Express Computer

Home  »  News  »  ISACA’s latest State of Privacy survey highlights rising stress, shrinking teams and growing AI adoption among privacy professionals in India

ISACA’s latest State of Privacy survey highlights rising stress, shrinking teams and growing AI adoption among privacy professionals in India

NewsSecurity
By Express Computer
0 5

ISACA, the leading global professional association dedicated to advancing careers in digital trust, has unveiled its State of Privacy 2026 report, highlighting growing pressure on privacy professionals amid India’s rapidly expanding digital economy. As organisations across banking, financial services, and insurance (BFSI), fintech, healthtech, e-commerce and AI-led platforms accelerate data-driven innovation, privacy teams are navigating a complex environment shaped by rapid technological change, evolving regulatory expectations and constrained resources.

The survey, based on insights from more than 1,800 privacy professionals worldwide, including 121 respondents from India, finds that 55 percent of privacy professionals in India say their roles are more stressful today than five years ago. They identified their biggest sources of stress as the rapid evolution of technology (76 percent), followed by compliance challenges (75 percent) and resource shortages (67 percent), pressures that are increasingly visible in India’s fast-growing digital and AI-driven enterprises.

Strained resources and teams

When it comes to resources, 28 percent of respondents in India report that their privacy budget is underfunded, with 39 percent citing it as appropriately funded. Respondents are less optimistic about their privacy budget for next year, with 42 percent saying it will increase (down from 51 percent in 2025). Thirty-five percent anticipate a decrease in their privacy budget in the next 12 months.

Shrinking team sizes are also a concern, with the median privacy staff size in India dropping from 13.5 in 2025 to 12 this year. Respondents in the country also indicate that both technical (26 percent) and legal/compliance (21 percent) roles on their teams are understaffed. Additionally, 71 percent of India-based respondents believe that skills gaps exist with today’s privacy professionals (compared to 53 percent globally), with understanding the laws and regulations to which the organisation is subject (63 percent) and technical expertise (55 percent) ranking as the top two.

To address skill gaps, the survey finds that privacy teams in India are training non-privacy staff who are interested in moving into privacy roles (58 percent) and increasing the use of performance-based training to attest to actual skill mastery (57 percent). This tracks with the 44 percent in India who note that 50 percent or more of their privacy staff consist of those who started their career in a completely different field and have transitioned into a privacy role—compared to only 27 percent who indicate that 50 percent or more of their privacy staff is comprised of those who started their career and privacy and remain in privacy today.

“With India’s digital economy expanding at unprecedented speed, privacy professionals are operating at the intersection of innovation, regulation and trust,” said RV Raghu, ISACA India Ambassador, and Director at Versatilist Consulting India. “As regulatory expectations evolve and the volume of data grows, privacy professionals in India are under increasing pressure to balance innovation with compliance. Strengthening skills, investing in privacy by design and building cross-functional collaboration will be critical for organisations looking to earn long-term digital trust.”

Obstacles and breaches

Fifty percent of Indian respondents say they are confident in their organisation’s ability to ensure the privacy of its sensitive data. However, 37 percent also indicate that their organization’s privacy program faces obstacles, including:

Management of risks associated with new technologies (49 percent)
Lack of clarity on the mandate, roles and responsibilities (49 percent)
Lack of competent resources (49 percent)

In looking at where privacy programs go wrong, respondents in India identified the following as the most common privacy failures within an organization:
Lack of training or poor training (54%)
Not practicing privacy by design (54%, up from 37% in 2025)
Non-compliance with applicable laws and regulations (48%, up from 43% in 2025)

Additionally, 11 percent of respondents in India say their organizations experienced a material privacy breach in the past 12 months. Twenty-one percent of India-based respondents note they experienced fewer breaches compared to a year ago, and 33 percent think it is unlikely they will experience a breach in the next 12 months (compared to 24 percent globally).

Privacy programs, frameworks and controls

Privacy professionals in India report using a mix of controls, though priorities are shifting. The most commonly used controls are:
1. Data security (71 percent, up from 67 percent in 2025)
2. Data loss prevention (68 percent, down from 77 percent)
3. Third-party risk management (64 percent, down from 67 percent)
4. Encryption (61 percent, down from 70 percent)
5. Identity and access management (56 percent, down from 77 percent)

Slightly fewer organisations in India are consistently practicing privacy by design, with 73 percent always or frequently practicing privacy by design when building new applications or services, down from 77 percent in 2025. However, this is significantly greater than what privacy professionals are practicing globally, with 58 percent of all respondents indicating they always or frequently practice privacy by design when building new applications or services, down from 62 percent in 2025.

Eighty-eight percent of respondents in India said they used a framework or law/regulation to manage privacy in their organization, the most common being GDPR (59 percent) and the NIST Privacy Framework (50 percent). Half (50 percent) say they are very or completely confident in their organization’s privacy team’s ability to achieve compliance with new privacy laws and regulations. And though only 31 percent of respondents say they find it easy to understand their privacy obligations, slightly fewer than last year say they consider it to be difficult—15 percent, compared to 19 percent in 2025.

Additionally, slightly more organisations in India are using AI for privacy. Twelve percent say they have no plans to use AI (bots or machine learning) to perform any privacy-related tasks. However, 48 percent indicate they plan to use AI for this function in the next 12 months.

“The pressing challenges that privacy professionals face in an increasingly complex data privacy threat landscape and regulatory environment underscore how critical it is for organizations to dedicate the necessary resources to support privacy teams in their vital work,” says Safia Kazi, ISACA principal research analyst- privacy. “Investing in and empowering privacy teams is not only an operational requirement for organizations but also a vital step in building trust and resilience.”

Express Computer

Express Computer is one of India's most respected IT media brands and has been in publication for 24 years running. We cover enterprise technology in all its flavours, including processors, storage, networking, wireless, business applications, cloud computing, analytics, green initiatives and anything that can help companies make the most of their ICT investments. Additionally, we also report on the fast emerging realm of eGovernance in India.

You might also like More from author
Leave A Reply

Your email address will not be published.