Sikov - stock.adobe.com

Cyber skills gap affecting data privacy practice, finds ISACA

Organisations are struggling to fill both legal and technical privacy roles, with potentially damaging consequences, according to a report

Thousands of technical privacy roles are going unfilled all over the world, leaving organisations dangerously exposed to breaches of compliance laws and cyber security incidents, according to an ISACA study marking the annual Data Privacy Day cyber supplier marketing opportunity.

The technology association’s latest Privacy in practice 2022 report draws together data gathered in a survey exercise undertaken towards the end of 2021. It found that 46% of organisations find themselves struggling to fill legal and compliance roles, and 55% technical privacy roles. Additionally, 41% reported that the biggest challenge in forming an organisational privacy plan was a lack of competent resources.

While it is important to note that just 25% actually had open legal and compliance roles, and only 31% had open technical privacy roles, respondents expected that privacy professionals would be in much greater demand in 2022, with 67% anticipating a need for legal and compliance pros, and 72% anticipating a need for technical privacy pros.

“People are an essential component of any privacy program, both the privacy professionals driving the work forward and employees across the enterprise who follow good data privacy practices,” said Safia Kazi, privacy professional practice advisor at ISACA.

“Enterprises need to sufficiently invest in their privacy programmes and teams, not only to retain privacy staff and upskill talent to fill open roles, but to also prioritise privacy training efforts to ensure all employees are supporting privacy initiatives.”

When seeking privacy pros, respondents highlighted compliance and legal experience, prior experience in a privacy role, and technical experience as the key requisites, but they also reported that many candidates lacked these skills.

As a result of this, less than half of respondents said they were very or completely confident in their privacy team’s ability to ensure the organisation’s data protection practice was effective and compliant with national and international laws and standards.

In particular, survey respondents said their organisations had struggled with data incidents occasioned by failure to account for privacy-by-design in apps and services (63%), a lack of training (59%), and bad or non-existent detection of personal data (47%).

“Privacy professionals are vital in driving transparency and accountability across their organisations, and that has never been more important, as more consumers, employees and investors dictate the success of organisations that they do, or don’t, trust,” said Alex Bermudez, privacy manager at OneTrust, which sponsored the ISACA study.

“The role of the privacy professional continues to evolve, with many now taking their organisations on a journey from compliance to building trust as a competitive advantage: helping to make companies stand out based on the values they hold and the commitments they fulfil,” said Bermudez.

“Continuing to monitor the changes in resources, board-level sponsorship, and the positive trajectory of privacy at-large form an important part of a privacy professional’s value, and impact on an organisation.”

Read more about data privacy

Read more on Business continuity planning