State of Privacy ISACA Report

15% said a material privacy breach in the next 12 months was likely.

30% of respondents in North America said they experienced difficulties in retaining privacy professionals, compared to 60% of respondents in Latin America.

21% said the chief privacy officer was primarily accountable for privacy.

31% plan to use AI for privacy in the next 12 months.

66% of organisations provide privacy training annually.

54% track the number of privacy incidents to evaluate privacy training effectiveness.

61% said privacy awareness training was separate from security training.

29% indicated there were open technical privacy positions.

24% expect their privacy budget to stay the same in the next 12 months.

54% of privacy professionals interact with internal audit.

24% of respondents said they were increasingly relying on AI or automation to address privacy skill gaps, compared to 18% last year.

48% of enterprises are using training to allow nonprivacy staff who are interested to move into privacy roles.

59% said resource shortages made their privacy role more stressful.

39% said it was neither easy nor difficult to identify/understand privacy obligations.

78% of privacy professionals frequently interact with information security.

49% perform a privacy risk assessment to monitor their privacy programs.

87% of respondents said their organisation provided privacy awareness training for employees.

73% of respondents said expert-level privacy professionals were the most difficult to hire.

67% of respondents said their enterprise practiced privacy by design when building new applications and services.

61% track the number of employees who have completed privacy training.

46% of respondents felt their technical privacy team was understaffed.

42% of respondents indicated a data breach/leakage was a common privacy failure.

57% of respondents believed their board of directors adequately prioritized privacy.

74% said their organisation’s privacy strategy was aligned with organisational objectives.

96% of respondents consider compliance/legal experience important in determining if a privacy candidate was qualified.

68% of respondents said that addressing privacy with documented privacy policies, procedures, and standards was mandatory.

36% of privacy professionals cited management of risk associated with new technologies as an obstacle.

29% expect their privacy budget to increase in the next 12 months.

61% said compliance challenges made their privacy role more stressful.

70% of privacy professionals interact with legal and compliance.

38% of respondents believed their legal/compliance privacy team was understaffed.

51% of respondents believed the demand for legal/compliance privacy roles would increase in the next year.

22% of respondents indicated their organisation had open legal/compliance practitioner roles.

94% of respondents consider prior hands-on experience in a privacy role important in determining if a privacy candidate was qualified.

93% consider technical experience and credentials in a privacy role important in determining if a privacy candidate was qualified.

10% saw a decrease in their privacy budget in the past 12 months.

48% perform a privacy impact assessment to monitor their privacy programs.

22% of respondents currently use AI for privacy-related tasks.

27% of respondents always practiced privacy by design.

80% of those in enterprises that always practiced privacy by design said their board adequately prioritized privacy.

The median staff size among enterprises that always practiced privacy by design was 11, compared to eight among enterprises overall.

57% of respondents believed the demand for technical privacy roles would increase in the next year.

82% of respondents use a framework or law/regulation to manage privacy in their organisation.

38% of respondents said their organisation experienced difficulties retaining qualified privacy professionals.

86% of respondents said privacy training and awareness programs had a positive impact on overall employee privacy awareness.

40% of respondents felt completely or very confident in their organisation’s ability to ensure the privacy of its sensitive data.

12% of respondents' organisations experienced a material privacy breach in the past 12 months.

16% of respondents indicated that the speed of filling open legal/compliance privacy roles increased.

18% indicated the speed of filling technical privacy roles increased.

65% of privacy professionals interact with risk management.

43% of respondents believed their privacy budget was underfunded.

36% of respondents felt their privacy budget was appropriately funded.

72% of respondents in enterprises that always practiced privacy by design felt completely or very confident in their ability to ensure data privacy and achieve compliance with new privacy laws.

10% of those who always practiced privacy by design experienced a material privacy breach in the past year.

63% of privacy professionals interact with IT operations and development.

9% of respondents in enterprises whose boards viewed privacy programs as purely compliance driven reported currently using AI for privacy.

18% of those who always practiced privacy by design reported currently using AI for privacy-related tasks.

50% of respondents in enterprises that always practiced privacy by design said their enterprise privacy budget was appropriately funded.

28% said more than half of technical privacy applicants were well qualified for the role.

38% of privacy professionals cited a complex international legal and regulatory landscape as an obstacle.

37% of privacy professionals cited a lack of competent resources as an obstacle.

47% of respondents indicated a lack of training or poor training as a common privacy failure.

29% of respondents indicated that more than half of legal/compliance privacy applicants were well qualified for the role.

41% indicated not practicing privacy by design was a common privacy failure.

35% said the number of data subject requests they received increased in the past year.