ISACA’s State of Privacy 2025 report highlights trends in the industry around staffing, collaboration and increasing demands on privacy teams. There are several implications for privacy leaders and, as you will see, abundant opportunity to identify actionable insights when building an innovative privacy program.
Staffing Concerns
Privacy programs require a unique blend of expertise in law, compliance and technology. The report illustrates how uncommon it is for “unicorn” staff to have mastery in all three areas. Technical privacy skills are in high demand, as 62% of respondents said the demand for technical privacy roles would increase next year versus 55% who listed the demand for legal/compliance expertise. This may reflect a shift toward an operational need to apply technical solutions.
The number one skill gap identified among 61% of respondents was “experience with different types and/or applications,” underscoring this trend. Because the primary reason for workplace stress was rapid technology evolution, it is prudent for privacy officers to inquire with staff about their learning goals and obtain executive buy-in for workforce training. Training can be formalized through supporting staff in ongoing certifications but an overlooked avenue is training offered by current vendors on the technologies you regularly use. Vendors have a vested interest in helping your privacy teams utilize the full potential of their platforms.
Year over year, staffing for privacy teams remained flat or slightly decreased. This may be a factor in some anxieties about managing the growth of the program, which we will explore more later.
Collaboration and Opportunity
Privacy is a function that touches almost every department within an organization, but it must lead with influence in most cases, absent a strong mandate from executive leadership. Unsurprisingly, the most common point of collaboration (78%) is with information security, but buried in the detail is perhaps an emerging opportunity as only 27% of respondents had frequent interaction with sales and marketing.
This may reflect a compliance-centric view toward privacy, but I would like to challenge privacy professionals to reframe their work in terms of building a trustworthy brand. The specifics will vary by organization and industry, but consider the shift in influence and outcomes if you collaborate closely with sales and marketing to become the most trusted brand in your sector. Of any statistic in this report, this one in my view highlights the greatest opportunity in our privacy program development.
On the plus side, the perception from respondents is that one-third of their boards of directors regard privacy as a competitive advantage.
Growing Needs
It's no surprise that demands on privacy teams are growing, whether driven by market expectations or expanding privacy regulation. For example, 35% of respondents said the number of data subject requests they received increased in the past year. This trend, seen year over year, undoubtedly influences our ability to run a quality privacy program. Collectively, we aren’t feeling confident as only 40% of respondents felt completely or very confident in their organization’s ability to ensure the privacy of its sensitive data.
The silver lining is that reported confidence doesn’t correlate with organization size, which suggests that quality privacy programs can be accomplished in small and larger organizations alike when they have strong executive support.
Let’s Unlock Privacy Resources
Given relatively flat growth in staffing, a high bar for technical talent and unease among privacy leaders about managing growth, something may need to change for privacy programs to meet the challenges of the modern landscape. Artificial intelligence may help, but adoption of AI is gradual, having moved from 8% to only 11% of respondents who are using it in their privacy programs. Artificial intelligence could help privacy teams in several ways, such as anonymizing data sets, searching records for data subject requests and revising policies or procedures. The technical skills gap may be a contributing factor to this slow adoption.
I’m nonetheless optimistic about where our privacy programs can go. Boards of directors want privacy to serve as a strategic competitive advantage and historically we have not “sold” the value of our programs within sales and marketing as part of our sales portfolio. Privacy programs need more resources to thrive, but perhaps greater collaboration within our organizations may unlock resources to meet the future demands.
