SCHAUMBURG, Ill.: #isaca--Despite progress made in privacy staffing and strategy alignment, privacy professionals are feeling increasingly stressed on the job within a complex compliance and risk landscape, according to new research from ISACA.

ISACA’s State of Privacy 2025 survey report, reflecting insights from more than 1,600 global professionals worldwide, found that 63 percent of privacy professionals say their role is more stressful now than it was five years ago, with 34 percent indicating it is significantly more stressful. They cite the main causes of this stress as the rapid evolution of technology (63 percent), compliance challenges (61 percent) and resource shortages (59 percent).

A Challenging Landscape

These findings align with what respondents cited as the top three obstacles facing privacy programs:

When it comes to resources, 43 percent indicate their privacy budget is underfunded, and 48 percent expect a budget decrease in the next year. Regarding staff, respondents are finding it tough to hire expert-level privacy professionals, with 73 percent indicating they are the most difficult privacy employees to hire.

Respondents also provided insights into their most common privacy failures, listing lack of training or poor training (47 percent), data breaches (42 percent), and not practicing privacy by design (41 percent) in the top three.

“In an increasingly complex international regulatory environment, often with lackluster resources, it is understandable that many privacy professionals are feeling strain from their efforts to stay compliant and keep their organizations’ data safe,” says Niel Harper, ISACA board vice chair and Chief Information Security Officer & Data Protection Officer at Doodle. “Addressing these challenges and getting practitioners the support they need will be vital to not only ensure a healthy privacy workforce, but also to maintain data integrity and security, and avoid potential harm to data subjects.”

Bright Spots

In spite of these challenges, the research revealed some encouraging findings as well. While the median privacy staff size declined slightly from the previous year (eight this year compared to nine the prior), fewer survey respondents reported that their privacy teams are understaffed. This includes technical privacy roles—with understaffing reported at 54 percent in 2024 compared to 46 percent in 2025—and legal/compliance roles—with understaffing reported at 44 percent in 2024 compared to 38 percent in 2025.

Additionally, 74 percent of respondents report privacy strategy is aligned with organizational objectives, and over half (57 percent) believe the board of directors has adequately prioritized their organization’s privacy.

Enterprises are taking compliance seriously, with 82 percent of respondents indicating they use a framework or law/regulation to manage privacy, and 68 percent saying it is mandatory to address privacy with documented policies and procedures.

Most respondents also do not believe they are experiencing more privacy breaches this year compared to last year, and 29 percent believe it is unlikely they will experience a material privacy breach in the next 12 months.

Privacy by Design as a Differentiator

The survey findings, as in past years, indicate that practicing privacy by design sets enterprises apart. Sixty-seven percent of respondents indicate that they practice privacy by design when building new applications and services. The survey found that enterprises that always practice privacy by design are more likely to:

• Have high confidence in their privacy teams (68 percent versus 41 percent total)
• Believe their technical privacy area is appropriately staffed (50 percent versus 40 percent total)
• Have decreased privacy skills gaps by training non-privacy staff for privacy roles (57 percent versus 48 percent total)
• Believe their boards of directors prioritize privacy (80 percent versus 57 percent total)

AI’s Evolving Role

More respondents also reported using artificial intelligence (AI) for privacy-related tasks this year (11 percent) than last year (8 percent). Additionally, 36 percent of respondents say they plan to use AI for this purpose in the next 12 months, compared to 28 percent who said the same last year. The use of AI for this purpose was also found to be higher in enterprises that were not purely compliance-driven, with 14 percent of those in enterprises with boards that viewed privacy ethically or as a competitive advantage using AI for privacy-related tasks, compared with 9 percent from enterprises with boards that view privacy programs as compliance-driven. This use of AI was also higher among enterprises that regularly practice privacy by design, with 18 percent of those who indicate they always practice privacy by design reporting that they are using AI for privacy work.

Access a complimentary copy of the report and other related content at www.isaca.org/state-of-privacy.

About ISACA

For more than 50 years, ISACA® (www.isaca.org) has equipped individuals and enterprises with the knowledge, credentials, education, training and community to progress their careers, transform their organizations, and build a more trusted and ethical digital world. ISACA leverages the expertise of its 180,000+ members who work in digital trust fields such as information security, governance, assurance, risk, privacy and quality. It has a presence in 188 countries, including 228 chapters worldwide. Through the ISACA Foundation, ISACA supports IT education and career pathways for underresourced and underrepresented populations.

Fonte: Business Wire