New study shows global privacy investments increasing
Companies must still try harder on cookie consent

Organizations are investing more in privacy protection globally, according to research published today by privacy management software company TrustArc. Nevertheless, it still found significant room for improvement in key areas, including cookie consent management.
The company surveyed people worldwide for its 2021 Global Privacy Benchmarks Report, including executives, managers, full-time non-managerial employees, and members of the privacy team. It found performance improving on the privacy front and that companies were eager to do more. The proportion of companies planning big-ticket privacy investments of $1 million or more grew to 48% in 2021. This is up from 28% in 2020.
This increased focus on privacy showed up in internal programs. The number of companies with dedicated privacy offices jumped 17 percentage points to 83%. More companies also said that privacy was now a core part of their business strategy. That proportion increased 7 percentage points from 37% to 44%.
TrustArc also noted a marked improvement in attitudes to privacy on its privacy index, which it compiles based on respondents' answers to core privacy questions. These include whether their board of directors regularly reviewed privacy matters and whether they sufficiently trained employees in privacy issues. It also assessed confidence in key privacy outcomes among their customers, employees, and partners.
The median score on the privacy index jumped from 62% to 70% during the last year, while the 75th percentile score — the average score for companies getting an "A" grade — jumped from 79% to 85%.
Organizations in the US are more confident in protecting employee and customer data, at 82% compared to 74% in Europe. This could be a sign that stateside companies have upped their game following the imposition of the wide-ranging California Consumer Privacy Act, which came into force on January 1, 2020.
Companies might be paying more attention to privacy, but there is still work to be done. Over a third of respondents said they had suffered a breach in the last three years, while 27% reported their company suffered a large-scale cyber security attack.
Get the ITPro. daily newsletter
Sign up today and you will receive a free copy of our Focus Report 2025 - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
One area where companies must try harder is cookie consent. This regulatory requirement mandates that companies collect visitor consent when serving cookies via a website. Only 23% of companies work with stakeholders across all departments to ensure that their consent solution meets regulatory requirements and business objectives. Just 46% of respondents said their cookie consent solution was "fully done."
Danny Bradbury has been a print journalist specialising in technology since 1989 and a freelance writer since 1994. He has written for national publications on both sides of the Atlantic and has won awards for his investigative cybersecurity journalism work and his arts and culture writing.
Danny writes about many different technology issues for audiences ranging from consumers through to software developers and CIOs. He also ghostwrites articles for many C-suite business executives in the technology sector and has worked as a presenter for multiple webinars and podcasts.

‘It’s your worst nightmare’: A batch of €5 hard drives found at a flea market held 15GB of Dutch medical records – and experts warn it could’ve caused a disastrous data breach

3.3 million people were exposed in the DISA data breach – it took the firm 10 months to disclose the incident