The nature of privacy work also varies by country, which adds another layer of complexity. “The privacy space is largely underpinned by legislation, which varies from country to country. Cybersecurity, on the other hand, tends to revolve around technology, and as a result is more agnostic and universal,” Michael Trovato, managing partner at IIS and former EY cybersecurity lead partner, says. “You can take a cybersecurity expert in Australia and the US, and they would have similar conversations about cybersecurity,” but when it comes to discussion about privacy, it’s quite different and there’s a real disconnect, he adds.
Why it is difficult to hire privacy experts
Finding a highly skilled privacy professional can feel like chasing a unicorn, Kazi describes. “Yes, privacy is important, but they want somebody who’s a lawyer, an expert in technology, knowledgeable about user interface and user experience, and ideally, they know a lot about ethics and are an AI expert as well. And yet, the position does not pay very much. That’s a serious challenge,” she says.
Adding to the problem, 43% of organizations report their privacy budget is underfunded, and 48% expect budget cuts in 2025. A key issue is that many organizations conflate privacy with security, assuming that funding one automatically covers the other. Kazi warns against this misconception, especially when cybersecurity professionals are just as – if not more – burned out and understaffed.