Privacy budgets set to decrease in 2025, new research from ISACA reveals

Companies investing in privacy are seeing benefits in appropriately staffed teams and decreased skills gaps.

  • Wednesday, 22nd January 2025 Posted 2 months ago in by Phil Alsop

More than two in five (45%) privacy professionals in Europe believe that their organisation’s privacy budget is underfunded. This marks an increase from 41% in 2024 – and more than half (54%) expect budgets to decrease further in 2025. That’s according to new research from ISACA, the leading global professional association helping individuals and organisations in their pursuit of digital trust.

Despite the maturity of the General Data Protection Regulation in Europe, only a third (38%) of European professionals are confident in their organisation’s ability to safeguard sensitive data. With only a quarter (24%) of European organisations always practicing Privacy by Design, many risk falling short of compliance with GDPR and new frameworks like the Digital Services Act and AI Act.

Half (52%) of technical privacy teams in Europe remain understaffed, only marginally improving from 53% in 2024 as organisations continue to encounter difficulties with staff retention. 37% of European organisations struggle to retain qualified privacy professionals.

Chris Dimitriadis, Global Chief Strategy Officer at ISACA, said, “As the threat landscape continues to evolve in complexity, privacy is becoming a sector which is increasingly difficult to operate in, but also more critical. Two thirds (66%) of the European professionals working in privacy roles who we spoke to said their job is more stressful now compared to five years ago. This is only being exacerbated by continued underfunding. While companies may be making a short-term financial gain, they are putting themselves at long-term risk.”

European organisations who always practice Privacy by Design are more likely to say they have appropriately staffed privacy teams and decreased privacy skills gaps. 43% of European organisations who always practice Privacy by Design say their technical privacy teams are appropriately staffed (versus 33% of those who do not) and 58% are highly confident in their technical privacy teams as a result.

More than half (56%) of European organisations who always practice Privacy by Design have decreased privacy skills gaps by training non-privacy staff who are interested to move into privacy roles, compared to 44% of those who do not.

A skilled and supported workforce is key to ensuring Privacy by Design is achievable. The biggest skills gaps reported by European organisations are experience with different types of technologies and/or applications (62%); technical expertise (49%); and IT operations knowledge and skills (45%).

To combat the skills gap and wider privacy challenges they are facing, 47% of European organisations offer training to allow non-privacy staff to move into privacy roles. Experience is key to filling the skills gap: 95% of respondents consider compliance and legal experience an important factor in determining if a privacy candidate is qualified, and 89% consider credentials important, compared with only 54% for a university degree.

Dimitriadis continues: “Practicing Privacy by Design and embedding privacy across an entire enterprise is key to long-term data protection. Such a comprehensive approach fosters trust with stakeholders and safeguards against ever-evolving threats – but this isn’t possible without skilled privacy teams who feel prepared and able to drive privacy practices from a technology, business and compliance point of view.

“There are several ways to plug the skills gap. Providing training and continuous support for privacy staff on emerging technologies, privacy-enhancing technologies, and cybersecurity and data protection architectures on top of legal compliance knowledge is essential for managing their stress and maintaining organisational resilience.”

Failure to prioritise testing and integrate generative AI tools raises concerns as agentic AI adds pressure.

CIOs 'overspend' on cloud

Posted 3 days ago by Phil Alsop
43% of CIOs say their CEOs and/or board of directors have concerns about their company’s cloud spend.
Research revealed at Coterie Connect event highlights shifting team structures, evolving skills priorities, and urgent training needed for partner...
Endava has launched its latest research report “AI and the Digital Shift: Reinventing the Business Landscape”.

3,000% surge in enterprise use of AI/ML tools

Posted 1 week ago by Phil Alsop
Zscaler has released the ThreatLabz 2025 AI Security Report, based on insights from more than 536 billion AI transactions processed between February...
Over one in four (28%) British small business owners have used AI tools to help run their business.

Tech fragmentation cited as biggest cyber challenge

Posted 1 week ago by Phil Alsop
New Palo Alto Networks data shows 82% of UK organisations confident in their use of AI, despite AI being identified as biggest cyber risk for 2025.
MIT researchers crafted a new approach that could allow anyone to run operations on encrypted data without decrypting it first.