# [Over 150 data privacy statistics companies need to know about in 2026](https://usercentrics.com/guides/data-privacy/data-privacy-statistics/)

**Author:** [Tilman Harmeling](https://usercentrics.com/person/tilman-harmeling/) | Published: Mar 25, 2025

---

## At a Glance

- Data privacy statistics show that over 140 countries now have data protection laws in force, covering the majority of the world's internet users.
- Consumer concern about data privacy is significant: research consistently shows majorities of internet users worry about how their personal data is collected and used online.
- The average cost of a data breach reached USD 4.88 million in 2024 (IBM Cost of a Data Breach Report), underlining the financial stakes of inadequate data protection.
- Facts about data privacy enforcement show GDPR fines have exceeded EUR 4 billion since the regulation came into force in May 2018.
- U.S. state privacy law adoption is accelerating: as of early 2025, more than 20 states have enacted comprehensive consumer privacy legislation.
- Consent and transparency are linked to trust: visitors are more likely to engage with brands that clearly explain their data practices and honor opt-out preferences.

We interact with dozens of websites and apps daily. And while doing so, we know that many companies collect personal information to tailor their marketing efforts and create more personalized experiences. This isn't new.

However, there's also growing awareness — and demand — for online privacy. People are increasingly concerned about how much companies know, who they share that information with, and what might happen if personal or company data were to fall into the wrong hands.

Understanding the impact of data privacy on businesses and individuals is more important than ever. That's why we've collected the most relevant statistics on data privacy from 2024 and 2025.

---

## What is data privacy?

Data privacy, also called information privacy, refers to the right of individuals to control how their personal information is collected, used, and shared. It encompasses the practices, policies, and technologies that contribute to handling personal data appropriately and in compliance with applicable regulations.

[Personal information](https://usercentrics.com/knowledge-hub/personally-identifiable-information-vs-personal-data/) includes any information that relates to an identified or identifiable individual. This can range from obvious identifiers like names and email addresses to less obvious data points such as device IDs, IP addresses, and browsing behaviors.

---

## Data privacy statistics

To highlight the urgency of protecting data privacy, we've gathered insights from leading analysts, like McKinsey, Gartner, Forrester, Pew Research Center, and Cisco. This collection of over 150 data privacy statistics showcases the current state of digital privacy and the trends that are shaping the future.

### The state of data privacy worldwide

Data privacy has never been more important — or more regulated. Governments worldwide are stepping up their efforts to safeguard personal information. But how effective are these measures, and how do they impact both businesses and individuals?

The number of global privacy laws has expanded in the last five years.

- By the end of 2024, [data protection laws covered 6.3 billion people](https://iapp.org/news/a/identifying-global-privacy-laws-relevant-dpas/) — or 79% of the global population.
- As of the beginning of 2025, there are [144 countries with data and consumer privacy laws](https://iapp.org/news/a/data-protection-and-privacy-laws-now-in-effect-in-144-countries).
- 42% (21) of US states passed data privacy laws as of the beginning of 2025.
- As of January 2025, the European Union has three fully operating and one upcoming law regarding online privacy and the use of digital technologies.

However, regulators aren't just passing laws, they're enforcing them.

- California's Consumer Protection Act (CCPA) protects [over USD 12 billion worth of personal information](https://www.oag.ca.gov/system/files/attachments/press_releases/CCPA%20Fact%20Sheet%20%2800000002%29.pdf) each year.
- For example, in 2024, the EU imposed [EUR 2.1 billion in fines](https://www.statista.com/chart/30053/gdpr-data-protection-fines-timeline/) due to violations of the [General Data Protection Regulation (GDPR)](https://usercentrics.com/knowledge-hub/the-eu-general-data-protection-regulation/).
- We're seeing [strict enforcement worldwide](https://www.forrester.com/blogs/what-to-know-a-retrospective-of-2023s-top-breaches-and-fines/): Europe, the Middle East, and Africa (EMEA) issued 54% of the largest privacy fines, with North America following at 43%.

Public support for more online privacy protection is strong.

**62%** of UK citizens feel safer sharing their data since the implementation of the GDPR (and UK GDPR post-Brexit).

**72%** [of Americans](https://www.pewresearch.org/internet/2023/10/18/how-americans-view-data-privacy/) believe there should be more government regulation over how companies handle personal data.

[More than 50% of US voters support a national data privacy law](https://pro.morningconsult.com/instant-intel/federal-data-privacy-legislation-polling) and back the measures outlined in the now-scrapped American Data Privacy and Protection Act legislation:

- 87% support banning the sale of personal data without consent
- 86% back requiring companies to minimize data collection
- 86% want stronger online privacy protections for children under 17
- 82% believe individuals should have the right to sue after data breaches

However, despite growing concern about data privacy, public awareness remains low.

[63% of Americans](https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over-their-personal-information/) admit that they know very little, or nothing, about which laws and regulations are currently in place to safeguard their privacy.

But privacy laws aren't just about restrictions. They also come with business benefits.

[79% of all corporate respondents](https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-privacy-benchmark-study-2024.pdf) to Cisco said that the impacts of privacy laws have positively affected the organization.

These statistics show that privacy is more than just a legal or ethical issue. It's a growing global movement with real implications for consumer trust and business operations.

### Data privacy trends statistics

Changes in data privacy are continuing through 2025. Governments and businesses are ramping up efforts to boost online data protection and security. At the same time, consumers are demanding greater transparency and control over their data.

The following statistics reflect the trends that are shaping business and security priorities.

To begin, public concern is high, but awareness is low.

[92% of Americans](https://trustarc.com/resource/data-privacy-concern-consumers/) are concerned about their privacy when using the Internet.

Only [3% of Americans](https://dataprot.net/statistics/internet-privacy-statistics/) say they understand how current online privacy laws actually work.

Governments worldwide are continuing to strengthen online data privacy laws. Data privacy legislation and regulation continue to be drafted, passed, and enacted in 2025 and beyond. Some to watch:

- Australia: Online Safety Amendment (Social Media Minimum Age)
- United Kingdom: Data (Use and Access) Bill
- United States: Eight state-level privacy laws in 2025 and three in 2026

Existing privacy laws in several other countries will be going fully into effect or getting updates in 2025 as well, including India, Japan, and Sri Lanka.

At the same time, companies are also ramping up privacy investments.

- It is projected that global end-user spending on security and risk management will reach [USD 212 billion in 2025](https://www.gartner.com/en/newsroom/press-releases/2024-08-28-gartner-forecasts-global-information-security-spending-to-grow-15-percent-in-2025), a [15% increase](https://www.gartner.com/en/newsroom/press-releases/2023-09-28-gartner-forecasts-global-security-and-risk-management-spending-to-grow-14-percent-in-2024) from 2024.
- [More than 60% of large businesses](https://www.gartner.com/en/newsroom/press-releases/2022-05-31-gartner-identifies-top-five-trends-in-privacy-through-2024) are expected to be using at least one Privacy-Enhancing Technology (PET) solution by the end of 2025.

These data privacy stats highlight just how quickly the prioritization of data privacy is growing worldwide.

### Data privacy and consumer sentiment statistics

Consumers are more aware than ever that their data is being collected and used, but that awareness doesn't yet translate to a clear understanding of how it's collected, for what purposes, or what exactly is being processed.

And while data privacy is a growing concern, many people feel both powerless to control their information and skeptical about companies' handling of it.

For starters, awareness of data privacy laws varies globally. While there's recognition of data privacy laws, understanding of how they work varies significantly.

- On average, [53% of all global internet users](https://www.statista.com/statistics/1441448/privacy-laws-awareness-global-by-country/) are aware of local data privacy laws, however, this average varies per country.

Generally speaking, people feel overwhelmed by where and how much data is being collected and how it's being used.

**68%** [of consumers](https://kpmg.com/kpmg-us/content/dam/kpmg/pdf/2023/corporate-data-responsibility-bridging-the-consumer-trust-gap.pdf) are concerned about the volume of data being collected by businesses.

**80%** [of the general population](https://assets.ctfassets.net/8d4yn2ywtegc/2ngfQtAevDCY21AbxRQwUJ/93f8f48822508d514ecbde40a0c17813/WhitePaper.pdf) expressed unease and wished they knew more about how their personal data is being used online.

**29%** Only [29% of consumers](https://iapp.org/resources/article/privacy-and-consumer-trust-summary/) said that they find it easy to understand how well a company protects their personal data.

**63%** [of global consumers](https://public.tableau.com/app/profile/ratnesh2928/viz/Stayingcyber-securewhileworkingfromhome/Stayingcyber-securewhileworkingfromhome) believe most companies aren't transparent about how their data is used.

**86%** [of Americans](https://kpmg.com/kpmg-us/content/dam/kpmg/pdf/2023/corporate-data-responsibility-bridging-the-consumer-trust-gap.pdf) say that data privacy is a growing concern for them.

**21%** Just [21% of consumers](https://content.ketch.com/consumer-privacy-perspectives-study) feel confident that their data is being used for the proper purposes.

But data collection feels unavoidable. In fact, [62% of Americans](https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over-their-personal-information/) don't believe it's possible to go through daily life without companies collecting data about them.

Alongside this growing concern comes a significant decline in trust of companies handling consumer data.

[As of May 2024](https://www.statista.com/statistics/1469626/us-adults-trust-in-companies-with-data-breach/), more than half of US adults stated that they avoid companies that have had data breaches, while only 9% still trusted them.

**54%** [of consumers](https://public.tableau.com/app/profile/ratnesh2928/viz/Stayingcyber-securewhileworkingfromhome/Stayingcyber-securewhileworkingfromhome) say most companies don't use data in a way that benefits them.

**66.67%** [Two-thirds of global consumers](https://today.yougov.com/technology/articles/35025-privacy-and-big-tech-gauging-attitudes-around-worl) feel that tech companies have too much control over their data.

**75%** More specifically, in the UK, Spain, and the United States, [75% of adults](https://www.statista.com/statistics/1233743/global-consumers-opinion-tech-personal-data/) feel tech companies have too much control over their data.

**15%** Only [15% of US consumers](https://www.pwc.es/es/digital/soluciones-seguridad-negocio/assets/02_consumer.pdf) think companies will use their personal data to improve their lives.

**5%** Only [5% of US consumers](https://content.ketch.com/consumer-privacy-perspectives-study) have no major concerns over how organizations use their data.

Although [privacy policies](https://usercentrics.com/knowledge-hub/what-is-a-privacy-policy-and-why-do-you-need-one/) or comparable notices are required under all major privacy laws, many people find them ineffective or simply ignore them.

Only [one in five American users](https://www.pewresearch.org/internet/2019/11/15/americans-attitudes-and-experiences-with-privacy-policies-and-laws/) always or often reads a company's privacy policy before agreeing to it.

[61% of US users](https://www.pewresearch.org/internet/2023/10/18/how-americans-view-data-privacy/) agree that privacy policies are ineffective at explaining how companies use their data.

[69% of US users](https://www.pewresearch.org/internet/2023/10/18/how-americans-view-data-privacy/) say they view these policies as just something to get past.

[56% of Americans](https://www.pewresearch.org/internet/2023/10/18/how-americans-view-data-privacy/) say they always, almost always, or often click "agree" without reading privacy policies.

But there is good news. Despite widespread concerns, most consumers are willing to trust companies that demonstrate strong privacy practices.

**81%** [of users](https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-consumer-privacy-survey-2022.pdf) believe the way a company treats their personal data is indicative of the way it views them as a customer.

**58%** [of users](https://public.tableau.com/app/profile/ratnesh2928/viz/Stayingcyber-securewhileworkingfromhome/Stayingcyber-securewhileworkingfromhome) say they're comfortable with relevant personal information being used in a transparent and beneficial manner.

**84%** [of users](https://www.salesforce.com/news/stories/state-of-the-connected-customer-report-outlines-changing-standards-for-customer-engagement/) are more loyal to companies with strong security controls.

**39%** [of consumers worldwide](https://www.statista.com/statistics/1369919/consumers-data-privacy-building-trust-global/) believe that providing clear information on data usage would help build trust.

As privacy concerns continue to grow, companies that prioritize transparency, security, and ethical data use are more likely to earn consumer trust and loyalty.

### Data privacy and consumer behavior

Consumers' online behavior is increasingly influenced by concern over their online privacy. And as more people experience the risks associated with sharing personal information online, they're becoming more proactive in protecting their data.

A significant portion of consumers is deeply concerned about their digital privacy, especially when shopping online.

[66% of American consumers](https://www.privateinternetaccess.com/blog/consumer-awareness-index-shopping-safety/) are anxious about their digital privacy when shopping online.

[81% of respondents](https://www.privateinternetaccess.com/blog/consumer-awareness-index-shopping-safety/) believe online fraud is widespread.

[48% of consumers](https://public.tableau.com/app/profile/ratnesh2928/viz/Stayingcyber-securewhileworkingfromhome/Stayingcyber-securewhileworkingfromhome) have stopped buying from a company or using a service due to privacy concerns.

This growing concern has prompted many users to take action to safeguard their privacy.

[85% of adults globally](https://www.gendigital.com/media/33ccptah/2022_nlcsir_global_report.pdf) want to do more to protect their online privacy.

According to [Norton's 2022 Cyber Safety Insights](https://www.gendigital.com/media/33ccptah/2022_nlcsir_global_report.pdf), over two-thirds of adults are being proactive about data privacy:

- 29% changed default privacy settings on their devices
- 26% enabled multifactor authentication on select accounts/devices
- 26% disabled third-party cookies in their web browsers
- 16% used a VPN

In addition, there are a few essential tools that remain most popular for privacy protection.

Antivirus, ad blockers, and password managers are the [top 3 tools](https://surfshark.com/attitude-on-privacy) people use to protect their privacy online.

[Less than one in five](https://surfshark.com/attitude-on-privacy) use other tools like:

- encrypted email (17%)
- encrypted messenger apps (15%)
- paid VPN services (14%)

However, consumers are not only concerned about their data, they're becoming more assertive in exercising their rights.

**28%** [of consumers](https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-consumer-privacy-report-2023.pdf?CCID=cc000160&DTID=odicdc000016&OID=otrsc031725) have exercised their data subject rights, with younger consumers most active in doing so.

**56%** [of consumers](https://www.privateinternetaccess.com/blog/consumer-awareness-index-shopping-safety/) verify website security before making online payments.

Transparency about privacy practices is a major factor influencing consumer behavior.

[83% of consumers](https://www.retailcustomerexperience.com/blogs/survey-us-shoppers-will-trade-privacy-but-not-convenience-for-better-e-commerce-fraud-protection/) indicated they would be more inclined to shop on websites that openly discuss their privacy practices.

[80% of consumers](https://segment.com/state-of-personalization-report/) say they are comfortable sharing personal information directly with a brand if it leads to personalized marketing messages.

[60% of buyers](https://www2.deloitte.com/content/dam/Deloitte/nl/Documents/risk/deloitte-nl-risk-cookie-benchmark-study.pdf) are willing to share more data to receive personalized benefits.

[58% of users](https://www.statista.com/statistics/1107922/global-consumers-read-consent-notices-entirely-online/) said they would be willing to share data to avoid paying for online content.

[60% of users](https://www.truata.com/resources/report/global-consumer-state-of-mind-report-2021/) say they would spend more money with a brand they trust to handle their personal data responsibly.

[77% of consumers](https://www.statista.com/statistics/1298784/consumers-worldwide-willing-to-share-data-with-brands-by-country/) are willing to share their email addresses for personalized experiences and additional incentives.

[40% of the US general population](https://kpmg.com/kpmg-us/content/dam/kpmg/pdf/2023/corporate-data-responsibility-bridging-the-consumer-trust-gap.pdf) say they would willingly share personal data if they knew exactly how it would be used and by whom ([KPMG](https://kpmg.com/kpmg-us/content/dam/kpmg/pdf/2023/corporate-data-responsibility-bridging-the-consumer-trust-gap.pdf)).

As consumer concern and awareness continue to rise, brands that respect privacy and offer clear benefits in exchange for data will be better positioned to build long-term trust and loyalty.

### Social media and data privacy statistics

Social media platforms have long caused major concerns when it comes to data privacy. Many users express distrust toward how their personal information is handled. As privacy concerns intensify, users are becoming more aware of the risks tied to social media data collection, and some are even changing their behaviors in response.

Concerns about social media companies' handling of personal data are widespread, especially when it comes to vulnerable groups like children.

**89%** A majority of the population ([89%](https://www.pewresearch.org/internet/2023/10/18/how-americans-view-data-privacy/)) expressed substantial concern about how social media platforms gather personal information on children.

**81%** [of users](https://www.pewresearch.org/internet/2023/10/18/how-americans-view-data-privacy/) feel they have little or no control over the data that social media collects.

**76%** [of Americans](https://www.pewresearch.org/internet/2023/10/18/how-americans-view-data-privacy/) do not trust social media companies and fear they will sell personal data without consent.

This unease is reflected in how people feel about the platforms' ability to protect their data.

- In one survey, [31% of respondents](https://www.sas.com/content/dam/SAS/documents/marketing-whitepapers-ebooks/sas-whitepapers/en/data-privacy-110027.pdf) were "not at all confident" in social media companies' ability to protect their data.
- Only [18% of US social media users](https://www.pewresearch.org/internet/2023/10/18/how-americans-view-data-privacy/) feel that Facebook protects their data and privacy.

In fact, the majority of social media users are increasingly concerned not only about how their data is being used but about [how it is being collected](https://www.statista.com/statistics/1377281/us-concerns-about-social-media-data-collected/):

- 35% of US adults were very concerned about how social media platforms collect their personal data.
- 44% were somewhat concerned.
- Only 17% were not very concerned.
- And 4% were not at all concerned.

As a result of these privacy concerns, many users are [altering their social media habits](https://www.sas.com/content/dam/SAS/documents/marketing-whitepapers-ebooks/sas-whitepapers/en/data-privacy-110027.pdf):

**38%** of respondents use social media less often than they used to because of data privacy concerns.

**36%** of respondents said they had removed a social media account due to data privacy concerns.

With the growing lack of trust in social media companies, consumers are making it clear that their behaviors will change unless these companies prioritize better data privacy practices.

### Business-related data privacy statistics

As data privacy becomes increasingly important to both consumers and regulators, businesses are taking steps to comply with evolving privacy regulations. Many companies are investing heavily to meet growing demands for privacy and transparency.

[70% of US companies](https://kpmg.com/kpmg-us/content/dam/kpmg/pdf/2023/corporate-data-responsibility-bridging-the-consumer-trust-gap.pdf) said they increased the collection of consumer data over the past year. At the same time, companies are prioritizing data privacy compliance.

[42% of companies in the US](https://www.statista.com/statistics/1403185/us-uk-companies-privacy-measures-implementation/) have hired legal counsel for data privacy compliance.

[47% of companies](https://legaljobs.io/blog/privacy-statistics) have updated their privacy policies to comply with the GDPR and other privacy laws.

[82% of companies](https://www.cisco.com/c/dam/global/en_uk/products/collateral/security/2020-data-privacy-cybersecurity-series-jan-2020.pdf) consider privacy certifications such as ISO 27701 as a purchasing criterion when selecting a product or vendor in their supply chain.

[32% of US companies](https://withpersona.com/blog/top-gdpr-statistics-businesses-must-know) now have a Data Protection Officer.

[80% have updated their privacy policies](https://legaljobs.io/blog/privacy-statistics) multiple times in the last year.

Companies process [56% more deletion requests than access requests](https://www.helpnetsecurity.com/2023/04/11/personal-data-privacy-concerns/).

In addition, compliance and security-related costs are on the rise.

- The costs of complying with the CCPA are estimated to fall [between USD 467 million and USD 1.64 billion](https://www.oag.ca.gov/system/files/attachments/press_releases/CCPA%20Fact%20Sheet%20%2800000002%29.pdf) between 2020 and 2030 ([Office of the California Attorney General](https://www.oag.ca.gov/system/files/attachments/press_releases/CCPA%20Fact%20Sheet%20%2800000002%29.pdf)).
- [27%](https://withpersona.com/blog/top-gdpr-statistics-businesses-must-know) of large organizations have spent more than half a million dollars to become GDPR-compliant.

However, meeting compliance deadlines and adapting to evolving regulations remains a challenge.

- Only [25% of companies surveyed](https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/gdpr-compliance-after-may-2018-a-continuing-challenge) said that they can meet the GDPR requirement to report a data breach to regulators no later than 72 hours after management becomes aware of it.
- Only [37% of organizations](https://www.gartner.com/en/legal-compliance/insights/data-privacy-compliance) have an information governance framework that can adapt to changing data privacy regulations.
- Only two out of 10 privacy professionals surveyed reported they were totally confident in their organization's privacy law compliance ([International Association of Privacy Professionals](https://iapp.org/resources/article/privacy-governance-report/)).
- [17% of privacy professionals](https://www.isaca.org/resources/reports/privacy-in-practice-2024-report?tfa_next=%2Fresponses%2Flast_success%3Fjsid%3DeyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.ImU4OTJlN2Y0NzUxMjdhNDI3YzY5OGM4MjQzMDcxNzBjIg.54Zc-cNHPBLKuwDruY-Pu61VO2deWQWMRSFHB4CsvI8) said their organizations did not practice [privacy by design](https://usercentrics.com/knowledge-hub/what-is-privacy-by-design/) when building new applications and services.
- The [average number of days](https://www.secureops.com/wp-content/uploads/2021/08/SecureOps-Cybersecurity-Statistics-Report-FINALv1-updated.pdf) between when a breach was discovered and when it was reported was 50.
- The average company has [534,465 files containing sensitive data](https://info.varonis.com/hubfs/Varonis%202019%20Global%20Data%20Risk%20Report.pdf).

Despite these hurdles, businesses are taking data privacy seriously.

[98% of organizations](https://www.cisco.com/c/en/us/about/trust-center/data-privacy-benchmark-study.html#~about-the-study) report privacy metrics to their board of directors.

But the good news is that for many businesses, investing in privacy pays off.

[95% of organizations](https://blogs.cisco.com/security/privacy-is-a-key-enabler-of-trust?CCID=cc000160&DTID=odicdc000016&OID=rptsc032067) agree that investing in data privacy pays off, with the average company seeing a return of 1.6 times. But 30% of them estimate their return is even higher, around 2 times.

### Data privacy and artificial intelligence

As artificial intelligence (AI) technology advances, privacy concerns around generative AI (GenAI) will be unavoidable in 2025.

Many consumers are both concerned and skeptical about how their data is being used with the rise of AI.

**78%** [of consumers](https://www.cisco.com/c/en/us/about/trust-center/consumer-privacy-survey.html#~key-findings) believe organizations have a responsibility to only use AI in an ethical manner.

**70%** [of consumers](https://www.pewresearch.org/internet/2023/10/18/how-americans-view-data-privacy/) have little to no trust in companies to make responsible decisions about how they use AI in their products.

**92%** [of users](https://www.cisco.com/c/en/us/about/trust-center/data-privacy-benchmark-study.html#~about-the-study) see GenAI as a fundamentally different business process that requires new techniques to manage data and risks.

In fact, one of the top concerns about generative AI is the potential privacy and data security risks it brings.

- [45% of non-GenAI users](https://www.activate.com/insights-archive/Activate-Consulting-Technology-and-Media-Outlook-2025.pdf) worried their search history could be exposed.

The second largest concern amongst US adults about generative AI is the accuracy of information it provides:

- [37%](https://www.activate.com/insights-archive/Activate-Consulting-Technology-and-Media-Outlook-2025.pdf) of US adults who are aware of GenAI worry about factually incorrect answers to questions.

As AI continues to gain momentum, privacy concerns are only increasing, especially regarding its use for collecting and processing personal data.

[57% of global consumers](https://iapp.org/resources/article/privacy-and-consumer-trust-summary/) view the use of AI in collecting and processing personal data as a significant threat to their privacy.

[81% of those familiar with AI](https://www.pewresearch.org/internet/2023/10/18/how-americans-view-data-privacy/) believe its use will lead to personal information being used in ways they won't be comfortable with.

[80% of those familiar with AI](https://www.pewresearch.org/internet/2023/10/18/how-americans-view-data-privacy/) believe personal data will be used in ways it wasn't originally intended.

Some organizations are already grappling with these challenges.

- [40% of organizations](https://www.gartner.com/en/newsroom/press-releases/2022-05-31-gartner-identifies-top-five-trends-in-privacy-through-2024) have experienced an AI privacy breach.

Despite these concerns, employees can be careless with their company's information in their use of GenAI apps.

**48%** [of organizations](https://www.cisco.com/c/en/us/about/trust-center/data-privacy-benchmark-study.html) are entering non-public company information into GenAI apps.

**5%** [of employees regularly post company data into ChatGPT](https://go.layerxsecurity.com/hubfs/Research-Revealing-the-True-GenAI-Data-Exposure-Risk.pdf), and over a quarter of that data is considered sensitive information.

**4%** [of employees](https://go.layerxsecurity.com/hubfs/Research-Revealing-the-True-GenAI-Data-Exposure-Risk.pdf) paste sensitive data into GenAI tools on a weekly basis.

The [top categories of confidential information](https://go.layerxsecurity.com/hubfs/Research-Revealing-the-True-GenAI-Data-Exposure-Risk.pdf) being input into the GenAI tools include:

- Internal business data: 43%
- Source code: 31%
- Personally identifiable information (PII): 12%

Recognizing these risks, many organizations are [taking steps to limit the exposure of sensitive information](https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-privacy-benchmark-study-2024.pdf?CCID=cc000160&DTID=odicdc000016&OID=rptsc032067).

**63%** of organizations have limited the types of data that can be entered into GenAI tools.

**61%** have limits on which GenAI tools can be used.

**27%** have banned GenAI tools altogether.

While there are legitimate concerns about AI, there is also a strong belief that AI can ultimately benefit consumers, especially if companies use it responsibly.

[62% of Americans who've heard of AI](https://www.pewresearch.org/internet/2023/10/18/how-americans-view-data-privacy/) believe that as companies use AI to collect and analyze personal information, it will be used to make life easier.

[54% of users](https://www.cisco.com/c/en/us/about/trust-center/data-privacy-benchmark-study.html#~responsible-innovation) are willing to share their anonymized personal data to improve AI products and services.

[73% of consumers](https://www.redpointglobal.com/press-releases/73-of-consumers-believe-ai-can-have-a-positive-impact-on-their-customer-experience/) believe AI can have a positive impact on their customer experience.

Organizations know that to build trust, they need to reassure consumers about how their data is being handled.

[91% of organizations](https://www.cisco.com/c/en/us/about/trust-center/data-privacy-benchmark-study.html#~responsible-innovation) say they need to do more to reassure customers about how their data is used with generative AI.

Interestingly, companies that have deployed AI and automation in their security operations are seeing significant cost savings, illustrating how AI can also play a role in improving security.

- Companies that deployed AI and automation to their security operations saved [an average of USD 2.22 million per breach](https://www.ibm.com/reports/data-breach) compared to those that didn't use these technologies.

As generative AI continues to grow, concerns around data privacy and security will only increase. For businesses, this means taking proactive steps to provide transparency and protect user data.

### Data privacy breaches

Unfortunately, data breaches continue to escalate in frequency and impact. This poses a significant risk for companies and consumers alike.

- Personal customer information (such as names, email addresses, and passwords) is included in [44% of data breaches](https://newsroom.ibm.com/2021-07-28-IBM-Report-Cost-of-a-Data-Breach-Hits-Record-High-During-Pandemic).
- The cost of cybercrime is anticipated to reach [USD 10.5 trillion annually](https://www.microsoft.com/en-us/security/blog/2016/01/27/the-emerging-era-of-cyber-defense-and-cybercrime/) by the end of 2025.
- The estimated cost of cybercrime worldwide is expected to rise by [USD 6.4 trillion (69.41%) between 2024 and 2029](https://www.statista.com/forecasts/1280009/cost-cybercrime-worldwide).

These figures demonstrate how the financial burden of data breaches continues to climb.

- In 2024, data breaches continued to be an expensive challenge for organizations globally. The average cost of a breach [increased by 12% from the previous year, reaching USD 4.62 million](https://www.ibm.com/reports/data-breach).
- Phishing attacks became a common threat in 2024, accounting for [nearly 30% of all breaches globally](https://www.ibm.com/reports/data-breach).
- Phishing and business email compromise attacks are among the most frequent and costly, [averaging USD 4.88 million per breach](https://www.ibm.com/reports/data-breach).

Certain industries remain particularly vulnerable to cyberattacks, with manufacturing and healthcare leading the way in breach frequency and financial loss.

In 2023, manufacturing saw the [highest share of cyberattacks among the leading industries worldwide](https://www.statista.com/statistics/1315805/cyber-attacks-top-industries-worldwide/). Over the course of the year:

- Manufacturing companies experienced nearly a quarter of the total cyberattacks.
- Finance and insurance organizations followed, with around 18%.
- Professional, business, and consumer services ranked third, with 15.4% of reported cyberattacks.

The healthcare sector remains particularly vulnerable. Last year, ransomware breaches in healthcare cost [an average of USD 10.93 million per incident](https://www.ibm.com/reports/data-breach).

However, not all news is negative. More organizations are stepping up their response to data breaches by notifying customers and taking proactive measures to limit the damage.

- [A 2024 survey](https://www.statista.com/statistics/1455257/us-companies-alert-customers-of-data-breach/) of US small business leaders and IT professionals found that over 90% notify customers after a data breach, while only 5% do not.

### The positive aspects of investing in data privacy

Investing in data privacy has proven to be more than just a regulatory requirement. It's a smart business decision with substantial financial benefits.

As consumers become more conscious of how their data is handled, businesses that prioritize privacy are seeing tangible returns.

- From 2019 to 2024, overall spending on data privacy [more than doubled](https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-privacy-benchmark-study-2024.pdf?CCID=cc000160&DTID=odicdc000016&OID=rptsc032067).
- [Over 70% of business professionals](https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-privacy-benchmark-study-2023.pdf) report receiving "significant" or "very significant" benefits from their data privacy efforts.

The return on investment for data privacy efforts is also impressive.

- Most companies see a very positive return on their privacy investment, and [over 40% see benefits at least double their privacy spend](https://blogs.cisco.com/security/from-privacy-to-profit).
- For every dollar spent on privacy, the average company receives [USD 2.70 in associated benefits](https://www.cisco.com/c/en/us/about/trust-center/data-privacy-benchmark-study.html).

Investing in privacy also creates stronger relationships with customers and improves overall efficiency.

[80% of organizations](https://www.cisco.com/c/en/us/about/trust-center/data-privacy-benchmark-study.html) report increased customer loyalty and trust as a result of their investments in data privacy.

In fact, [84% of consumers](https://www.salesforce.com/news/stories/state-of-the-connected-customer-report-outlines-changing-standards-for-customer-engagement/) are more loyal to companies that have strong security controls.

[78% report](https://www.cisco.com/c/en/us/about/trust-center/data-privacy-benchmark-study.html) increased operational efficiency, agility, and innovation.

These statistics demonstrate the benefits of investing in data privacy. It not only helps companies stay legally compliant but also drives real, measurable benefits.

### Data privacy software and technologies statistics

The rise in data privacy concerns has fueled significant growth in data privacy software and technologies. With increasing regulatory pressures and rising consumer awareness, organizations are turning to innovative solutions to stay ahead.

Here's a snapshot of future trends in the data privacy technology market:

- The global data privacy software market is projected to grow from [USD 5.37 billion in 2025 to USD 45.13 billion by 2032 — a 35.5% compound annual growth rate (CAGR](https://www.fortunebusinessinsights.com/data-privacy-software-market-105420)).
- The US data privacy software market is expected to reach [USD 17.19 billion by 2032](https://www.fortunebusinessinsights.com/data-privacy-software-market-105420).

As the market expands, smaller businesses are also jumping on board, contributing to the rapid adoption of privacy technologies across various sectors.

- Small and medium-sized businesses (SMBs) are increasingly adopting consent management platforms, with this segment [projected to grow at a CAGR of 10.6%](https://www.futuremarketinsights.com/reports/consent-management-market).

Larger organizations are also stepping up their investments, integrating advanced privacy-enhancing techniques into their operations.

- By the end of 2025, [60% of large organizations will use at least one privacy-enhancing computation (PEC)](https://www.gartner.com/en/newsroom/press-releases/2022-05-31-gartner-identifies-top-five-trends-in-privacy-through-2024) technique in analytics, business intelligence, and/or cloud computing to protect data in use.

Despite the sometimes hefty investment, most businesses know that it's worth it.

- [95% of organizations](https://www.cisco.com/c/en/us/about/trust-center/data-privacy-benchmark-study.html) say the benefits of investing in data privacy exceed costs.

---

## Three key takeaways for privacy-conscious companies

Data privacy is more challenging than ever. Stricter regulations, rising consumer skepticism, and rapid tech changes mean businesses must keep adapting. To stay ahead, companies need to be transparent, treat privacy as a competitive advantage, and prepare for more regulations and the rise in AI.

Here are three key takeaways companies should keep in mind.

- **Transparency builds trust**
  It's not enough to protect data, you need to show customers you're doing it. Be clear about what data you collect, why, and how you use it. Write privacy policies people can actually understand, offer easy opt-out options, and treat customer data as a privilege, not a right.
- **Privacy is a competitive advantage.**
  It isn't just about regulatory compliance, it's a way to stand out. Strong privacy practices reduce risk and build customer trust, which benefits the bottom line. Create privacy-first products and systems, give users control over their data, and make privacy part of your brand. Customers are simply more loyal to companies they trust.
- **Companies need to stay ahead of new technologies.**
  As AI and other technologies evolve, privacy must be a priority. Set ethical guidelines, do due diligence on new tools, keep AI practices transparent, and train your team to spot privacy risks and take precautions with day-to-day operations. Staying ahead of regulations is better than scrambling to catch up.

---

## Frequently asked questions

### What is data privacy?

Data privacy is about keeping your personal information safe from people who shouldn't see it. It means controlling who can access, use, or share your data.

### How do you assess data privacy?

Assessing data privacy involves evaluating how personal data is collected, stored, processed, and shared to identify risks and comply with privacy laws like the GDPR. This process typically includes mapping data flows, analyzing privacy risks, reviewing security measures, and engaging stakeholders to strengthen protections and accountability.

### What are the statistics for data privacy?

In 2025, consumer awareness of data privacy is higher than ever. 92% of Americans worry about their online privacy, and 76% say companies should do more to protect their data. Data breaches are also a major issue, with personal information like names and passwords exposed in 44% of cases, costing businesses millions each year.

### What are the top 3 major data privacy risks?

The most significant data privacy risks are: large data volumes that are hard to protect, unclear data ownership creating security gaps, and evolving cyber threats targeting sensitive information. Data breaches also remain a major concern, as they can lead to financial losses, reputational damage, and legal issues.

---

## Products
- [Usercentrics Web CMP](https://usercentrics.com/website-consent-management/)
- [Usercentrics App CMP](https://usercentrics.com/in-app-sdk/)
- [Usercentrics CTV CMP](https://usercentrics.com/usercentrics-ctv-cmp/)
- [Privacy Policy Generator](https://usercentrics.com/privacy-policy-generator/)
- [Server-side Tagging Solution](https://usercentrics.com/server-side-tracking-solution/)
- [Preference Manager](https://usercentrics.com/preference-management/)
- [Audience Unlocker](https://usercentrics.com/audience-unlocker/)
- [Integrations](https://usercentrics.com/integrations/)
- [Web Compliance Scan](https://usercentrics.com/privacy-compliance-scanner/)
- [App Compliance Scan](https://usercentrics.com/app-data-privacy-audit/)
- [ROAS Calculator](https://usercentrics.com/roas-calculator/)

## Solutions
- [Data Privacy Regulatory Compliance](https://usercentrics.com/data-privacy-regulatory-compliance/)
- [Marketing Performance Optimization](https://usercentrics.com/marketing-performance-optimization/)
- [Migration](https://usercentrics.com/migration/)
- [Media & Publishing](https://usercentrics.com/media-publishing/)
- [Retail & Ecommerce](https://usercentrics.com/retail-ecommerce/)
- [Banking, Finance & Insurance](https://usercentrics.com/banking-finance-insurance/)
- [Healthcare & Pharmaceuticals](https://usercentrics.com/healthcare-pharmaceuticals/)
- [Gaming](https://usercentrics.com/gaming/)
- [Education](https://usercentrics.com/education/)
- [Automotive](https://usercentrics.com/automotive/)
- [Travel & Hospitality](https://usercentrics.com/travel/)

## Regulations & Frameworks
- [GDPR (EU)](https://usercentrics.com/gdpr/)
- [GDPR (UK)](https://usercentrics.com/uk-gdpr/)
- [CCPA (California)](https://usercentrics.com/ccpa/)
- [TCF v2.3 (IAB)](https://usercentrics.com/cmp-for-publishers/)
- [DMA (EU)](https://usercentrics.com/digital-markets-act-dma/)
- [Amazon Consent Signal](https://usercentrics.com/usercentrics-cmp-and-amazon-consent-signal/)
- [Google Consent Mode (EU)](https://usercentrics.com/usercentrics-cmp-and-google-consent-mode-v2/)
- [Microsoft UET Consent Mode (EU)](https://usercentrics.com/usercentrics-cmp-and-microsoft-consent-mode/)
- [Microsoft Clarity Consent Mode](https://usercentrics.com/usercentrics-cmp-and-microsoft-clarity-consent-mode/)
- [View all regulations](https://usercentrics.com/regulations-and-frameworks/)

## Resources
- [Blog](https://usercentrics.com/knowledge-hub/)
- [Whitepapers](https://usercentrics.com/whitepapers/)
- [Checklists](https://usercentrics.com/checklists/)
- [Courses](https://courses.usercentrics.com/)
- [Case Studies](https://usercentrics.com/case-studies/)
- [Privacy-Led Marketing](https://usercentrics.com/privacy-led-marketing/)
- [Events](https://usercentrics.com/webinar/)
- [CONSENTED Podcast](https://usercentrics.com/consented/)
- [Guides](https://usercentrics.com/guides/)
- [Release Notes](https://releases.usercentrics.com/en)
- [Developer Documentation](https://usercentrics.com/docs/)
- [RFI Template](https://usercentrics.com/resources/usercentrics-rfi-template/)
- [Customer Directory](https://usercentrics.com/usercentrics-customer-directory/)

## Company
- [About Us](https://usercentrics.com/about-us/)
- [Press](https://usercentrics.com/press/)
- [Our Offices](https://usercentrics.com/contact/)
- [Trust Center](https://trust.usercentrics.com/)
- [Careers](https://usercentrics.com/career/)
- [Open Positions](https://apply.workable.com/usercentrics/)
- [Diversity & Inclusion](https://usercentrics.com/dei/)

## Support
- [General Support](https://support.usercentrics.com/hc/en-us)
- [Contact Sales](https://usercentrics.com/book-a-consultation/)
- [Technical Support](https://support.usercentrics.com/hc/en-us/requests/new)
- [Billing & Account](https://support.usercentrics.com/hc/en-us/categories/12253804608156-Account-and-billing)
- [Suggest a Feature](https://support.usercentrics.com/hc/en-us/requests/new?ticket_form_id=10610312381340)
- [Partner Login](https://partnerportal.usercentrics.com/)
- [Partner Program](https://usercentrics.com/partner-program-overview/)
- [Affiliate Program](https://usercentrics.com/affiliates/)

## Legal
- [Terms & Conditions](https://usercentrics.com/terms-and-conditions/)
- [Terms & Conditions USA](https://usercentrics.com/terms-and-conditions-usa/)
- [Privacy Policy](https://usercentrics.com/privacy-policy/)
- [Legal Notice](https://usercentrics.com/legal-notice/)
- [Legal Documents](https://usercentrics.com/legal-documents/)
- [Accessibility Statement](https://usercentrics.com/accessibility-statement-wcag-compliance/)

© 2026 Usercentrics GmbH