.jpg?1737474969)
According to a recent ISACA report, 63% of privacy professionals say their role is more stressful now than it was five years ago. Thirty-four percent say that it is significantly more stressful. They cite the main causes of this stress as the rapid evolution of technology (63%), compliance challenges (61%) and resource shortages (59%).
When it comes to resources, 43% indicate their privacy budget is underfunded, and 48% expect a budget decrease in the next year. Regarding staff, respondents are finding it tough to hire expert-level privacy professionals, with 73% indicating they are the most difficult privacy employees to hire. Respondents also provided insights into their most common privacy failures, listing lack of training or poor training (47%), data breaches (42%), and not practicing privacy by design (41%) in the top three.
While the median privacy staff size declined slightly from the previous year (eight this year compared to nine the prior), fewer survey respondents reported that their privacy teams are understaffed. This includes technical privacy roles — with understaffing reported at 54% in 2024 compared to 46% in 2025 — and legal/compliance roles — with understaffing reported at 44% in 2024 compared to 38% in 2025.
Additionally, 74% of respondents report privacy strategy is aligned with organizational objectives, and over half (57%) believe the board of directors has adequately prioritized their organization’s privacy. Enterprises are taking compliance seriously, with 82% of respondents indicating they use a framework or law/regulation to manage privacy, and 68% saying it is mandatory to address privacy with documented policies and procedures.
Most respondents also do not believe they are experiencing more privacy breaches this year compared to last year, and 29% believe it is unlikely they will experience a material privacy breach in the next 12 months.
More respondents also reported using artificial intelligence (AI) for privacy-related tasks this year (11%) than last year (8%). Additionally, 36% of respondents say they plan to use AI for this purpose in the next 12 months, compared to 28% who said the same last year. The use of AI for this purpose was also found to be higher in enterprises that were not purely compliance-driven, with 14% of those in enterprises with boards that viewed privacy ethically or as a competitive advantage using AI for privacy-related tasks, compared with 9% from enterprises with boards that view privacy programs as compliance-driven. This use of AI was also higher among enterprises that regularly practice privacy by design, with 18% of those who indicate they always practice privacy by design reporting that they are using AI for privacy work.
