Privacy is a critical component of digital trust as it contributes to a more positive reputation and fewer cybersecurity incidents for the companies that prioritize it. However, the 2023 Privacy in Practice report, published by the Information Systems Audit and Control Association (ISACA), indicates that 87% of organizations in Europe offer privacy awareness training to employees, yet 94% of companies acknowledge a privacy skills gap within their businesses.

The report explores the state of enterprise privacy by examining trends around privacy teams, privacy-related challenges, privacy by design and the future of privacy. It reveals that more than half (59%) of technical privacy teams in Europe are understaffed. Building these departments is a challenge, with 1 in 5 businesses saying it takes them more than six months to fill a technical privacy position and 41% saying their privacy budgets are underfunded.

The most reported privacy failures include a lack of training or poor training (49%), data breaches (38%) and not practicing privacy by design (39%). With just 38% of business leaders confident in their organization’s ability to ensure the privacy of its sensitive data, businesses need to change their approach to closing the privacy skills gap or risk jeopardizing their relationships with customers and damaging the reputation of the business.

ISACA’s Privacy in Practice report is available here.