ISACA’s State of Privacy 2025 report delves into the latest trends in staffing, budgets, training and obstacles from more than 1,600 global professionals. Read on for some of the highlights from the report, and access the archived webinar to hear the full insights.
As explored in the webinar, ISACA’s report found that median privacy staff size went from nine last year to eight this year. Both legal/compliance and technical privacy roles continue to be in demand, with 51% saying demand for legal/compliance roles would increase in the next year, and 57% saying demand for technical privacy roles would increase in the next year.
However, many privacy professionals are still lacking certain qualifications, and the top three skill gaps identified by respondents all have something in common: experience. They are: experience with different types of technologies and/or applications (61%), experience with frameworks and/or controls (49%), and technical expertise (48%). Although the top strategy to address the privacy skills gap is training to allow non-privacy staff who are interested to move into privacy roles (48%), it’s interesting to note that 24% indicated an increased reliance on AI or automation.
The survey found more respondents are currently using AI for privacy-related work this year than last year, and fewer respondents said they have no plans to use AI for privacy than they did last year. The use of AI for privacy-related tasks is higher in organizations that are not purely compliance-driven. Only 9% of respondents whose boards view privacy as purely compliance-driven currently use AI for privacy-related work, compared to 14% for those with an ethical or combination view of privacy programs.
“This illustrates why just treating compliance as your end-all, be-all goal, is a flawed system,” said Safia Kazi, ISACA’s principal, privacy professional practices, and co-presenter of the webinar. “Technology moves faster than laws and regulations can. If you’re waiting for someone to tell you how you can safely, ethically, and responsibly adopt tech, you may fall behind your competitors who have their own standards of responsible tech.”
This year, ISACA sought to understand the levels of stress privacy professionals are experiencing, and 63% percent of respondents shared that their privacy roles are more stressful now than five years ago. One of the top reasons respondents shared for this is technology’s rapid evolution (63%) and how enterprises have rushed to adopt new tech, such as generative AI, without adequate consideration of the associated privacy risks. This rushed adoption can lead to privacy professionals having to be reactive instead of proactive. Compliance challenges are another top reason for the increase in stress (61%).
The top three obstacles respondents indicated were: complex international legal and regulatory landscape (38%), lack of competent resources (37%), management of risk associated with new technologies (36%). Meanwhile, the most common privacy failures were: lack of training or poor training (47%), data breach/leakage (42%), and not practicing privacy by design (41%).
This year, 48% of respondents noted they think their privacy budgets will decrease in the next 12 months. This is consistent with last year’s findings, but fortunately, only 10% of respondents saw a decrease in their privacy budget in the past 12 months, so it’s possible this will trend similarly.
Watch ISACA’s webinar to hear more insights from the survey, and view the full report at http://ub5s.jayconscious.com/resources/state-of-privacy-survey.
