Privacy pros stressed by cuts & regulatory demands

Privacy professionals are experiencing heightened stress levels due to budget restrictions, resource shortages, and regulatory changes, as revealed by ISACA's State of Privacy 2025 report.

The study, which surveyed over 1,600 privacy professionals globally, indicates that 63% feel their job is more stressful than five years ago, with 34% reporting significant stress increase. The rapid pace of technological change (63%), compliance challenges (61%), and resource shortages (59%) were identified as key stress factors.

Privacy professionals face several obstacles, with complex international legal landscapes (38%), lack of skilled resources (37%), and managing risk with new technology (36%) outlined as primary concerns. Budget constraints are also prevalent, as 43% of respondents report inadequate funding, while 48% anticipate budget decreases next year.

The difficulty in hiring expert-level privacy professionals exacerbates the issue, with 73% of respondents finding such hires challenging. Additionally, there is a lack of confidence in the capacity of privacy teams to ensure data privacy and regulatory compliance, with only 44% expressing sufficient confidence.

Jo Stewart-Rattray, Oceania Ambassador for ISACA, highlighted the pressures on privacy professionals due to financial constraints and heightened demands. "Privacy professionals are feeling the strain of shrinking budgets and increasing demands, all while grappling with regulatory changes and resource shortages," she remarked. "Greater investment in privacy teams, training, and tools is essential to help organisations meet their responsibility to protect data and maintain trust."

While confronting these difficulties, respondents acknowledged several common privacy failures, such as insufficient training (47%), data breaches (42%), and not practising privacy by design (41%).

Nevertheless, the research identified some positive trends. Slightly fewer survey participants reported understaffed privacy teams this year, with technical and legal roles showing improvement compared to the previous year.

There is also a strong alignment between privacy strategies and organisational objectives, as reported by 74% of respondents, with over half indicating that their board of directors has adequately prioritised privacy.

Organisations are taking compliance seriously, with 82% of respondents managing privacy through formal frameworks or regulations and 68% mandating documented policies and procedures.

Despite ongoing concerns, a majority of respondents do not believe privacy breaches have increased this year, and 29% see a material privacy breach as unlikely within the next year.

Emphasising privacy by design continues to differentiate enterprises. For instance, 67% of respondents advocate for this integrative approach, noting its impact on confidence in privacy teams and operational staffing.

Safia Kazi, ISACA Principal of Privacy Professional Practices, emphasised the importance of incorporating privacy into business objectives: "When privacy is aligned with business objectives, integrated into the enterprise with a privacy by design approach, and viewed as both an ethical and compliance responsibility, organisations stand to gain tremendous value."

Use of artificial intelligence for privacy-related tasks increased slightly, with 11% of respondents using AI this year compared to 8% the previous year. The utilisation of AI was more prevalent among enterprises prioritising privacy ethically or as a competitive advantage, as well as those consistently applying privacy by design principles.