As tech transformations—for example a business unit built around A.I. or a new app geared toward personalized customer experience—have picked up steam in recent years, so have cyber risks and data privacy concerns.
But when organizations look internally for risk mitigation and compliance with data privacy laws, there’s a lack of qualified people to do so, according to a new report by ISACA, a professional IT governance association. Both technical privacy and legal/compliance teams are understaffed, enterprise privacy budgets are underfunded, and there are skills gaps. The findings are based on a global survey of 1,890 data privacy professionals who hold positions in IT, audit, compliance, and risk management, for example.
Non-compliance with privacy laws and regulations, like Europe’s General Data Protection Regulation or even state laws including the California Consumer Privacy Act (CCPA), is costly, Safia Kazi, a principal in ISACA’s privacy professional practices, tells me. CCPA had compliance updates go into effect on Jan. 1, regarding providing employees and job applicants notice of the company’s privacy practices.
So this is an issue that may fall under a finance chief’s purview. “CFOs’ risk expertise is invaluable,” Kazi says. “This is especially true with regard to procurement.” Not only can third parties be the source of a significant privacy breach, but selecting unqualified third parties can result in a “devastating privacy violation and fine,” Kazi says. About a quarter of the survey respondents said they always or frequently work with their organization’s finance department. But that percentage may need to increase.
‘Security incidents and privacy incidents are not the same’
But lots of risk means lots of reward—at least for the VCs investing in this new generation of cybersecurity products. The global cybersecurity market is expected to reach $403 billion by 2027 as my colleague Lucy Brewster details in her new report, “Cybersecurity is red hot. Here are the top 13 VCs to know.” The VCs she features include Chenxi Wang, who invested in the software-as-a-service (SaaS) cybersecurity platform Claroty, and Ariel Tseitlin, who invested in the SaaS security platform AppOmni—products that may one day be standard in a secure organization.
Regarding having a designated data privacy program, ISACA’s survey found that 42% of respondents said their privacy budget is underfunded,…