Protiviti-Oxford survey shows ‘us vs. them’ disconnect in how global execs view data privacy

In brief

  • 86% of executives say they are confident or extremely confident their company is doing everything it possibly can to protect customer data.
  • Only 8% of global executives say they are concerned or extremely concerned about their company’s ability to protect customer and client data over the next five years.
  • 80% of global business leaders say AI will be beneficial for their company’s data privacy and cybersecurity strategies over the next five years. Only 5% said AI would be harmful to those efforts.

When it comes to data privacy, it’s all personal—especially when it comes to business leaders’ opinions about their own company’s privacy practices compared to other companies, according to the findings of the Protiviti-Oxford survey Executive Outlook on the Future of Privacy, 2030.

When we asked global business leaders how concerned they were with their company’s ability to protect their customer data, a mere 8% said they were concerned or extremely concerned. But when we probed their level of concern about their own personal data privacy, 78% said they were concerned or extremely concerned. Same executives, same survey; just a handful of questions apart.

Furthermore, one in five said they had “no concerns at all” about their company’s ability to protect customer data. No concerns at all? Do they not get the same regular data breach notices the rest of us do? Of course they do, which is why more than three quarters of respondents said it was likely they would personally experience a significant data breach over the next five years. But, apparently, not at the companies of the business leaders we surveyed.

Download your copy of the Protiviti-Oxford survey report “Executive Outlook on the future of privacy, 2030.”

Image
Chart shows Concern about exec's personal data privacy, vs. concern about their company's ability to protect customer data over the next five years
Chart shows Concern about exec's personal data privacy, vs. concern about their company's ability to protect customer data over the next five years

The apparent disconnect and overly enthusiastic optimism about their own company’s data security and privacy practices didn’t stop there. Consider:

  • 86% say they are confident or extremely confident their company is doing everything it possibly can to protect customer data.
  • 82% believe their organisation’s current practice of data management is either effective or extremely effective in ensuring comprehensive data privacy.
  • 75% report their company is either prepared or extremely prepared to adequately address the privacy function in terms of both funding and resources between now and 2030.
  • 84% rate their organisation’s effectiveness in maintaining customer trust when it comes to data protection as either effective or extremely effective.
  • 77% say they are confident or extremely confident of their employees’ ability to understand the need and ways to keep customer data secure. That number is even higher for executives over 50 (85%) and for those in North America (91%).
  • 74% say their company has a positive reputation for privacy/data protection and customer trust relative to their nearest competitors. Only 2% would admit that their company has a negative reputation in terms of privacy.

If all these findings seem wildly optimistic to you, you are not alone. Aside from the one age and geographic disparity pointed out above, they are consistent across the survey. So, what is going on here? Is this honesty or hubris? Should we be relieved or alarmed?

Even in an anonymous survey, it’s probably not too surprising that C-suite executives or board members would be more hesitant to admit their company is not top-notch when it comes to data privacy than they are to report their significant concerns about other companies playing fast and loose with their own data and privacy. We don’t know if that alone accounts for the disparity we see.

Only 2% of executives would admit that their company has a negative reputation in terms of privacy.
Image
How confident are you your company is doing everything it can do to protect its customer data?
How confident are you your company is doing everything it can do to protect its customer data?

Trusting government to protect data

We asked all respondents about government-issued digital ID to gauge their level of trust in the government to safeguard important personal information. The comfort level with a government-issued digital ID was highest in North America with 65% saying they would be comfortable or extremely comfortable, while the numbers were significantly lower in Asia-Pacific (41%) and Europe (28%).

Meanwhile, more than half (56%) of business leaders overall said they were confident or extremely confident in the government’s ability to put the proper regulation in place to protect personal online data.

The numbers were a bit higher in North America (69%) than they were in Europe (50%) or Asia-Pacific (48%). Age was a significant factor in this finding:  59% of executives over the age of 50 said they would be comfortable to extremely comfortable compared to just 32% of those under 50.

Top challenges to data privacy compliance

Finally, when we asked executives about their company’s biggest challenges complying with privacy regulations, the top 3 challenges were:

  • Maintaining an effective control environment amid emerging threats
  • Identifying all internal systems that contain personal data
  • Dealing with different and sometimes conflicting data privacy regimes

Regionally, in North America, the top challenge was “dealing with different and sometimes conflicting data privacy regimes.” In Asia-Pacific, it was “maintaining an effective control environment among emerging threats.” Interestingly, Europe’s top challenge—"training staff in light of the quickly evolving landscape”—wasn’t even among the top 3 challenges overall.

And when we asked them what aspect of their customer data gave them the most concern, the top three concerns overall were: how it’s collected, how it’s used and how it’s stored. These concerns were ranked the same in Europe and Asia-Pacific but in North America, the top concern was how data is used, followed by how it’s stored and how it’s collected.

Gen Z vs. Gen X/Boomers

Since our surveys focus on senior business leaders, we typically don’t have the chance to poll younger professionals. We thought Gen Z might have something interesting to say about data and privacy, so we asked our Protiviti interns—all between the ages of 20 and 22—to answer the same five questions about personal data privacy that we asked our global executives.

Our interns were based only in North America, and we stuck to that same demographic for the senior executives— age 50 and older (Gen X/Boomer generations) based in North America. Here’s what we discovered:

  • 95% of Gen X/Boomer respondents said they were either concerned (48%) or extremely concerned (47%) about their privacy and security compared to just half of Gen Z (36% and 14%, respectively).
  • 86% of Gen X/Boomers say it is likely they will experience a significant data breach over the next five years compared to 72% of Gen Z.
  • 83% of Gen X/Boomer executives say personal data will be more secure in 2030 than it is today. Just 49% of Gen Z thinks the same.

But the biggest difference between the two age groups was most evident when we asked about the government. Consider:

  • 77% of Gen X/Boomers say they’re confident in the government’s ability to put the proper regulation in place to protect personal data. The percentage plummets to 11% for Gen Z.
  • 70% of Gen X/Boomers say they would be comfortable with a government-issued digital ID compared to just 18% for Gen Z. Meanwhile, almost a third (32%) of Gen Z said they would not be comfortable at all with a government-issued digital ID, compared to just 1% of Gen X/Boomers.
Image
By 2030, how harmful or beneficial do you think generative AI will be to your organisation’s data privacy and cybersecurity strategies?
By 2030, how harmful or beneficial do you think generative AI will be to your organisation’s data privacy and cybersecurity strategies?

AI as a transformative force for good?

Three quarters of global business leaders believe artificial intelligence will have a significant impact on their organisation’s data privacy programmes over the next five years, even though we are not yet sure whether this impact will be net positive or negative.

But there’s no doubt where global business leaders stand: 80% believe AI will be beneficial for their company’s data privacy and cybersecurity strategies over the next five years. Only 5% said AI would be harmful to those efforts. The belief of business leaders that AI would be a force for good to protect privacy was consistent across all geographies, ages and business sectors.

In terms of its perceived benefits, AI outpaced all other emerging technologies Protiviti asked about, including augmented and virtual reality, cloud computing, blockchain and quantum computing.

80% of executives believe AI will be beneficial for their company’s data privacy and cybersecurity strategies over the next five years.
Loading...