As technology transformations – for example a business unit built around AI or a new application focused on personalized customer experience – have gained momentum in recent years, so have cyber risks and data privacy issues.

But when organizations look internally for risk mitigation and compliance with data privacy laws, there’s a lack of people qualified to do so, according to a new report from ISACA, an IT governance trade association. . Technical privacy and legal/compliance teams are understaffed, corporate privacy budgets are underfunded, and there are skills gaps. The findings are based on a global survey of 1,890 data privacy professionals who hold roles in IT, audit, compliance and risk management, for example.

Failure to comply with privacy laws and regulations, like the European General Data Protection Regulation or even state laws, including the California Consumer Privacy Act (CCPA), is costly, Safia tells me. Kazi, ISACA Privacy Professional Practices Manager. CCPA implemented compliance updates on January 1, regarding employee and applicant notification of company privacy practices.

So it’s a matter that may fall under the purview of a CFO. “CFOs’ risk expertise is invaluable,” says Kazi. “This is especially true when it comes to shopping.” Not only can third parties cause a material breach of privacy, but selecting unqualified third parties can lead to a “devastating breach of privacy and a fine,” says Kazi. About a quarter of survey respondents said they always or frequently work with the finance department, but that percentage may need to increase.

“Security incidents and privacy incidents are not the same”

But lots of risk means lots of rewards, at least for VCs investing in this new generation of cybersecurity products. The global cybersecurity market is expected to reach $403 billion by 2027, as my colleague Lucy Brewster details in her new report: “Cybersecurity is hot. Here are the 13 best VCs you need to know. VCs she showcases include Chenxi Wang, who invested in SaaS (software as a service) cybersecurity platform Claroty, and Ariel Tseitlin, who invested in SaaS security platform AppOmni, products that could one day become the norm in a secure organization. .

Regarding having a designated data privacy program, the ISACA survey found that 42% of respondents said their privacy budgets were underfunded, and only 34% said their budgets were underfunded. privacy would increase in 2023. Meanwhile, 40% said the mandate was unclear, roles and responsibilities, and 39% cited a lack of management or business support.

“Ransomware was a big concern last year, and many organizations took steps to prepare for a ransomware attack,” says Kazi. “But it’s possible that they view security incidents and privacy incidents as one and the same thing, which they are not.” Investing heavily in security without also thinking about privacy is a big mistake – something as small as an inappropriate privacy notice to customers (which would not be addressed through security investments) can cost a million dollar business and damage its reputation.

She continues, “Board members of some organizations may not fully understand the difference between security and privacy and therefore may not prioritize privacy appropriately.

Cybersecurity and privacy are key, says Kazi. But points out a caveat: “You can’t have privacy without security, but you can have security without privacy.”

She added, “Digital trust is increasingly becoming a board and C-suite priority, and privacy is a key component of digital trust.”

*Quick note: Thank you to the CFOs who took the time to answer the question: What was the most important thing you did before landing your first CFO job? (For example, was it networking, P&L management, or something else?) What prepared you for a CFO position? There’s still time to share your experience and insights with the next generation of CFOs in an upcoming column. Email me!

Until tomorrow.

Sheryl Estrada

Sign up here to receive Daily CFO weekday mornings in your inbox.

This story was originally featured on Fortune.com

More Fortune:
Olympic legend Usain Bolt has lost $12 million in savings to a scam. Only $12,000 left in his account
Meghan Markle’s real sin that the British public can’t forgive and Americans can’t understand
“It just doesn’t work.” World’s best restaurant closes as owner calls modern dining model ‘unsustainable’
Bob Iger just put his foot down and told Disney employees to come back to the office

Source link

Leave A Reply