Anticipated drops in privacy budgets come despite half (53%) of organisations reporting that their technical privacy teams are understaffed. Two in five (41%) businesses also state that they have trouble retaining qualified privacy professionals.
“Reducing privacy budgets would be deemed normal if privacy operations were considered mature and mainstream. This however is not the case, and our research highlights that a combination of reduced investments with lack of skills in an increasingly sophisticated cyberthreat landscape is a recipe for disaster. It is also proof that more holistic training at a board and privacy leader level needs to take place for both understanding and communicating the needs respectively.” says Chris Dimitriadis, Global Chief Strategy Officer at ISACA.
To combat some of the challenges they’re facing, organisations have been diligent about providing training to employees – 68% of privacy professionals say their company offers privacy training annually while 58% offer training when new hires are made. 71% of respondents say privacy training and awareness programs have had a positive impact on wider employee privacy awareness.
However, there is still a long way to go for businesses, as only 10% of respondents feel completely confident in their organisation's privacy team's ability to ensure data privacy and achieve compliance with new privacy laws and regulations.
It’s clear that a skills gap still prevails for core privacy staff. Experience with different types of technologies or applications (65%), technical expertise (50%) and IT operations knowledge (42%) are the biggest skills gaps privacy professionals are facing within their teams.
Reassuringly, organisations are taking steps to reduce that skills gap, with 52% offering training to allow non-privacy staff to move into privacy roles, while 39% are increasing the usage of contractors or external consultants.
“Organisations clearly crave expertise when it comes to managing privacy compliance and issues. This starts with putting the right resources towards privacy training and prioritisation. Only then can they protect their data, build trust with consumers, and preserve supplier relationships. Better privacy ultimately benefits us all,” adds Safia Kazi, ISACA principal, privacy professional practices.