According to data from ISACA's Privacy in Practice survey report, 72 percent of respondents from Indian firms anticipate an increase in hiring for legal/compliance jobs and technical privacy roles in the upcoming year as a result of rising cybersecurity concerns.
To find out how businesses are approaching digital trust, ISACA conducted a global survey of more than 1,890 experts in the fields of security, privacy, IT management, audit practitioner/management, risk practitioner, legal/compliance practitioner, and data privacy officer. There were 96 replies from India.
Organizations' staffing requirements for privacy continue to be impacted by skill gaps. Many organizations throughout the legal/compliance as well as technological privacy domains have open (unfilled) privacy roles.
Talent Crunch
According to 35 percent and 44 percent of respondents living in India, respectively, there are still openings in technical privacy and legal/compliance areas. Organizations struggle to fill available roles at all levels for a longer period of time due to a lack of experience and talent in the cybersecurity and privacy arena.
Around 34 percent of respondents claim that it takes their companies three to six months to fill legal compliance roles. The time needed to fill available positions in privacy roles occasionally exceeds six months, especially for technical privacy posts (15 percent) and legal/compliance roles (12 percent).
It is not surprising that the main obstacle for firms in developing a successful privacy program is a lack of qualified resources (44 percent). A complex international legal and regulatory environment (40 percent), as well as a lack of executive or commercial assistance (39 percent), are additional obstacles.
Commenting on the survey and its findings, R.V Raghu, ISACA Ambassador in India and past ISACA board director, says, “Like every other industry and role, the search for a qualified candidate is real and challenging in the privacy space as well. Under threat from cyber and phishing attacks, organizations are increasingly facing a talent crunch as they look to hire qualified privacy professionals.”
He adds, “What’s encouraging is that organizations are being proactive in protecting their networks and systems from internal as well as external threats by investing in upskilling and training of their privacy professionals.”
Widening Skill Gaps
The three most important qualifications for selecting privacy applicants are compliance/legal experience (77 percent), prior practical experience in a privacy function (73 percent), and technological experience (69 percent). Both technical and soft skills are found to be lacking in hires who are interested in filling various privacy responsibilities. The top five skill gaps identified by Indian companies looking to fill privacy positions are experience with various technologies and/or applications (71 percent), experience with frameworks and/or controls (58 percent), knowledge of the legal and regulatory framework to which the company is subject (52 percent), technical proficiency (50 percent), and business insight (44 percent).
Alarmingly, additional significant skill gaps in hiring privacy specialists include a lack of corporate ethics (28 percent), as well as a lack of soft skills (communication, flexibility, and leadership). Organizations are increasingly investing in training programs to assist their applicants in acquiring the necessary skill sets as a result of the growing skill gaps in potential recruits.
Upskilling and Training Privacy Professionals
Indian organizations are addressing internal privacy skill gaps with a mix of measures, including training to enable interested non-privacy staff to transition into privacy roles (68 percent), increased use of performance-based training to attest to actual skill mastery (42 percent), increased reliance on credentials to attest to actual subject matter expertise (41 percent), and increased use of artificial intelligence or automation (36 percent).
Prioritizing Privacy Goals
Despite all of these difficulties, the senior leadership of Indian businesses and the workforce fully supports data security and customer privacy as their primary areas of attention. Approximately 68 percent of respondents think that their board of directors has prioritized privacy issues appropriately for their company; 14 percent disagree, and 18 percent say they are unaware of the management's focus on these issues.
Again, 63 percent of respondents in India state that their board of directors sees their company's privacy program as a way to satisfy compliance obligations (to uphold the law of the land) and the ethical need of the firm to uphold privacy demands irrespective of existing laws and regulations. Over the coming year, firms' privacy budgets will increase as a result of an increase in data breaches and thefts, as well as an increase in internal and external cybersecurity risks.