Data Privacy Compliance Top Priority for Companies, Yet Nearly Half Not Concerned About Regulatory Fines


A new report, The Intersection of Data Privacy and Cybersecurity, which examines how data privacy, governance, and security leaders are empowering cyber-secure digital transformations within their organizations. Research uncovered that the vast majority of participants (94%) ranked data privacy compliance as a top priority for their organization. Yet nearly half (45%) aren’t concerned about regulatory fines and penalties despite a growing number of regulations and data breaches. Instead, their motivations are focused more on building trust with their customers and partners. The study of 125 data privacy, governance and security leaders was conducted throughout April and May and sponsored by Okera, the Universal Data Authorization company.

Among the key findings, respondents ranked ensuring data security at a fine-grained level as the top benefit of centralizing data authorization and control. Fine-grained access control provides data owners the ability to dynamically hide, mask, or tokenize data to prevent inappropriate access to confidential, personally identifiable, or regulated data. Further, two-thirds of organizations (64%) report taking a zero-trust, least privilege approach to secure data access all or most of the time.

“It has never been more important for all business leaders to understand the relationship between their organization’s privacy and cybersecurity programs, how the two overlap, where the challenges are, and how they can build upon one another to protect customers, employees, partners and the organization’s brand,” said Nick Halsey, Okera CEO. “It’s clear that as the market continues to grow, more sophisticated organizations will transition to a centralized platform for data authorization and control to ensure access to sensitive data at the fine-grained level, particularly if they want to retain the trust of their customers and partners.”

Reflecting market maturity, the study found that organizations are taking a strategic approach to complying with multiple data privacy laws with nearly half (49%) automating and standardizing enforcement compared to just 6% that are focused on only one privacy regulation. Nearly three-quarters of organizations (72%) have moved at least half of their data to the cloud, and an impressive 70% of leaders stated they’re very or extremely confident they know where all of their data is.

“You take a reputational risk when you fall out of regulatory compliance. If you lose customer trust, you can’t simply pay a fine to fix it,” said Raj Badhwar, SVP and Global CISO, Voya Financial, a participant in the study.

Another participant in the study, Rick Doten, VP, Information Security & CISO at Carolina Complete Health, commented, “We need to know where our data is, what it is, which applications access it, and who uses those applications. Then, we need to be able to tag it and control it. Data governance is the answer.”

Additional Highlights

  • Zero Trust isn’t easy – While 64% of businesses see taking a zero-trust, least privilege approach to data security as a guiding principle, many companies still struggle to centralize their data management capabilities, which is the only way to ensure fine-grained access control over all sensitive data.
  • Better regulatory compliance is the leading driver of data privacy investments – The top three drivers of investments into the secure access of confidential, personal, and regulated data are better regulatory compliance (54%), improved business efficiency (50%), and managing costs (44%).
  • Most effective business case – To secure budgets for data privacy and security initiatives, CPOs and CISOs should focus on the most significant risks affecting business operations.

The full report can be downloaded here