Organisations face increased cybersecurity threats and data breach incidents in a connected and digital world. Organizations are increasingly hiring security professionals to ward off growing cybersecurity threats. In the face of growing cybersecurity threats, about 72% of respondents across Indian organizations foresee hiring for legal/compliance roles and technical privacy roles going up in the next year, shows findings from ISACA’s Privacy in Practice survey report.
ISACA surveyed more than 1,890 professionals worldwide who hold security, privacy, IT management, audit practitioner/management, risk practitioner, legal/compliance practitioner, and data privacy officer roles to learn how enterprises approach digital trust. 96 respondents were from India.
Skill gaps continue to impact the privacy staffing needs of organizations. A large number of organizations have unfilled (open) privacy positions across legal/compliance as well as technical privacy domain. As many as 35% and 44% of respondents in India, respectively, acknowledge privacy roles remaining unfilled in legal/compliance and technical privacy positions. Lack of expertise and talent shortage in the cybersecurity and privacy space also sees organizations struggle to close open positions across levels over a longer time.
About 34% of Indian respondents say it takes their organizations three to six months to fill legal compliance positions. For legal/compliance roles (12% of respondents) and technical privacy positions (15% of respondents), the time taken to fill open positions in privacy roles sometimes stretches beyond six months. Unsurprisingly, the lack of competent resources (44%) is the biggest challenge for organizations in devising an effective privacy program. Other barriers include a complex international legal and regulatory landscape (40%), and a lack of executive or business support (39%).
Commenting on the survey and its findings, R.V Raghu, ISACA Ambassador in India and past ISACA board director, says, “Like every other industry and role, the search for a qualified candidate is real and challenging in the privacy space as well. Under threat from cyber and phishing attacks, organizations are increasingly facing a talent crunch as they look to hire qualified privacy professionals.”
“What’s encouraging is that organizations are being proactive in protecting their networks and systems from internal as well as external threats by investing in upskilling and training of their privacy professionals,” he added.
Widening skill gaps
While making hiring decisions for privacy candidates, the top three qualification factors are compliance/legal experience (77%), prior hands-on experience in a privacy role (73%), and technical experience (69%). Hires aspiring to fill various privacy roles, are found to lack technical and soft skills. Organizations in India looking to fill privacy positions, see the biggest skill gaps in the professionals in the top five areas namely, experience with different types of technologies and/or applications (71%), experience with frameworks and/or controls (58%), understanding the laws and regulations to which the organization is subject (52%), technical expertise (50%), and business insight (44%).
Alarmingly, business ethics (28%), and lack of soft skills (communication, flexibility, and leadership) (27%) are other key skill gaps lacking in privacy professionals hires. Taking cognizance of widening skill gaps in potential hires, organizations are increasingly investing in training programs to help their candidates acquire the required skillsets.
Upskilling and training privacy professionals
Indian organizations are addressing internal privacy skill gaps with a combination of actions—Training to allow non-privacy staff who are interested to move into privacy roles (68%), increased use of performance-based training to attest to actual skill mastery (42%), increased reliance on credentials to attest to actual subject matter expertise (41%), and increased reliance on artificial intelligence or automation (36%).
Prioritizing privacy goals
Among all these challenges, one silver lining for organizations in India and the workforce is their top leadership’s complete buy-in on data and consumer privacy being the top focus area for their business. About 68% of respondents believe that their board of directors has adequately prioritized privacy in their organization, 14% think otherwise, and 18% claim not to know of their management’s focus on prioritizing privacy matters.
Again 63% of respondents in India say that their board of directors view their enterprise’s privacy program as a response to meet compliance requirements (to abide by the law of land) and the business’ ethical need to uphold privacy needs irrespective of existing laws and regulations. In the face of growing cybersecurity threats both internal and external as well as increasing incidents of data thefts and breaches, organizations’ privacy budgets are going to see an increase over the next year.
Of all the respondents, 64% said that it would increase and 3% said that it would decrease.