Some 94% of European organizations are struggling to find skilled practitioners to take up crucial privacy-related roles, according to new research from professional association ISACA.
The IT audit and governance body polled 375 privacy professionals across the region in Q4 2022, as part of a wider global study: Privacy in Practice.
It found that, although European businesses recognize the importance of privacy, with 87% offering awareness training to employees, most also admit having skills gaps.
The report revealed that over half (59%) of technical privacy teams in Europe are understaffed. ISACA claimed that addressing the problem is tricky, with a fifth of respondents saying it takes over six months to fill such roles, and twice that number (41%) complaining of insufficient privacy budgets.
This could be having a serious impact on those same organizations.
Half (49%) of respondents cited poor training as a major privacy failure, two-fifths (38%) pointed to data breaches and a similar number (39%) to not practicing privacy by design – a key part of the GDPR.
A report from DLA Piper out yesterday revealed that the value of GDPR fines increased 168% year-on-year in 2022, to over $3bn.
Yet despite the obvious financial and reputational impact of a serious breach, only 38% of business leaders are confident in their organization’s ability to protect sensitive data, ISACA warned.
Chris Dimitriadis, global chief strategy officer at ISACA, argued that privacy professionals play a key role in establishing digital trust between organizations and their customers and other stakeholders.
“As technology advances, introducing new complexities and threats and as the cyber-threat landscape increases in size and sophistication, demand for these individuals is only going to grow. Heightened privacy skills demand is good news for candidates with privacy technology knowledge but also bad news for businesses that are struggling to close the privacy skills gap,” he added.
“As our new research highlights, businesses need to consider changing their training programmes and adopt privacy by design to limit the number of privacy breaches, build digital trust and set the business up for long term success.”