Privacy is becoming invisible; the business consequences won’t be

It’s easy to forget how much changed around privacy when a single letter entered the internet’s vocabulary. It was, of course, the “S” in HTTPS (standing for Secure). Despite being introduced in the mid-1990s to encrypt connections, adoption was slow and for years it was used only for obviously sensitive things.

 

Most businesses didn’t worry back then, which meant that by 2014, fewer than 30% of web pages were loaded via HTTPS. That changed rapidly when Google began boosting HTTPS sites in search rankings, browsers marked HTTP pages as “not secure”, and the public started to take note. The shift was inevitable, and today, it’s a very different story, with businesses now actively worried about the safety of their data.

 

Last year, 96.8% of U.S. webpages, 95.7% in Europe and 96.2% in Oceania were loaded via HTTPS, meaning encrypted connections have become a baseline expectation, both unremarkable and unavoidable. In fact, any business still using HTTP is instantly branded untrustworthy and obsolete.

 

But as we head deeper into 2026, privacy is now being pushed further up the stack.

 

 

What’s changed?

For me, a number of factors, all colliding at once, are instigating this shift in thinking:

• AI has moved from experimentation to production: In 2024–2025, many AI deployments were still pilots or limited-scope tools. Now we’re in 2026, however, AI is already embedded into core workflows, including pricing, decisioning, R&D, legal, healthcare, and finance. And what happens when AI touches core IP and regulated data? Privacy stops being optional.
• Boards have become directly accountable for AI risk: AI governance has moved from what was previously abstract policy to what is now more of a fiduciary responsibility. This has been down to a number of high-profile failures—data leaks, model inversion attacks, regulatory enforcement, and AI misuse scandals. It’s caused Boards to stop asking “Is privacy nice to have?” and start asking “Can we prove data never leaked?”
• Large buyers have started to reset procurement standards: As a few major enterprises and public-sector actors set privacy-preserving architectures as default requirements, we’re seeing the market tip. This is how security certifications and cloud standards became mandatory. Once a handful of large players demand it, the rest of the ecosystem follows quickly.
• Competitive pressure is rising: Alongside looming regulation changes, companies are also starting to see competitors moving faster, accessing better data, and closing deals that they cannot. When privacy becomes a revenue enabler, accelerating sales cycles, and not just a risk control, businesses tend to take note. It’s all about that bottom line.

With the above in mind, it’s clear that businesses want the utility of AI/Cloud; but the fear of security that’s not up to scratch is real. Up until now, it’s caused somewhat of a utility vs. security trade-off.

 

However, 2026 has brought about one other significant change that I believe will see this trade-off fizzle out, and that’s huge developments in privacy technology.

 

Advanced encryption technologies, including fully homomorphic encryption (FHE), now allow data to be processed securely while it remains encrypted, not just while it’s in transit, and it can do it at scale and at speed. Thanks to these changes, we’re effectively seeing the blockchain equivalent of HTTPS, or as we call it “HTTPZ”, now materialise.

 

 

The early adopters vs the late adopters

The divide between those who embrace "invisible" privacy and those who hesitate is now a defining business metric.

 

The Early Adopters. Those building on an "HTTPZ" framework—where confidentiality is baked into the infrastructure—gain immediate velocity. By moving trust from legal contracts to the code itself, they:

• Slash Sales Cycles: Solving privacy at the infra level turns a six-month security review into a one-week check-box exercise.
• Access High-Signal Data: Customers share richer data when they know it’s encrypted-in-use, creating a "data moat" that competitors cannot match.
• Unlock New Markets: They enable cross-border collaborations that were previously impossible due to residency or secrecy laws. 

The Late Adopters. Businesses treating privacy as a "later" problem will find it cannot be retrofitted. These companies will:

• Face "Privacy Friction": Attempting to add FHE or confidential computing later is expensive and brittle; it fundamentally shapes system architecture.
• Operate on "Thin" Data: While early movers scale with real-world data, late adopters are stuck training models on sanitized or synthetic datasets.
• Lose Credibility: Just as HTTP is now a red flag for users, failing to provide "invisible" privacy will soon signal that a business is fundamentally obsolete.

By the end of this year, the transition will be complete: privacy will have faded into the background of digital infrastructure, becoming truly invisible. For the leaders who embraced this shift, "HTTPZ" isn’t just a technical achievement—it’s a competitive engine that has replaced grueling procurement hurdles with instant trust.

 

Whether businesses are ready or not, expectations have caught up with capability. In this new landscape, treating privacy as an optional layer is no longer just a compliance risk; it is a signal of technical obsolescence. Much like the holdouts who clung to HTTP a decade ago, companies that fail to build for confidentiality from day one will find themselves locked out of the high-value AI economy, judged as untrustworthy relics of a less secure era.

 

---

 

Jeremy Bradley is COO at Zama

 

Main image courtesy of iStockPhoto.com and Alexander Sikov