Privacy professionals are feeling the heat as they grapple with budget cuts, resource shortages, and ever-changing regulations.

ISACA’s State of Privacy 2025 survey reveals that nearly half (48%) anticipate budget reductions in the coming year, while 73% report that finding expert-level privacy professionals is a significant hiring challenge.

The survey, conducted by ISACA—a global leader in advancing careers within digital trust fields—gathered insights from over 1,600 privacy experts worldwide.

According to the report, 63% of privacy professionals say their roles are more stressful than five years ago, with 34% describing the increase as significant.

The top stressors include the rapid pace of technological change (63%), compliance complexities (61%), and a lack of resources (59%).

A Challenging Landscape

These findings align with what respondents cited as the top three obstacles facing privacy programs:

1.     Complex international legal and regulatory landscape (38 percent)

2.     Lack of competent resources (37 percent)

3.     Management of risks related to new technologies (36 percent)

When it comes to resources, 43 percent indicate their privacy budget is underfunded, and 48 percent expect a budget decrease in the next year.

In terms of staff, respondents are finding it tough to hire expert-level privacy professionals, with 73 percent indicating they are the most difficult privacy employees to hire.

Privacy professionals are facing other difficulties, with only 44 percent confident that their organisation’s privacy team can ensure data privacy and achieve compliance with new privacy laws and regulations.

Additionally, only 33 percent of organisations find it easy to understand privacy obligations, with 23 percent considering it difficult.

Respondents also provided insights into their most common privacy failures, listing lack of training or poor training (47 percent), data breaches (42 percent), and not practicing privacy by design (41 percent) in the top three.

Jo Stewart-Rattray, Oceania Ambassador for ISACA, said the findings reveal significant challenges for organisations globally and in our region. 

“Privacy professionals are feeling the strain of shrinking budgets and increasing demands, all while grappling with regulatory changes and resource shortages,” said Ms Stewart-Rattray. 

“Greater investment in privacy teams, training and tools is essential to help organisations meet their responsibility to protect data and maintain trust”

“With almost half of privacy professionals anticipating budget cuts and many struggling to recruit skilled staff, organisations need to act now”

“Prioritising robust privacy frameworks and embedding strong practices into daily operations will enable companies to better safeguard data, meet compliance requirements and strengthen customer trust.”

Bright Spots

In spite of these challenges, the research revealed some encouraging findings as well. While the median privacy staff size declined slightly from the previous year (eight this year compared to nine the prior), fewer survey respondents reported that their privacy teams are understaffed.

This includes technical privacy roles—with understaffing reported at 54 percent in 2024 compared to 46% in 2025—and legal/compliance roles—with understaffing reported at 44 percent in 2024 compared to 38 percent in 2025.

Additionally, 74 percent of respondents report privacy strategy is aligned with organisational objectives, and over half (57 percent) believe the board of directors has adequately prioritised their organisation’s privacy.

Enterprises are taking compliance seriously, with 82 percent of respondents indicating they use a framework or law/regulation to manage privacy, and 68 percent saying it is mandatory to address privacy with documented policies and procedures.

Most respondents also do not believe they are experiencing more privacy breaches this year compared to last year, and 29 percent believe it is unlikely they will experience a material privacy breach in the next 12 months.

Privacy by Design as a Differentiator

The survey shows that privacy by design remains a key differentiator, with 67% of respondents integrating it into the entire engineering process for new applications and services.

The survey found that enterprises that always practice privacy by design are more likely to:

• Have high confidence in their privacy teams (68% versus 41%)
  
• Believe their technical privacy area is appropriately staffed (50% versus 40%)
  
• Have decreased privacy skills gaps by training non-privacy staff for privacy roles (57% versus 48%)
  
• Believe their boards of directors prioritise privacy (80% versus 57% total)
  

AI’s Evolving Role

More respondents also reported using artificial intelligence (AI) for privacy-related tasks this year (11 percent) than last year (8 percent).

AI usage for privacy tasks is higher in enterprises prioritising ethics or competitive advantage, with 14% adopting it, compared to 9% in compliance-driven organisations.

This use of AI was also higher among enterprises that regularly practice privacy by design, with 18 percent of those who indicate they always practice privacy by design reporting that they are using AI for privacy work. 

“When privacy is aligned with business objectives, integrated into the enterprise with a privacy by design approach, and viewed as both an ethical and compliance responsibility, organisations stand to gain tremendous value,” says Safia Kazi, ISACA Principal, Privacy Professional Practices.

“Enterprises must continue to prioritise and advance their privacy programs—leveraging the right emerging technology, frameworks, training and best practices for them—to keep pace.”

ISACA’s State of Privacy 2025 report highlights mounting challenges for privacy professionals, from budget cuts and hiring difficulties to increasing job stress, underscoring the growing pressure to safeguard data and ensure compliance.