ISACA surveyed more than 1,890 professionals worldwide who hold security, privacy, IT management, audit practitioner/management, risk practitioner, legal/compliance practitioner, and data privacy officer roles to learn how enterprises are approaching digital trust. 96 respondents were from India. In the face of growing cybersecurity threats, about 72% of respondents across Indian organizations foresee hiring for legal/compliance roles and technical privacy roles going up in the next year.
Skill gaps continue to impact the privacy staffing needs of organizations. A large number of organizations have unfilled (open) privacy positions across legal/compliance as well as technical privacy domains. As many as 35% and 44% of respondents based in India, respectively, acknowledge privacy roles remaining unfilled in legal/compliance positions and technical privacy positions. Lack of expertise and talent shortage in the cybersecurity and privacy space also sees organizations struggle to close open positions across levels over a longer time.
About 34% of Indian respondents say it takes their organizations three to six months to fill legal compliance positions. For legal/compliance roles (12% of respondents) and technical privacy positions (15% of respondents), the time taken to fill open positions in privacy roles at times stretches beyond six months. It’s no surprise that the lack of competent resources (44%) proves to be the biggest challenge for organizations in devising an effective privacy program. Other barriers include a complex international legal and regulatory landscape (40%), and a lack of executive or business support (39%).
Widening skill gaps
While making hiring decisions for privacy candidates, the top three qualification factors are compliance/legal experience (77%), prior hands-on experience in a privacy role (73%), and technical experience (69%). Hires aspiring to fill various privacy roles, are found to lack both technical and soft skills.
Organizations in India looking to fill privacy positions, see the biggest skill gaps in the professionals in the top five areas namely, experience with different types of technologies and/or applications (71%), experience with frameworks and/or controls (58%), understanding the laws and regulations to which the organization is subject (52%), technical expertise (50%), and business insight (44%).
Upskilling and training privacy professionals
Indian organizations are addressing internal privacy skill gaps with a combination of actions—Training to allow non-privacy staff who are interested to move into privacy roles (68%), increased use of performance-based training to attest to actual skill mastery (42%), increased reliance on credentials to attest to actual subject matter expertise (41%), and increased reliance on artificial intelligence or automation (36%).
In the face of growing cybersecurity threats both internal and external as well as increasing incidents of data thefts and breaches, organizations’ privacy budgets are going to see an increase over the next year.