New Corinium Research Report Reveals Data Privacy Compliance Top Priority for Companies, Yet Nearly Half Not Concerned About Regulatory Fines

As the data privacy and data governance landscape evolves, study finds customer and partner trust to be the driving motivator for compliance over fines

SAN FRANCISCO--()--Market research firm Corinium today released a new report, The Intersection of Data Privacy and Cybersecurity, which examines how data privacy, governance, and security leaders are empowering cyber-secure digital transformations within their organizations. Research uncovered that the vast majority of participants (94%) ranked data privacy compliance as a top priority for their organization. Yet nearly half (45%) aren't concerned about regulatory fines and penalties despite a growing number of regulations and data breaches. Instead, their motivations are focused more on building trust with their customers and partners. The study of 125 data privacy, governance and security leaders was conducted throughout April and May and sponsored by Okera, the Universal Data Authorization company.

Among the key findings, respondents ranked ensuring data security at a fine-grained level as the top benefit of centralizing data authorization and control. Fine-grained access control provides data owners the ability to dynamically hide, mask, or tokenize data to prevent inappropriate access to confidential, personally identifiable, or regulated data. Further, two-thirds of organizations (64%) report taking a zero-trust, least privilege approach to secure data access all or most of the time.

“It has never been more important for all business leaders to understand the relationship between their organization’s privacy and cybersecurity programs, how the two overlap, where the challenges are, and how they can build upon one another to protect customers, employees, partners and the organization’s brand,” said Nick Halsey, Okera CEO. “It’s clear that as the market continues to grow, more sophisticated organizations will transition to a centralized platform for data authorization and control to ensure access to sensitive data at the fine-grained level, particularly if they want to retain the trust of their customers and partners.”

Reflecting market maturity, the study found that organizations are taking a strategic approach to complying with multiple data privacy laws with nearly half (49%) automating and standardizing enforcement compared to just 6% that are focused on only one privacy regulation. Nearly three-quarters of organizations (72%) have moved at least half of their data to the cloud, and an impressive 70% of leaders stated they’re very or extremely confident they know where all of their data is.

“You take a reputational risk when you fall out of regulatory compliance. If you lose customer trust, you can’t simply pay a fine to fix it,” said Raj Badhwar, SVP and Global CISO, Voya Financial, a participant in the study.

Another participant in the study, Rick Doten, VP, Information Security & CISO at Carolina Complete Health, commented, “We need to know where our data is, what it is, which applications access it, and who uses those applications. Then, we need to be able to tag it and control it. Data governance is the answer.”

Additional Highlights

  • Zero Trust isn’t easy – While 64% of businesses see taking a zero-trust, least privilege approach to data security as a guiding principle, many companies still struggle to centralize their data management capabilities, which is the only way to ensure fine-grained access control over all sensitive data.
  • Better regulatory compliance is the leading driver of data privacy investments The top three drivers of investments into the secure access of confidential, personal, and regulated data are better regulatory compliance (54%), improved business efficiency (50%), and managing costs (44%).
  • Most effective business case – To secure budgets for data privacy and security initiatives, CPOs and CISOs should focus on the most significant risks affecting business operations.

The full report can be downloaded here.

Okera is participating in the Data & Analytics Live US conference taking place this week from June 22-24. Connect with the team during the event to dig into the report findings and discuss how the Okera Dynamic Access Platform can minimize data security risks.

Report Methodology

The report findings are based on a survey of 125 US-based data privacy, governance, and security leaders that was conducted in April and May 2021. The research focused on large companies in North America with 93% of respondents having more than 1000 employees, and 61% having more than 10,000 employees.

About Okera

Okera, the Universal Data Authorization company, helps modern, data-driven enterprises accelerate innovation, minimize data security risks, and demonstrate regulatory compliance. The Okera Dynamic Access Platform automatically enforces universal fine-grained access control policies. This allows employees, customers, and partners to use data responsibly, while protecting them from inappropriately accessing data that is confidential, personally identifiable, or regulated. Okera’s robust audit capabilities and data usage intelligence deliver the real-time and historical information that data security, compliance, and data delivery teams need to respond quickly to incidents, optimize processes, and analyze the performance of enterprise data initiatives.

Okera began development in 2016 and now dynamically authorizes access to hundreds of petabytes of sensitive data for the world’s most demanding F100 companies and regulatory agencies. The company is headquartered in San Francisco and is backed by Bessemer Venture Partners, ClearSky Security, and Felicis Ventures. For more information, visit or contact, or connect with the team on Facebook, LinkedIn, or Twitter.


Jordan Turner