In a world increasingly defined by artificial intelligence, the real question for businesses isn’t if they’re ready for AI, it’s whether their privacy practices can survive it.
That’s the key takeaway from Cisco’s 2025 Data Privacy Benchmark Study which paints a picture of a privacy landscape more tangled than ever. As organisations sprint toward GenAI adoption, the study warns that privacy investments could soon be cannibalised by the AI boom, even as data protection remains essential to trust, compliance, and long-term value.
The report, based on feedback from 2,600 privacy and security professionals across 12 countries, offers a deep dive into the evolving priorities of organisations grappling with the dual demands of data sovereignty and AI-driven innovation.
Global providers gain trust, but so does the urge to go local
More than 90% of businesses now say they trust global providers to secure their data, up five points from last year. Yet 90% still believe storing data locally is inherently safer, even if it comes at a steep operational cost.
This paradox emphasises a core tension in today’s privacy strategy. While global tech giants are seen as capable custodians, local storage continues to offer a psychological sense of security.
Privacy laws: from burden to business booster
The once-grudging acceptance of privacy legislation has changed. More than 85% of respondents say privacy laws have helped their business, up from 80% in 2024. And nearly all (96%) say the return on privacy investments exceeds the cost.
It’s not just companies who feel that way. Cisco’s earlier Consumer Privacy Survey found that 81% of people aware of their country’s privacy laws feel confident in protecting their data, compared to only 44% of those in the dark.
Despite the hype, organisations aren’t diving into genAI blind. Over 60% of respondents say they’re very familiar with generative AI, and many report business benefits. However, 64% fear accidental exposure of sensitive data, and nearly half have already fed personal or confidential information into genAI tools.
That contradiction suggests businesses are moving faster than their governance frameworks can handle. Cisco’s AI Defense tools and readiness frameworks are pitched as a solution, but the broader industry may not be keeping up.
Perhaps the biggest red flag is that 99% of respondents expect to divert some privacy resources toward AI initiatives over the coming year. With AI budget allocations expected to double, privacy teams may find themselves squeezed just when they’re most needed.