ISACA Privacy in Practice 2024

Keypoints

• Most major cybersecurity vendors publish comprehensive annual reports structured into sections such as executive summaries, staffing trends, privacy operations, compliance, privacy by design, breaches, and future outlooks, providing a holistic view of the cybersecurity landscape.
• These reports typically include key statistics, such as the median privacy team size (~9 employees), and highlight evolving trends like the growing difficulty in hiring expert privacy professionals and persistent understaffing issues, especially in technical roles.
• Notable findings emphasize that privacy teams face challenges due to limited resources, unclear mandates, and lack of executive support, which hinder effective privacy program development and training efforts.
• Data indicates a concerning trend of declining privacy budgets, with a significant portion of organizations expecting budgets to decrease in the coming year, potentially impacting their ability to comply with regulations and implement privacy initiatives.
• Across all vendor reports, there is a recurring emphasis on the increasing importance of privacy by design, cross-department collaboration, and the role of boards in prioritizing privacy; however, budgets and staffing remain constrained.
• Shift in priorities shows a rise in organizations viewing privacy as a compliance necessity or ethical imperative, with less focus on leveraging artificial intelligence, which remains underutilized due to staffing and risk concerns.
• Overall, the cybersecurity landscape reflected in these reports underlines the need for organizations to enhance privacy resources, strengthen leadership engagement, and adapt to evolving regulatory and technological environments in 2024.