top of page
Writer's pictureprivcombermuda

In Bermuda, Privacy Means Business: How Investing in a Privacy Programme Pays Off


If you don't have a privacy programme, your business is missing a trick.


Privacy management programmes often seem like a sunk cost - something you must spend money on and never see a return on that investment. However, recent studies into the benefits of these programmes have shown that they will in fact improve the business's efficiencies and competitive standing in a manner that repays the business in a variety of ways.


The idea that a privacy programme makes business sense has two basic aspects: the potential to reduce losses and the potential to earn money.


In 2014, a privacy consultancy (TrustArc, formerly TRUSTe) enlisted Forrester to conduct a survey of how their product reduces losses and brings benefits for their clients. Of course, not all privacy programmes will have the same impact - mileage may vary, as the saying goes - but according to Forrester's analysis, there was a clear message: privacy programmes can reduce brand damage and compliance risk. So how do we calculate these sorts of gains?


Forrester used data from the Ponemon Research Institute, who found that in 2013 there was an estimated 8.7% chance for a data breach to happen, and the average cost of a data breach was around $3 million. That made the expected yearly cost around $260,000. Forrester then estimated that a successful privacy programme would reduce the chance of having a breach by 25% - meaning an annual savings of around $65,000.

Since then, the average cost of a data breach has gone up to $3.86 million, with an average cost of $150 per lost or stolen record (IBM Cost of a Data Breach Report 2020, with breach calculator). Note for healthcare: the average cost is almost double, at $7.13 million.

The beauty of having a formula like this is that you can do the math for your own business, large or small. What does a 25% reduction of risk do for you?


But there is more than just avoiding risk - Forrester went on to develop a formula for the Total Economic Impact (TEI) of privacy, that included factors like customer trust and the value of an ethical reputation, as described in their 2019 paper "The ROI of Privacy". Using this methodology, they calculated that privacy programmes have a net benefit from year one, with a return on investment (ROI) of 17% by year three.


The International Association of Privacy Professionals (IAPP) agrees that privacy can be a competitive differentiator. Privacy programmes help to develop customer relations and trust by improving transparency and communications. According to the IAPP white paper "Getting to the ROI of Privacy", 83% of consumers "only utilize websites/vendors that [they] trust." 57% have uninstalled an app or chosen not to install it due to privacy concerns.


Individuals are asking more and more about privacy before buying. Investors are asking about privacy and cybersecurity controls as part of their due diligence before funding.


Perhaps the most dramatic and recent details come from Cisco's Data Privacy Benchmark Study 2020: "From Privacy to Profit: Achieving Positive Returns on Privacy Investments." In summary:

  • The average organisation has a $2.70 return on $1.00 of privacy spend, with over 40% of those organisations doubling the return on their investment.

  • 70% of organisations that implement a privacy programme say that they are more innovative, have a competitive advantage, are more attractive to customers, and have better consumer trust.

  • Organisations that implement accountability programmes (as discussed in the "Bermuda Report on Information Accountability", pages 13-16) lower their breach costs and even make sales faster.

  • Organisations find that their business partners are asking about their privacy programme and audit results or certifications they hold.

People have become more aware of the privacy risks when an organisation collects personal information. Whether they are a potential customer or potential investor, they want to know how a business treats data - even hesitating to make a purchase or investment until those concerns are clarified.


On the other hand, customers are more loyal and investors more likely to spend if they see that a business has a handle on privacy issues.


Businesses have an opportunity to make changes now that will set them - and their returns - up for years to come, if they take advantage of this privacy pipeline.


Alexander McD White

Privacy Commissioner


Has your business had a positive return on a privacy management programme? We would love to hear about it and highlight your work. To reach out to the Office of the Privacy Commissioner, please visit our Contact Us page.

bottom of page