Trends in Data Protection
Do you know how organizations and companies are handling personal data, who should be responsible for data privacy, or what would be the potential cost of a data breach in 2020?
In order to give you a better idea, we compiled the 100 Data Privacy and Data Security statistics for 2020, including GDPR statistics, consumer research, ROI, data breach statistics, and more.
We will let you draw your own conclusions. However, it seems these statistics show trends and positive movements in the privacy awareness of individuals in younger generations (61% of individuals who are active about their privacy are under the age of 45).

Privacy-awareness will be one of the most significant development, putting pressure on the governments to implement data protection laws, dictating how companies will handle individuals’ data and what values will have to incorporate in order to strive in the market.
However, it is still a long way to go. Some surveys indicated a lot of individuals still do not know how to protect their data and show distrust in the way their data is handled.
On the other hand, it seems that companies who invested in privacy programs are seeing benefits, like operational efficiency or agility. 40% are seeing benefits at least twice that of their privacy spend.
Just to make a quick recap, data privacy or information privacy is concerned with proper handling, processing, storage, and usage of personal information. It is all about the rights of individuals with respect to their personal information.
Data security is focused on protecting personal data from any unauthorized third-party access or malicious attacks and exploitation of data. It is set up to protect personal data using different methods and techniques to ensure data privacy.
Combined together they create a data protection area. Read more about data privacy and data security definitions and explanations in
Data Privacy Statistics
1. 84% of respondents indicated that they care about privacy, care for their own data, care about the data of other members of society, and they want more control over how their data is being used. Of this group, 80% also said they are willing to act to protect it. Cisco Consumer Privacy Survey 2019
2. Among privacy-active respondents, 48% indicated they already switched companies or providers because of their data policies or data sharing practices. Cisco Consumer Privacy Survey 2019
3. 79% of respondents said they are very or somewhat concerned about how companies are using the data they collect about them, while 64% say they have the same level of concern about government data collection. Pew Research Center
4. 81% of respondents feel as if they have little or no control over the data collected. Pew Research Center
5. 46% of customers feel they’ve lost control over their own data. Salesforce research

6. 45% of respondents indicated that they find the federal government responsible for protecting data privacy.Cisco Consumer Privacy Survey 2019
7. 24% of respondents find the individual user responsible for protecting data privacy. Cisco Consumer Privacy Survey 2019
8. 21% of respondents find that companies should be responsible for the protection of data privacy. Cisco Consumer Privacy Survey 2019
9. 43% of all respondents don’t believe they can adequately protect their personal data today. Cisco Consumer Privacy Survey 2019
Privacy awareness in the USA
10. 63% of Americans say they understand very little or nothing at all about the laws and regulations that are currently in place to protect their data privacy. Pew Research Center
11. 97% of Americans say they are ever asked to approve privacy policies, yet only about one-in-five adults overall say they always (9%) or often (13%) read a company’s privacy policy before agreeing to it. Some 38% of all adults maintain they sometimes read such policies, but 36% say they never read a company’s privacy policy before agreeing to it. Pew Research Center
12. 62% of Americans (roughly six in ten) believe it is not possible to go through daily life without companies collecting their data. Pew Research Center
13. 72% of Americans report feeling that all, almost all or most of what they do online or while using their cellphone is being tracked by advertisers, technology firms or other companies. Another 19% think some of what they do is being tracked. Close to half (47%) of adults believe at least most of their online activities are being tracked by the government. American Trends Panel

14. 81% of Americans think the potential risks of data collection by companies about them outweigh the benefits. Pew Research Center
15. 77% of Americans say they have heard or read at least a bit about how companies and other organizations use personal data to offer targeted advertisements or special deals or to assess how risky people might be as customers. Business news daily
16. 70% of Americans say their personal data is less secure than it was five years ago. Pew Research Center
17. Only 6% of Americans report that they believe their data is more secure today than it was in the past. Pew Research Center
18. 79% of Americans are not confident about the way companies will behave when it comes to using and protecting their personal data. Roughly seven in ten or more say they are not too or not at all confident that companies will admit mistakes and take responsibility when they misuse or compromise data. Pew Research Center
Data Protection laws
19. 107 countries (of which 66 were developing or transition economies) have put in place legislation to secure the protection of data and privacy. In this area, Asia and Africa show a similar level of adoption, with less than 40% of countries having a law in place. UN
20. 18% of countries has no data protection law implemented. UN
21. 59% of respondents said their organizations are currently meeting all GDPR requirements. 29% hope to be similarly ready by early 2020. Cisco Data Privacy benchmark study 2019
22. 9% of organizations said it would take more than a year to get GDPR ready. Cisco Data Privacy benchmark study 2019
23. 3% of the respondents in our global survey indicated that they did not believe GDPR applied to their organization. Cisco Data Privacy benchmark study 2019
24. 47% of organizations updated website cookie policies, and 80% updated policy more than once over the past year. Techbeacon
25. The most difficult GDPR obligation for companies in 2019 was the fulfillment of the right to be forgotten. IAPP

26. 47% of respondents said they have greater trust in companies that use their data as a result of the GDPR. Cisco Consumer Privacy Survey 2019
27. 58% of European companies declared GDPR compliance as a top priority, whereas only 11% of U.S. respondents selected it as number one. IAPP
28. 93% of US IT decision-makers said they had at least taken some steps to comply with privacy regulations such as CCPA or the EU’s General Data Protection Regulation (GDPR). Egress survey
29. 35% of US businesses surveyed said that they won’t be CCPA compliant by January 1, 2020, because they feel it’s too expensive to attain compliance. eMarketer
30. 90% of respondents report their firms to rely on third parties for data processing, and the top method for ensuring vendors have appropriate data protection safeguards is “relying on assurances in the contract” (named by 94% of respondents). 57% use questionnaires, while only one in four conduct on-site audits. IAPP
31. 69% of registered DPO‘s from the EU hold the top privacy role for their firm. They often have direct reporting lines to the board of directors, as well. IAPP
32. 56% of organizations named “locating unstructured personal data” as the most difficult issue in responding to data subject access requests (including access, deletion, and rectification requests).
33. 36% of organizations said monitoring data protection/privacy practices of third parties is the most challenging GDPR task. IAPP
34. The total reported GDPR fines for the full 20 month period across all countries surveyed was just over €144,866,145 (about US$159 million / £123 million). Privacy Affairs
35. The smallest GDPR fine of €28 was issued to Google Ireland Ltd., while the biggest to this day is €50,000,000 issued to Google Inc. in France. 5 biggest GDPR fines
36. 46% of U.S. organizations named “compliance (beyond the GDPR)” as their highest priority, with only 30% of EU respondents selecting it. IAPP
37. 52% of respondents said they felt they had more control of their personal data as a result of the GDPR. Cisco Consumer Privacy Survey 2019
38. 47% expressed notification fatigue and said they receive far too many meaningless privacy-related notifications as a result of GDPR. Cisco Consumer Privacy Survey 2019
39. 59% of respondents indicated they feel they have a greater ability to exercise their rights regarding data as a result of the GDPR. Cisco Consumer Privacy Survey 2019
40. 87% of surveyed organizations reported they have delays in selling to existing customers or prospects, which is up significantly from last year. However, the least prepared organizations have average delays that are nearly 60% longer than those who are most prepared. Cisco Data Privacy benchmark study 2019
Positive Returns on Privacy Investments for Companies
41. 97% of companies recognized they were realizing benefits such as competitive advantage or investor appeal from their privacy investments. Cisco Consumer Privacy Survey 2019

42. Most organizations are seeing very positive returns on their privacy investments, and more than 40% are seeing benefits at least twice that of their privacy spend. Cisco Data Privacy Benchmark Study 2020
43. 82% of organizations view privacy certifications such as ISO 27701 and Privacy Shield as a buying factor when selecting a product or vendor in their supply chain. Cisco Data Privacy Benchmark Study 2020
44. The percentage of organizations saying they receive significant business benefits from privacy (e.g., operational efficiency, agility, and innovation) has grown to over 70%. Cisco Data Privacy Benchmark Study 2020
45. 42% of companies indicated that their privacy investments enabled agility and innovation at their companies. Cisco Consumer Privacy Survey 2019
46. The average annual privacy spend was US$1.2 million. Cisco Consumer Privacy Survey 2019
47. Among large enterprises (10,000 or more employees), the average annual privacy spend was $1.9 million, and 2% of these enterprises spent more than $5 million. Cisco Data Privacy Benchmark Study 2020
48. The average privacy spend of small businesses (250-499 employees) was $800,000, and 41% of them spent less than $500,000. Cisco Data Privacy Benchmark Study 2020
49. Across all companies in the survey, the average estimated benefit of privacy spend was $2.7 million. Large enterprises (10,000 or more employees) estimated their benefits at $4.1 million, and 17% placed the value at more than $10 million. Small businesses (250-499 employees) estimated their benefits at $1.8 million. Cisco Data Privacy Benchmark Study 2020
50. Overall costs associated with breaches were lower; only 37% of GDPR-ready companies had a loss of over $500,000 last year vs. 64% of the least GDPR ready. Cisco Data Privacy benchmark study 2019
51. 64% of respondents believe that privacy options or features are “extremely important” or “very important” when considering their next smartphone, computer, and smart home device purchase. DuckDuckGo
Social media privacy
Lately, social media is under a lot of scrutiny, in the latest Netflix docudrama “The Social Dilemma“, explores the damages done to consumers by the advertising that fuels the industry. Social media is a key factor behind the survival of most small businesses, but how is it affecting users?
52. 79% of people have adjusted privacy-related settings on their social media accounts or reduced their social media usage. DuckDuckGo

53. Facebook owns 80% of the market share of social media platforms, and Google owns 90% of the market share of search engines. GDPR: The End of Google and Facebook or a New Paradigm in Data Privacy?
54. 80% of social media users are concerned about advertisers and businesses accessing the data they share on social media platforms. VPNgeeks
55. Cambridge Analytics scandal made more than 73% of the US users concerned about how their information is used on the internet. 26% stated they are extremely concerned, 22% stated they are very concerned, and 25% stated they were somewhat concerned. Emarketer

Data Security Statistic
56. 41% of customers don’t believe companies care about the security of their data. Salesforce research
57. 84% of customers are more loyal to companies with strong security controls. Salesforce research
58. Risk management and privacy concerns within digital transformation initiatives will drive additional security service spending through 2020 for more than 40% of organizations. Gartner
59. 87 % of Europeans said that they consider cybercrime to be an important problem. EU Agency for fundamental rights: Fundamental Rights Report 2019

60. Organizations that had not deployed security automation experienced breach costs that were 95% higher than breaches at organizations with fully-deployed automation ($5.16 million average total costs of a breach without automation vs. $2.65 million for fully-deployed automation). IBM Ponemone institute research
61. Data breaches in the U.S. were more expensive than those in other nations, with an average total cost of $8.19 million (more than double the global average). IBM Ponemone institute research

62. 71% of respondents are currently using software that blocks ads, protects data privacy or otherwise helps control their web experience. Akamai Research
Data Breach statistics
63. From 25 May 2018 to 27 January 2020 there have been a total of 160,921 personal data breaches notified by organizations to data protection supervisory authorities within the EEA. DLA Piper
64. A hacker attack occurs every 39 seconds. University of Maryland
65. Only 2% of firms that have reported a breach to a supervisory authority have been fined. IAPP
66. $3.86 M average total cost of a data breach. IBM Ponemone institute research
68. The average time to identify a breach in 2019 was 206 days and the average time to contain a breach was 73 days, for a total of 279 days (4.9% increase from 2018). In 2020 the average time to identify a breach was 280 days. IBM Ponemone institute research
69. Breaches with a lifecycle longer than 200 days were on average $1.12 million more costly than breaches with a lifecycle of fewer than 200 days ( ($4.33 million for 200-plus days versus $3.21 million for less than 200 days). IBM Ponemone institute research
70. For the period from 25 May 2018 to 27 January 2019, there were on average 247 breach notifications per day in the EU. For the period from 28 January 2019 to 27 January 2020, there were on average 278 breach notifications per day (a 12.6% increase), so the current trend for breach notifications is upwards. DLA Piper
71. 58% of the total breaches in 2019 were the result of hacking incidents, impacting 36.9 million patient records. IAPP

72. Among respondents whose organizations must comply with the GDPR, 38% have reported a breach this year (compared to just 16% in 2018), and 22% have reported more than 10. IAPP
73. Most companies reporting a breach say they’ve reported fewer than 5, although 22% have reported 10 or more. IAPP
74. The United States had the highest country average cost of a data breach in 2019 in the amount of $8.19 million. Nothing changed in 2020, except data breach cost went up in the U.S. and is now at $8.64 million on average. IBM Ponemone institute research
75. Healthcare continued to incur the highest average breach costs at $7.13 million – a 10.5% increase over the 2019 study. IBM Ponemone institute research
76. 52% of EU companies have notified data breach, as opposed to only 22% of U.S. companies doing the same. EU-based firms are more likely than U .S .-based ones to have notified a lead authority of a data breach. Pew Research Center
77. Among the EU countries the Netherlands, Germany and the UK had the most data breaches notified for the 20 months from 25 May 2018 to 27 January 2020, with 40,647, 37,636, and 22,181 respectively.DLA Piper
78. 3,813 breaches were reported through June 30, exposing over 4.1 billion records. Cyber Risk Analytics
79. Of the breached organizations that could be definitively classified, the Business sector accounted for 67% of reported breaches, followed by Medical (14%), Government (12%) and Education (7%). Cyber Risk Analytics
80. 45,737 breaches reported so far. Cyber Risk Analytics
81. 3,366,253,764 is a number of compromised emails. Cyber Risk Analytics
82. 1,903 breaches were reported through March 31, 2019, exposing approximately 1.9 billion records. Cyber Risk Analytics
83. Till March 31, 2019, there have been three breaches exposing 100 million or more records. Despite this, only one new breach was added to the top twenty largest breaches of all time. Cyber Risk Analytics
84. Organizations across the globe spend $11.45 million per year on average in remediation costs related to insider data breaches. Proofpoint cybersecurity study
85. The share of breaches caused by malicious attacks increased from 42% in the 2014 report to 52% in the 2020 report. This 10 percentage point increase represents a nearly 24% increase (growth rate) in the share of breaches caused by malicious attacks. IBM Ponemone institute research
86. 52 % of incidents involved a malicious attack, compared to 25% caused by system glitches and 23% caused by human error. IBM Ponemone institute research
What do customers value?
87. 73% of customers say trust in companies matters more than it did a year ago. Salesforce research
88. 54% of customers say it’s harder than ever for a company to earn their trust. Salesforce research
89. 89% of customers are more loyal to companies they trust. Salesforce research
90. 65% have stopped buying from companies that did something they consider distrustful. Salesforce research
91. 54% of respondents are highly likely to walk away from a business that requires them to provide highly personal data (such as email or phone number), in order to conduct business with them. Akamai Research

92. 70% of customers strongly associate transparency with trust. Salesforce research
93. 58% of customers are comfortable with relevant personal information being used in a transparent and beneficial manner. Salesforce research
94. 63% of customers say most companies aren’t transparent about how their data is used. Salesforce research
95. 48% of customers have stopped buying from a company/using a service due to privacy concerns. Salesforce research
96. 73% of customers say a company’s ethics matter more than they did a year ago. Salesforce research
97. 80% of respondents said they would be comfortable sharing personal information directly with a brand for the purposes of personalizing marketing messages. However, only 16.7% said they would be OK with sharing this type of information through third parties. Emarketer.
98. Amazon was the most-trusted technology company at 30%, followed by Google (27%), Apple (22%), Microsoft (22%) and Facebook (19%). The least trusted were Uber (5%), Snapchat (6%) and Twitter (8%). Marketing dive
99. 75% of customers strongly associate privacy with trust. Salesforce research
100. 72% of customers would stop buying from a company, or using their service due to privacy concerns. Salesforce research
Watch the video:
Disclaimer
The data privacy and data security statistics in this blog are fragments of various researches and surveys conducted on different numbers of subjects and organizations, using different methods. For further clarification, we encourage you to follow the links in the article.