In its 2019 Data Privacy Benchmark Study, Cisco found a correlation between GDPR preparedness and the frequency and severity of data breaches. Even though the vast majority of businesses reported having a data breach in the past year, 74% of GDPR-ready companies experienced one compared to 80% of companies that are less than a year from having compliance measures in place and 89% of companies that report being more than a year away from compliance.Of the breaches that did occur, companies with compliant privacy provisions in place had an average number of 79,000 records impacted compared to 212,000 for the least-prepared, and had an average systems downtime of 6.4 hours compared to 9.4.
This translated into lower breach-related costs, with only 37% suffering losses of more than $500,000, compared to 64% of those least prepared.
Survey respondents also indicated some concrete benefits from implementing the more robust privacy programs required. When selling to existing customers, GDPR-ready companies reported privacy-related sales delays from request investigations, policy translation and product redesign of only 3.4 weeks compared to 5.4 weeks for the least prepared.