos
Microsoft CEO Satya Nadella in an interview at Davos for Business Insider recommended that the US specifically adopt its own version of a GDPR and that this standard should be global. Satya has long been a major proponent of the idea that privacy should be a human right. Satya was supported by Microsoft President Brad Smith who spoke on the topic and argued that 2018 was a “watershed” year for the technology industry.
The overall goal for both men—and by extension Microsoft—was for a global GDPR standard, making it far easier for firms to comply with something consistent and resulting in a far safer world for users globally as a result. (It is interesting to note that the Business Insider article suggests there are people in Microsoft who appear to not be on the same page—not an uncommon problem in a large multi-national but one Satya and Brad will need to address).
John Chen Blends Trust with Privacy
John Chen, who—like Satya Nadella—has done an amazing job as CEO (of BlackBerry) pointed out in a blog that we are facing a trust crisis because of privacy problems. He argued that trust is founded by two things, security and privacy, and suggests we often can’t trust the device we are using because the company that made it didn’t take security or privacy seriously enough. With all of the breaches, both reported and not, people are losing trust with their vendors. And it isn’t just the vendors they are losing trust with, but other leaders (including politicians) that speak a good game but aren’t delivering on their promise because people and accounts continue to become compromised.
Like Nadella, he argues that governments need to step up and he also calls out GDPR specifically—bringing his recommendation in line with that law. Rather than providing some kind of ad hoc security overlay, he argues we must build security and privacy into the products from the start and make them an integrated feature not an afterthought. No back doors and a comprehensive approach to the problem is what he believes is needed—something he shares with most of the security experts I’ve known over the years. Overlays just don’t work. If security and privacy isn’t integrated, it will likely be inadequate.
He continues with his position that if we accept that the technology industry runs on data—which is directly connected to both revenue and profit—that firms need to seriously consider the cost associated with not getting this right. With the level of related fines and liability, revenue could be badly damaged and profit eliminated if the firm doesn’t take this seriously enough. He also argues that GDPR compliance will build trust and I’d argue that trust is critical to brand loyalty and both customer acquisition and retention.
Finally, he spoke on the vast potential for connected devices to solve the worlds problems but only if that technology can be trusted and that there needs to continue to be a focus on keeping this as simple as possible—seeming to resonate with Nadella’s position for a globally consistent GDPR law.
Wrapping Up: Global GDPR
All three vendors Cisco, Microsoft, and BlackBerry appear to be on the same page that a global GDPR standard is critical to the future of the technology market. In a perfect world, all vendors would take privacy seriously but the problem we currently have is that some of the biggest make their money from selling this information—an unfortunate, lasting outcome of the dotcom collapse in the 1990s. I personally believe that model needs to be retired, or at least significantly changed, if we are truly ever going to get serious about privacy and trust, and that we should go back to a pay as you go concept for most things. Asking a company designed to profit from your personal information to give that up is unlikely to result in the needed outcome unless the connected massive profit potential is significantly reduced. Even the huge penalties may not be enough because there will always be those executives who will feel the risk is worth the reward. One of our biggest shortcomings as a race is even wanting to accurately assess the potential risk of a move which is largely what lead to the Sub Prime market collapse a few years ago.
In any case, moving to a global GDPR standard would both be better for us as users and far easier for firms to comply with and thus a huge step in the direction to protect our privacy and restore trust with technology vendors.
*** This is a Security Bloggers Network syndicated blog from Security – TechSpective authored by Rob Enderle. Read the original post at: https://techspective.net/2019/01/26/blackberry-cisco-and-microsoft-move-aggressively-to-protect-trust-and-privacy/