Privacy must be a business priority: the urgent need for investment and action

Date:
Tue, 18 Mar 2025 15:07:02 +0000

Description:
Without proper investment and support, privacy teams are struggling, and businesses are exposed to unnecessary risks.

FULL STORY ======================================================================

As the digital landscape evolves, data protection must become a governing business principle. Despite its significance, however, privacy professionals feel they are working in underfunded teams, leaving their organizations vulnerable to security breaches. Without proper investment and support,
privacy teams are struggling, and businesses are exposed to unnecessary
risks.

While new legislation has initiated pathways to address these issues,
achieving compliance remains a struggle for overstretched workforces. Meanwhile, threats are continuing to evolve, and professionals are struggling to keep pace with adversaries. It is vital that business leaders begin to approach privacy not just as a compliance requirement, but as a strategic imperative.

The current privacy landscape: why businesses must take action

The importance of privacy goes beyond the legal requirements it is a fundamental element of business integrity and customer trust with financial
and reputational ramifications for all organizations. Impacts of improperly protected data extend across entire supply chains and affect stakeholders at every level, from executives to customers.

But the findings of ISACAs new State of Privacy 2025 research highlight concerning trends for the landscape of privacy operations. Worryingly, just
38% of European professionals feel confident in their organization's ability
to safeguard sensitive data.

This raises serious concerns for businesses, suggesting that vast amounts of data are potentially exposed to cybercriminals, fueling threats such as ransomware attacks. The exchange of personal data has become entrenched in modern business operations, so weak protective frameworks leading to data exposure can undermine business credibility and create distrust in client relationships. This is hugely damaging for a business's bottom line.

So, whats driving this crisis of confidence among privacy professionals? The research reveals some concerning statistics. 45% of professionals believe
their organization's privacy budget is underfunded, a rise of 4% from 2024.
And things arent set to improve anytime soon, with over half (54%) of the respondents predicting further budget cuts within the next year.

This severe underfunding is taking a direct toll on staffing. 52% of
technical privacy teams report being understaffed and over a third (37%) are struggling to retain qualified privacy professionals. Its clear that a lack
of investment is the core issue here but whilst these cost-cutting measures may yield short-term financial gains, the long-term risks are substantial.

And privacy professionals are not just negatively impacted by a lack of funding. Their situation is exacerbated by the complexities and evolution of the current threat landscape. Bad actors are escalating data attacks against both private and public sector organizations, and cyber criminals are also using AI to increase the sophistication of attacks by co-opting the
technology to write code that bypasses existing defenses. Working within this environment, it is unsurprising that two thirds (66%) of professionals
surveyed said their job is more stressful now compared to five years ago.

The digital world is rapidly changing but is also increasingly ubiquitous throughout workplaces. Business leaders must acknowledge the challenges their privacy teams are facing as a first step towards implementing meaningful solutions.

Regulation and compliance: challenges and opportunities

The regulatory landscape continues to develop. In the last year, we have seen some key milestones including the EU AI Act and the one-year mark of the Corporate Code of Governance. In addition, seven years on from its introduction, the General Data Protection Regulation in Europe is continuing
to have positive impacts on data protection.

These regulations provide a helpful framework for organizations to reassess
how they interact with privacy at a fundamental level. In many cases it is no longer a choice, but a legal business demand. Theres no doubt that these regulations are a critical step towards creating resilient data protection across networks .

However, ISACAs research has found that only 24% of European organizations
are always practicing Privacy by Design, meaning many businesses risk falling short of compliance with GDPR and new frameworks like the Digital Services
Act and AI Act.

Organizations who always practice Privacy by Design have seen tangible benefits. They report stronger teams, with 43% of technical privacy teams adequately staffed, compared to just 33% in businesses who do not practice Privacy by Design.

As a result, 58% of those always practicing are highly confident in their teams. Additionally, they are making crucial strides in closing the privacy skills gap in fact, 56% provide training for non-privacy staff looking to transition into the field, compared to 44% in organizations who do not
practice Privacy by Design.

However, compliance is not always straightforward. As established, many
privacy teams are already working beyond their capacities due to chronic underfunding, making it difficult to meet regulatory requirements
effectively. While regulations provide a useful framework for businesses,
even the strongest guidelines become powerless without a trained workforce to implement them.

To achieve compliance and maintain strong privacy standards, organizations
must first address structural challenges starting with increased investment
in privacy staff, ensuring their access to comprehensive training and resources.

AIs role in privacy: promise and perils

In recent years, AI has had a transformative impact on workplaces across many sectors. As AI continues to rapidly evolve, its role in current and future business practices cannot be overstated. What organizations must do now, however, is strategically consider how best to fully reap its benefits in a safe and effective way and how to mitigate its risks.

Privacy professionals are already incorporating AI into their work. According to Microsoft, 75% of global knowledge workers are using AI at work. The technology can offer significant advantages to overstretched professionals by speeding up processes and automating routine tasks. It also reduces human error, enhancing accuracy and efficiency in privacy management.

However, businesses must deploy AI with caution, as it cannot replace skilled professionals. Instead, it's true potential lies in enhancing productivity
and enabling professionals to work more efficiently. Highly trained cyber
teams should be involved at every stage of AI utilization to ensure the technology is used safely.

The bottom line is that safe implementation of AI within privacy work is paramount and, to fully leverage AIs potential, professionals must receive adequate training on it to ensure responsible and effective use.

In addition, as AI technologies have become more accessible in workplaces,
they are also increasingly open to cyber criminals who use AI for malicious purposes. Specifically, AI increases the sophistication of cyberattacks such
as phishing, making them harder to detect.

With language models capable of flawlessly replicating human speech, cybercriminals can create highly convincing scams to deceive their targets. From a privacy perspective, it is crucial that businesses are trained to keep pace with bad actors to identify and counter these attacks and prevent important data from being compromised.

What businesses must do now

Privacy professionals are facing a litany of challenges, but there are three key steps businesses should take to help their privacy teams and ensure they can work effectively.

Firstly, to alleviate the understaffing crisis, closing the skills gap is crucial. Nearly half (47%) of European organizations are already training non-privacy staff to transition into privacy roles. We know that credentials and hands-on experience are more important for cyber professionals than degrees, so upskilling is both valuable and accessible with the right investment. Providing proper funding for training in these area such as technical expertise and IT operations knowledge can strengthen the workforce and build long-term resilience.

Organizations must also ensure that they are embracing and capitalizing on
new technologies like AI, which can increase efficiency in the workplace. By investing in training for privacy professionals to use this to their
advantage, processes can be streamlined to free up precious resources but
also be used safely. However, AI must be seen as an enhancement tool, not a replacement for skilled professionals. This technology is only as effective
as the individuals trained to use it responsibly.

Thirdly, businesses must undertake an active role in prioritizing privacy within their organizations. Addressing the skills gap will help, as holistically trained professionals can not only identify and implement the right frameworks and controls, but link them to business value, unlocking budgets related to increasing competitiveness of products and serving
customer trust.

With new and ongoing threats complicating the challenge of data protection
and with it becoming progressively urgent business leaders must invest in privacy teams and fold privacy & data protection into their overarching business strategies in order to avoid costly repercussions in the future.

Privacy is no longer just a compliance checkbox it is a business necessity. Organizations which fail to invest in privacy risk reputational damage, regulatory penalties, and loss of customer trust. Business leaders must act
now by investing in people, processes, and technologies to build a resilient and forward-thinking privacy strategy.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry
today. The views expressed here are those of the author and are not
necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

======================================================================
Link to news story: https://www.techradar.com/pro/privacy-must-be-a-business-priority-the-urgent-n eed-for-investment-and-action
$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)