Investor Relations

Two-Thirds of Businesses Report Sales Delays Caused by Customer Data Privacy Concerns


Cisco global study finds estimated average delay of nearly two months in sales cycles; privacy-mature businesses experience 80 percent shorter sales delays

SAN JOSE, Calif., Jan. 25, 2018 (GLOBE NEWSWIRE) -- Data privacy concerns are causing significant sales cycle delays for up to 65 percent of businesses worldwide, according to findings in the new Cisco® 2018 Privacy Maturity Benchmark Study. In addition, the study shows that privacy maturity is connected to lower losses from cyberevents: 74 percent of privacy-immature organizations experienced losses of more than $500,000 last year caused by data breaches, compared with only 39 percent of privacy-mature organizations.

Privacy maturity is a framework defined by the American Institute of Certified Public Accountants (AICPA) and is based on Generally Accepted Privacy Principles (GAPP).

The study surveyed nearly 3000 global security professionals in 25 countries regarding their privacy maturity and any effects of data privacy on their business. A surprising two-thirds of respondents indicated that data privacy was causing delays in their sales cycles, with an average estimated delay of 7.8 weeks.

The pending May 2018 enforcement of the General Data Protection Regulation (GDPR), the new law enacted to increase protections of European Union (EU) citizens’ privacy and personal data, might also be a factor in these delays. Customers are increasingly concerned that products and services they buy provide appropriate privacy protections. GDPR’s provisions apply to any company that processes, stores, or uses this data.

Respondents were asked to assess their current privacy maturity level, according to the standard AICPA model, which defines five privacy maturity levels: ad hoc, repeatable, defined, managed, and optimized. The study found that:

  • The average sales delay for those with ad hoc maturity was 16.8 weeks, but delays decreased for businesses with higher privacy maturity levels.
  • Businesses with optimized privacy processes reported 3.4 weeks of sales delay, which is an 80 percent reduction compared to ad hoc organizations.
  • Geography and industry also appear to play a significant role in the length of delay.

Given these widespread and significant delays, every company should assess its own situation to evaluate where customer privacy concerns might postpone business. Aside from legal compliance, depending on the potential revenue effects and their current privacy maturity level, companies should explore the return on investment of privacy process improvements and the beneficial effects that deploying such measures could have on sales.

Cisco 2018 Data Privacy Maturity Benchmark Study highlights

Data privacy concerns drive sales delays

  • Companies in the government and healthcare sectors exhibited the longest average sales delays—19 weeks and 10.2 weeks, respectively—compared to other industries.
  • Companies in the utilities, pharmaceuticals, and manufacturing sectors reported the shortest average delays, all 3 weeks or less.
  • By geography, Latin America and Mexico are experiencing the longest sales delays, at 15.4 weeks and 13 weeks, respectively.
  • China and Russia have the shortest delays, at 2.8 weeks and 3.3 weeks, respectively.

Privacy-mature organizations experience shorter sales delays

  • The average sales delay (in weeks) by privacy maturity stage were as follows: ad hoc (16.8), repeatable (9.8), defined (5.1), managed (4.4), and optimized (3.3).
  • Since organizations in the defined stage experienced 70 percent shorter sales delays vs. those in the ad hoc stage, companies might benefit significantly from moderate improvements in privacy maturity. Those that are “optimized” saw 80 percent shorter delays.

Privacy-mature companies experience fewer breaches and smaller losses from cyberattacks

  • Overall, 53 percent of respondents reported losses greater than $500,000 related to cyberattacks in the last 12 months.
  • Privacy-immature companies (i.e., ad hoc stage) had the highest percentage (74 percent), with the percentage decreasing with increasing privacy maturity. The other levels were repeatable (66 percent), defined (49 percent), managed (43 percent), and optimized (39 percent).

Given the potential effects of these delays on sales and revenues, Cisco advises organizations to take the following steps:

  • Measure current delays: Assess the scope of sales delays due to data privacy issues and understand how much sales revenue might be affected by the delays.
  • Assess root causes: Portions of a delay may be caused by sales teams being unable to address customer concerns, incomplete or inaccessible corporate policies, or engineering/design issues. Executives need to know root causes to determine resolutions.
  • Establish ongoing metrics and targeted initiatives: Regularly measure and track the sales delay metric, and set priorities for appropriate investments to reduce the delays.
  • Explore effects on cyber losses: Assess the cause of any data breaches and losses that might have been avoided through more mature data privacy processes.
  • Develop a data privacy and protection plan: If such a plan does not currently exist, plan to create policies and protocols that contribute to good security hygiene.

Read the Cisco 2018 Privacy Maturity Benchmark Study.

Supporting quotes

  • Michelle Dennedy, Chief Privacy Officer, Cisco:

"This research demonstrates that good privacy is good for business, and organizations need to invest in data privacy governance and process to reap the benefits.”

  • John Gevertz, Chief Privacy Officer, VISA Inc.:

“Privacy professionals and sales executives all know that privacy/data protection concerns can slow the sales cycle. Having good data to support that knowledge will help drive the actions needed for improvement.”         

  • Dr. William Lehr, Economist, Massachusetts Institute of Technology:

“This study provides valuable empirical evidence of the linkage between firm privacy policies and performance-relevant impacts. These results are indicative of the direction that future empirical research on privacy, and cybersecurity more generally, should take to better validate and focus our understanding of best practices in these important areas.”

Supporting resources
Cisco 2018 Privacy Maturity Benchmark Study
Cisco Data Privacy
Infographic: Good Privacy is Good for Business
Blog: Are Customer Data Privacy Concerns Slowing Down Business?
Podcast: Good Privacy is Good for Business
Follow us @CiscoTrust

About Cisco

Cisco (NASDAQ:CSCO) is the worldwide technology leader that has been making the Internet work since 1984. Our people, products, and partners help society securely connect and seize tomorrow's digital opportunity today. Discover more at and follow us on Twitter at @Cisco.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. 

RSS Feed for Cisco:

Press RelationsAnalyst RelationsInvestor Relations
Ella NevillJenna DustonMarty Palka
617-951-6622408-424 7210408-526 6635

Primary Logo

Source: Cisco
NASDAQ: CSCO $ 46.44 -01.95 -4.03% Volume: 37,982,822 Market Cap 20 minute delay December 7, 2018

Email Alerts

You may automatically receive Cisco Systems financial information by email.

NOTE: Re-select all alerts you would like to receive if you change your subscription preferences.

Email Address *
Mailing Lists *

Enter the code shown above.

Investor Contact

To report a change of address or lost stock certificate, or to request account information, please contact our transfer agent:

Computershare Investor Services
P.O. Box 505000
Louisville, KY 40233

Toll Free: 800-254-5194
International: 781-575-2879
Fax: 781-575-3604