94% of businesses acknowledge a privacy skills gap

ISACA is calling on businesses to overhaul their approach to addressing the privacy skills gap to look beyond experience and instead focus on training and upskilling.

Privacy is a critical component of digital trust – it contributes to a more positive reputation and fewer cybersecurity incidents for the companies that prioritise it. Global digital trust association, ISACA, believes that businesses are aware of its significance; according to its 2023 “Privacy in Practice” report published today, 87% of organisations in Europe offer privacy awareness training to employees. But they’re missing the mark as most (94%) companies recognise a privacy skills gap within their business.

ISACA’s “Privacy in Practice” report explores the state of enterprise privacy by examining trends around privacy teams, privacy-related challenges, privacy by design and the future of privacy.

The report reveals that as it stands, more than half (59%) of technical privacy teams in Europe are understaffed. Building these departments is a challenge, with 1 in 5 businesses saying it takes them more than six months to fill a technical privacy position and 41% saying their privacy budgets are underfunded.

The most reported privacy failures include a lack of training or poor training (49%); data breaches (38%); and not practising privacy by design (39%). With just 38% of business leaders confident in their organisation’s ability to ensure the privacy of its sensitive data, businesses need to change their approach to closing the privacy skills gap or risk jeopardising their relationships with customers and damaging the reputation of the business.

Chris Dimitriadis, Global Chief Strategy Officer, ISACA says: “Privacy professionals play a key role in establishing digital trust. As technology advances, introducing new complexities and threats and as the cyberthreat landscape increases in size and sophistication, demand for these individuals is only going to grow. Heightened privacy skills demand is good news for candidates with privacy technology knowledge but also bad news for businesses that are struggling to close the privacy skills gap. As our new research highlights, businesses need to consider changing their training programmes and adopt privacy by design to limit the number of privacy breaches, build digital trust, and set the business up for long term success.”

Tony Hughes, ISACA Emerging Trends Working Group Member, adds: “Only searching for candidates with specific experience and technical privacy skills is an outdated mindset – it immediately limits businesses to a small pool of people. Instead, organisations need to lean on reskilling people in non-privacy roles, using contract employees and focusing on individuals with the right soft skills to reduce the privacy skills gap.”

Nebulon has introduced two new zero-trust offerings: Two-Person Commit and Single Sign-on (SSO).
Readiness is critical: 82% of respondents said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months.
New Fortinet research reveals escalating cyber risks due to the ongoing talent shortage while the number of organisations experiencing five or more breaches jumped by 53%.
JUMPSEC reflects on ransomware trends from 2022 and what we can expect in 2023.
78% of companies faced a ransomware attack in 2021. New service helps organisations lower risks and improve response attack readiness.
Cyber risk leader Quod Orbis launches inaugural report into the compliance capability of UK businesses.
Zscaler has introduced enhancements to Zscaler Posture Control, strengthening its cloud native application protection platform (CNAPP) capabilities with data loss prevention (DLP) and ThreatLabz threat intelligence powered by the world’s largest security cloud.
With a 38% increase in global cyberattacks last year, the malicious threat of ransomware continues to grow. It is no longer a matter of ‘if’ an organisation will be hit but ‘when’, and, with the global annual cost of cybercrime predicted to top $8 trillion in 2023, organisations cannot afford to be complacent, argues Christopher Rogers, Technology Evangelist at Zerto, a Hewlett-Packard Enterprise company.