94% of businesses acknowledge a privacy skills gap

ISACA is calling on businesses to overhaul their approach to addressing the privacy skills gap to look beyond experience and instead focus on training and upskilling.

  • Tuesday, 17th January 2023 Posted 1 year ago in by Phil Alsop

Privacy is a critical component of digital trust – it contributes to a more positive reputation and fewer cybersecurity incidents for the companies that prioritise it. Global digital trust association, ISACA, believes that businesses are aware of its significance; according to its 2023 “Privacy in Practice” report published today, 87% of organisations in Europe offer privacy awareness training to employees. But they’re missing the mark as most (94%) companies recognise a privacy skills gap within their business.  

 

ISACA’s “Privacy in Practice” report explores the state of enterprise privacy by examining trends around privacy teams, privacy-related challenges, privacy by design and the future of privacy. 

 

The report reveals that as it stands, more than half (59%) of technical privacy teams in Europe are understaffed. Building these departments is a challenge, with 1 in 5 businesses saying it takes them more than six months to fill a technical privacy position and 41% saying their privacy budgets are underfunded. 

 

The most reported privacy failures include a lack of training or poor training (49%); data breaches (38%); and not practising privacy by design (39%). With just 38% of business leaders confident in their organisation’s ability to ensure the privacy of its sensitive data, businesses need to change their approach to closing the privacy skills gap or risk jeopardising their relationships with customers and damaging the reputation of the business. 

 

Chris Dimitriadis, Global Chief Strategy Officer, ISACA says: “Privacy professionals play a key role in establishing digital trust. As technology advances, introducing new complexities and threats and as the cyberthreat landscape increases in size and sophistication, demand for these individuals is only going to grow. Heightened privacy skills demand is good news for candidates with privacy technology knowledge but also bad news for businesses that are struggling to close the privacy skills gap. As our new research highlights, businesses need to consider changing their training programmes and adopt privacy by design to limit the number of privacy breaches, build digital trust, and set the business up for long term success.”

 

Tony Hughes, ISACA Emerging Trends Working Group Member, adds: “Only searching for candidates with specific experience and technical privacy skills is an outdated mindset – it immediately limits businesses to a small pool of people. Instead, organisations need to lean on reskilling people in non-privacy roles, using contract employees and focusing on individuals with the right soft skills to reduce the privacy skills gap.”