Privacy Budgets Set to Decrease in 2025, New Research From ISACA Reveals

LONDON--(BUSINESS WIRE)--More than two in five (45%) privacy professionals in Europe believe that their organisation’s privacy budget is underfunded. This marks an increase from 41% in 2024 – and more than half (54%) expect budgets to decrease further in 2025. That’s according to new research from ISACA, the leading global professional association helping individuals and organisations in their pursuit of digital trust.

Privacy budgets set to decrease in 2025, new research from #ISACA reveals.

Share

Despite the maturity of the General Data Protection Regulation in Europe, only a third (38%) of European professionals are confident in their organisation’s ability to safeguard sensitive data. With only a quarter (24%) of European organisations always practicing Privacy by Design, many risk falling short of compliance with GDPR and new frameworks like the Digital Services Act and AI Act.

Half (52%) of technical privacy teams in Europe remain understaffed, only marginally improving from 53% in 2024 as organisations continue to encounter difficulties with staff retention. 37% of European organisations struggle to retain qualified privacy professionals.

Chris Dimitriadis, Global Chief Strategy Officer at ISACA, said, “As the threat landscape continues to evolve in complexity, privacy is becoming a sector which is increasingly difficult to operate in, but also more critical. Two thirds (66%) of the European professionals working in privacy roles who we spoke to said their job is more stressful now compared to five years ago. This is only being exacerbated by continued underfunding. While companies may be making a short-term financial gain, they are putting themselves at long-term risk.”

European organisations who always practice Privacy by Design are more likely to say they have appropriately staffed privacy teams and decreased privacy skills gaps. 43% of European organisations who always practice Privacy by Design say their technical privacy teams are appropriately staffed (versus 33% of those who do not) 58% are highly confident in their technical privacy teams as a result.

More than half (56%) of European organisations who always practice Privacy by Design have decreased privacy skills gaps by training non-privacy staff who are interested to move into privacy roles, compared to 44% of those who do not.

A skilled and supported workforce is key to ensuring Privacy by Design is achievable. The biggest skills gaps reported by European organisations are experience with different types of technologies and/or applications (62%); technical expertise (49%); and IT operations knowledge and skills (45%).

To combat the skills gap and wider privacy challenges they are facing, 47% of European organisations offer training to allow non-privacy staff to move into privacy roles. Experience is key to filling the skills gap: 95% of respondents consider compliance and legal experience an important factor in determining if a privacy candidate is qualified, and 89% consider credentials important, compared with only 54% for a university degree.

Dimitriadis continues: “Practicing Privacy by Design and embedding privacy across an entire enterprise is key to long-term data protection. Such a comprehensive approach fosters trust with stakeholders and safeguards against ever-evolving threats – but this isn’t possible without skilled privacy teams who feel prepared and able to drive privacy practices from a technology, business and compliance point of view.

“There are several ways to plug the skills gap. Providing training and continuous support for privacy staff on emerging technologies, privacy-enhancing technologies, cybersecurity and data protection architectures on top of legal compliance knowledge is essential for managing their stress and maintaining organisational resilience.”

Notes to Editors

All figures are based on fieldwork conducted by ISACA between 13 September and 30 September 2024 amongst 1,603 global respondents working in privacy, of which 351 are located in Europe.

About ISACA

ISACA® (www.isaca.org) is a global community advancing individuals and organizations in their pursuit of digital trust. For more than 50 years, ISACA has equipped individuals and enterprises with the knowledge, credentials, education, training and community to progress their careers, transform their organizations, and build a more trusted and ethical digital world. ISACA is a global professional association and learning organization that leverages the expertise of its 180,000 members who work in digital trust fields such as information security, governance, assurance, risk, privacy and quality. It has a presence in 188 countries, including 225 chapters worldwide. Through the ISACA Foundation, ISACA supports IT education and career pathways for underresourced and underrepresented populations.

Twitter: www.twitter.com/ISACANews
LinkedIn: www.linkedin.com/company/isaca
Facebook: www.facebook.com/ISACAGlobal
Instagram: www.instagram.com/isacanews