TZUTC: -0500   
   MSGID: 525.consprcy@1:2320/105 2c400ae8   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Privacy must be a business priority: the urgent need for investment and action   
      
   Date:   
   Tue, 18 Mar 2025 15:07:02 +0000   
      
   Description:   
   Without proper investment and support, privacy teams are struggling, and   
   businesses are exposed to unnecessary risks.   
      
   FULL STORY   
   ======================================================================   
      
   As the digital landscape evolves, data protection must become a governing   
   business principle. Despite its significance, however, privacy professionals   
   feel they are working in underfunded teams, leaving their organizations   
   vulnerable to security breaches. Without proper investment and support,   
   privacy teams are struggling, and businesses are exposed to unnecessary    
   risks.    
      
   While new legislation has initiated pathways to address these issues,   
   achieving compliance remains a struggle for overstretched workforces.   
   Meanwhile, threats are continuing to evolve, and professionals are struggling   
   to keep pace with adversaries. It is vital that business leaders begin to   
   approach privacy not just as a compliance requirement, but as a strategic   
   imperative.   
      
   The current privacy landscape: why businesses must take action    
      
   The importance of privacy goes beyond the legal requirements  it is a   
   fundamental element of business integrity and customer trust with financial   
   and reputational ramifications for all organizations. Impacts of improperly   
   protected data extend across entire supply chains and affect stakeholders at   
   every level, from executives to customers.    
      
   But the findings of ISACAs new State of Privacy 2025 research highlight   
   concerning trends for the landscape of privacy operations. Worryingly, just   
   38% of European professionals feel confident in their organization's ability   
   to safeguard sensitive data.    
      
   This raises serious concerns for businesses, suggesting that vast amounts of   
   data are potentially exposed to cybercriminals, fueling threats such as   
   ransomware attacks. The exchange of personal data has become entrenched in   
   modern business operations, so weak protective frameworks leading to data   
   exposure can undermine business credibility and create distrust in client   
   relationships. This is hugely damaging for a business's bottom line.    
      
   So, whats driving this crisis of confidence among privacy professionals? The   
   research reveals some concerning statistics. 45% of professionals believe   
   their organization's privacy budget is underfunded, a rise of 4% from 2024.   
   And things arent set to improve anytime soon, with over half (54%) of the   
   respondents predicting further budget cuts within the next year.    
      
   This severe underfunding is taking a direct toll on staffing. 52% of    
   technical privacy teams report being understaffed and over a third (37%) are   
   struggling to retain qualified privacy professionals. Its clear that a lack    
   of investment is the core issue here  but whilst these cost-cutting measures   
   may yield short-term financial gains, the long-term risks are substantial.    
      
   And privacy professionals are not just negatively impacted by a lack of   
   funding. Their situation is exacerbated by the complexities and evolution of   
   the current threat landscape. Bad actors are escalating data attacks against   
   both private and public sector organizations, and cyber criminals are also   
   using AI to increase the sophistication of attacks by co-opting the    
   technology to write code that bypasses existing defenses. Working within this   
   environment, it is unsurprising that two thirds (66%) of professionals   
   surveyed said their job is more stressful now compared to five years ago.    
      
   The digital world is rapidly changing but is also increasingly ubiquitous   
   throughout workplaces. Business leaders must acknowledge the challenges their   
   privacy teams are facing as a first step towards implementing meaningful   
   solutions.   
      
   Regulation and compliance: challenges and opportunities    
      
   The regulatory landscape continues to develop. In the last year, we have seen   
   some key milestones including the EU AI Act and the one-year mark of the   
   Corporate Code of Governance. In addition, seven years on from its   
   introduction, the General Data Protection Regulation in Europe is continuing   
   to have positive impacts on data protection.    
      
   These regulations provide a helpful framework for organizations to reassess   
   how they interact with privacy at a fundamental level. In many cases it is no   
   longer a choice, but a legal business demand. Theres no doubt that these   
   regulations are a critical step towards creating resilient data protection   
   across networks .    
      
   However, ISACAs research has found that only 24% of European organizations    
   are always practicing Privacy by Design, meaning many businesses risk falling   
   short of compliance with GDPR and new frameworks like the Digital Services    
   Act and AI Act.    
      
   Organizations who always practice Privacy by Design have seen tangible   
   benefits. They report stronger teams, with 43% of technical privacy teams   
   adequately staffed, compared to just 33% in businesses who do not practice   
   Privacy by Design.    
      
   As a result, 58% of those always practicing are highly confident in their   
   teams. Additionally, they are making crucial strides in closing the privacy   
   skills gap  in fact, 56% provide training for non-privacy staff looking to   
   transition into the field, compared to 44% in organizations who do not   
   practice Privacy by Design.    
      
   However, compliance is not always straightforward. As established, many   
   privacy teams are already working beyond their capacities due to chronic   
   underfunding, making it difficult to meet regulatory requirements    
   effectively. While regulations provide a useful framework for businesses,    
   even the strongest guidelines become powerless without a trained workforce to   
   implement them.    
      
   To achieve compliance and maintain strong privacy standards, organizations   
   must first address structural challenges  starting with increased investment   
   in privacy staff, ensuring their access to comprehensive training and   
   resources.   
      
   AIs role in privacy: promise and perils    
      
   In recent years, AI has had a transformative impact on workplaces across many   
   sectors. As AI continues to rapidly evolve, its role in current and future   
   business practices cannot be overstated. What organizations must do now,   
   however, is strategically consider how best to fully reap its benefits in a   
   safe and effective way  and how to mitigate its risks.    
      
   Privacy professionals are already incorporating AI into their work. According   
   to Microsoft, 75% of global knowledge workers are using AI at work. The   
   technology can offer significant advantages to overstretched professionals by   
   speeding up processes and automating routine tasks. It also reduces human   
   error, enhancing accuracy and efficiency in privacy management.    
      
   However, businesses must deploy AI with caution, as it cannot replace skilled   
   professionals. Instead, it's true potential lies in enhancing productivity    
   and enabling professionals to work more efficiently. Highly trained cyber   
   teams should be involved at every stage of AI utilization to ensure the   
   technology is used safely.    
      
   The bottom line is that safe implementation of AI within privacy work is   
   paramount and, to fully leverage AIs potential, professionals must receive   
   adequate training on it to ensure responsible and effective use.    
      
   In addition, as AI technologies have become more accessible in workplaces,   
   they are also increasingly open to cyber criminals who use AI for malicious   
   purposes. Specifically, AI increases the sophistication of cyberattacks such   
   as phishing, making them harder to detect.    
      
   With language models capable of flawlessly replicating human speech,   
   cybercriminals can create highly convincing scams to deceive their targets.   
   From a privacy perspective, it is crucial that businesses are trained to keep   
   pace with bad actors to identify and counter these attacks and prevent   
   important data from being compromised.   
      
   What businesses must do now    
      
   Privacy professionals are facing a litany of challenges, but there are three   
   key steps businesses should take to help their privacy teams and ensure they   
   can work effectively.    
      
   Firstly, to alleviate the understaffing crisis, closing the skills gap is   
   crucial. Nearly half (47%) of European organizations are already training   
   non-privacy staff to transition into privacy roles. We know that credentials   
   and hands-on experience are more important for cyber professionals than   
   degrees, so upskilling is both valuable and accessible with the right   
   investment. Providing proper funding for training in these area such as   
   technical expertise and IT operations knowledge can strengthen the workforce   
   and build long-term resilience.    
      
   Organizations must also ensure that they are embracing and capitalizing on    
   new technologies like AI, which can increase efficiency in the workplace. By   
   investing in training for privacy professionals to use this to their   
   advantage, processes can be streamlined to free up precious resources but    
   also be used safely. However, AI must be seen as an enhancement tool, not a   
   replacement for skilled professionals. This technology is only as effective    
   as the individuals trained to use it responsibly.    
      
   Thirdly, businesses must undertake an active role in prioritizing privacy   
   within their organizations. Addressing the skills gap will help, as   
   holistically trained professionals can not only identify and implement the   
   right frameworks and controls, but link them to business value, unlocking   
   budgets related to increasing competitiveness of products and serving    
   customer trust.    
      
   With new and ongoing threats complicating the challenge of data protection   
   and with it becoming progressively urgent  business leaders must invest in   
   privacy teams and fold privacy & data protection into their overarching   
   business strategies in order to avoid costly repercussions in the future.    
      
   Privacy is no longer just a compliance checkbox  it is a business necessity.   
   Organizations which fail to invest in privacy risk reputational damage,   
   regulatory penalties, and loss of customer trust. Business leaders must act   
   now by investing in people, processes, and technologies to build a resilient   
   and forward-thinking privacy strategy.    
      
    This article was produced as part of TechRadarPro's Expert Insights channel   
   where we feature the best and brightest minds in the technology industry   
   today. The views expressed here are those of the author and are not   
   necessarily those of TechRadarPro or Future plc. If you are interested in   
   contributing find out more here:   
   https://www.techradar.com/news/submit-your-story-to-techradar-pro   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/privacy-must-be-a-business-priority-the-urgent-n   
   eed-for-investment-and-action   
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426