Between Promise and Practice: Challenges and Misperceptions of Applying Privacy Enhancing Technologies in Business Contexts

Johannes Lohmöller, Hajeong Jeon, Jael Hentschel, Klaus Wehrle, Jan Pennekamp
January 2026
Cite

Abstract

Applying privacy-enhancing technologies (PETs), such as homomorphic encryption or differential privacy, promises to improve organizational cybersecurity strategies. However, in business contexts, significant gaps manifest between their technical capabilities and organizational perceptions, indicating a mismatch between promise and practice. This paper presents the first comprehensive meta-analysis of organizational PET perceptions through a systematic review of 34 empirical studies. Our findings reveal that while regulatory pressures and reputational considerations drive adoption, organizations face substantial practical challenges, including complexity management and insufficient understanding of technological capabilities. Even experienced practitioners show misperceptions about PET functionality, leading to misconfigurations that undermine promised privacy benefits. Thus, misperceptions directly impact cybersecurity effectiveness, as organizations may overestimate deployed protections or underutilize available capabilities. Consequently, our analysis highlights the need for and recommends implementing improved education, regular re-assessments of current beliefs regarding PETs, and transparency mechanisms to translate potential into successful enterprise cybersecurity.

Type
Conference paper
Publication
Proceedings of the 59th Hawaii International Conference on System Sciences (HICSS)
Johannes Lohmöller, M.Sc.
Johannes Lohmöller, M.Sc.
Researcher
Hajeong Jeon, M.Sc.
Hajeong Jeon, M.Sc.
Researcher
Placeholder Avatar
Jael Hentschel
Klaus Wehrle
Klaus Wehrle
Head of Group
Dr. rer. nat. Jan Pennekamp
Dr. rer. nat. Jan Pennekamp
Postdoctoral Researcher