Click here to visit Original posting
As the digital landscape evolves, data protection must become a governing business principle. Despite its significance, however, privacy professionals feel they are working in underfunded teams, leaving their organizations vulnerable to security breaches. Without proper investment and support, privacy teams are struggling, and businesses are exposed to unnecessary risks.
While new legislation has initiated pathways to address these issues, achieving compliance remains a struggle for overstretched workforces. Meanwhile, threats are continuing to evolve, and professionals are struggling to keep pace with adversaries. It is vital that business leaders begin to approach privacy not just as a compliance requirement, but as a strategic imperative.
The current privacy landscape: why businesses must take action
The importance of privacy goes beyond the legal requirements – it is a fundamental element of business integrity and customer trust with financial and reputational ramifications for all organizations. Impacts of improperly protected data extend across entire supply chains and affect stakeholders at every level, from executives to customers.
But the findings of ISACA’s new State of Privacy 2025 research highlight concerning trends for the landscape of privacy operations. Worryingly, just 38% of European professionals feel confident in their organization's ability to safeguard sensitive data.
This raises serious concerns for businesses, suggesting that vast amounts of data are potentially exposed to cybercriminals, fueling threats such as ransomware attacks. The exchange of personal data has become entrenched in modern business operations, so weak protective frameworks leading to data exposure can undermine business credibility and create distrust in client relationships. This is hugely damaging for a business's bottom line.
So, what’s driving this crisis of confidence among privacy professionals? The research reveals some concerning statistics. 45% of professionals believe their organization's privacy budget is underfunded, a rise of 4% from 2024. And things aren’t set to improve anytime soon, with over half (54%) of the respondents predicting further budget cuts within the next year.
This severe underfunding is taking a direct toll on staffing. 52% of technical privacy teams report being understaffed and over a third (37%) are struggling to retain qualified privacy professionals. It’s clear that a lack of investment is the core issue here – but whilst these cost-cutting measures may yield short-term financial gains, the long-term risks are substantial.
And privacy professionals are not just negatively impacted by a lack of funding. Their situation is exacerbated by the complexities and evolution of the current threat landscape. Bad actors are escalating data attacks against both private and public sector organizations, and cyber criminals are also using AI to increase the sophistication of attacks by co-opting the technology to write code that bypasses existing defenses. Working within this environment, it is unsurprising that two thirds (66%) of professionals surveyed said their job is more stressful now compared to five years ago.
The digital world is rapidly changing but is also increasingly ubiquitous throughout workplaces. Business leaders must acknowledge the challenges their privacy teams are facing as a first step towards implementing meaningful solutions.
Regulation and compliance: challenges and opportunities
The regulatory landscape continues to develop. In the last year, we have seen some key milestones including the EU AI Act and the one-year mark of the Corporate Code of Governance. In addition, seven years on from its introduction, the General Data Protection Regulation in Europe is continuing to have positive impacts on data protection.
These regulations provide a helpful framework for organizations to reassess how they interact with privacy at a fundamental level. In many cases it is no longer a choice, but a legal business demand. There’s no doubt that these regulations are a critical step towards creating resilient data protection across networks.
However, ISACA’s research has found that only 24% of European organizations are always practicing Privacy by Design, meaning many businesses risk falling short of compliance with GDPR and new frameworks like the Digital Services Act and AI Act.
Organizations who always practice Privacy by Design have seen tangible benefits. They report stronger teams, with 43% of technical privacy teams adequately staffed, compared to just 33% in businesses who do not practice Privacy by Design.
As a result, 58% of those always practicing are highly confident in their teams. Additionally, they are making crucial strides in closing the privacy skills gap – in fact, 56% provide training for non-privacy staff looking to transition into the field, compared to 44% in organizations who do not practice Privacy by Design.
However, compliance is not always straightforward. As established, many privacy teams are already working beyond their capacities due to chronic underfunding, making it difficult to meet regulatory requirements effectively. While regulations provide a useful framework for businesses, even the strongest guidelines become powerless without a trained workforce to implement them.
To achieve compliance and maintain strong privacy standards, organizations must first address structural challenges – starting with increased investment in privacy staff, ensuring their access to comprehensive training and resources.
AI’s role in privacy: promise and perils
In recent years, AI has had a transformative impact on workplaces across many sectors. As AI continues to rapidly evolve, its role in current and future business practices cannot be overstated. What organizations must do now, however, is strategically consider how best to fully reap its benefits in a safe and effective way – and how to mitigate its risks.
Privacy professionals are already incorporating AI into their work. According to Microsoft, 75% of global knowledge workers are using AI at work. The technology can offer significant advantages to overstretched professionals by speeding up processes and automating routine tasks. It also reduces human error, enhancing accuracy and efficiency in privacy management.
However, businesses must deploy AI with caution, as it cannot replace skilled professionals. Instead, it's true potential lies in enhancing productivity and enabling professionals to work more efficiently. Highly trained cyber teams should be involved at every stage of AI utilization to ensure the technology is used safely.
The bottom line is that safe implementation of AI within privacy work is paramount and, to fully leverage AI’s potential, professionals must receive adequate training on it to ensure responsible and effective use.
In addition, as AI technologies have become more accessible in workplaces, they are also increasingly open to cyber criminals who use AI for malicious purposes. Specifically, AI increases the sophistication of cyberattacks such as phishing, making them harder to detect.
With language models capable of flawlessly replicating human speech, cybercriminals can create highly convincing scams to deceive their targets. From a privacy perspective, it is crucial that businesses are trained to keep pace with bad actors to identify and counter these attacks and prevent important data from being compromised.
What businesses must do now
Privacy professionals are facing a litany of challenges, but there are three key steps businesses should take to help their privacy teams and ensure they can work effectively.
Firstly, to alleviate the understaffing crisis, closing the skills gap is crucial. Nearly half (47%) of European organizations are already training non-privacy staff to transition into privacy roles. We know that credentials and hands-on experience are more important for cyber professionals than degrees, so upskilling is both valuable and accessible with the right investment. Providing proper funding for training in these area such as technical expertise and IT operations knowledge can strengthen the workforce and build long-term resilience.
Organizations must also ensure that they are embracing and capitalizing on new technologies like AI, which can increase efficiency in the workplace. By investing in training for privacy professionals to use this to their advantage, processes can be streamlined to free up precious resources but also be used safely. However, AI must be seen as an enhancement tool, not a replacement for skilled professionals. This technology is only as effective as the individuals trained to use it responsibly.
Thirdly, businesses must undertake an active role in prioritizing privacy within their organizations. Addressing the skills gap will help, as holistically trained professionals can not only identify and implement the right frameworks and controls, but link them to business value, unlocking budgets related to increasing competitiveness of products and serving customer trust.
With new and ongoing threats complicating the challenge of data protection – and with it becoming progressively urgent – business leaders must invest in privacy teams and fold privacy & data protection into their overarching business strategies in order to avoid costly repercussions in the future.
Privacy is no longer just a compliance checkbox – it is a business necessity. Organizations which fail to invest in privacy risk reputational damage, regulatory penalties, and loss of customer trust. Business leaders must act now by investing in people, processes, and technologies to build a resilient and forward-thinking privacy strategy.
We've featured the best business VPN.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro