Privacy budgets set to drop further in 2026, European IT pros warn

Published: 15 January 2026
Last updated: 15 January 2026
Worried employee
Worried employee. By GettyImages

IT security professionals complain about having to tackle bigger security problems with dwindling resources. They expect 2026 to be worse.

Privacy teams in Europe feel understaffed, the new State of Privacy 2026 research from ISACA has revealed.

ADVERTISEMENT

The reality of this situation has been brought to light very recently by Instagram’s sudden password reset surge, highlighting a familiar problem that users don't feel safe.

Over the weekend, Instagram users were bombarded with password reset emails. Threat actors allegedly stole data from nearly 18 million Instagram users, while Meta denied any breach allegations.

Amid the scandal over Grok AI spitting out nude pictures of women and children within mere seconds of requests, it turned out that the xAI safety team, which, as pointed out by CNN, is already small in comparison to its competitors, had lost several employees in the weeks leading up to the scandal.

With AI in the picture, it seems that a lot is at stake, and companies can't really afford to cut cybersecurity staff. But this is not how the situation is perceived by boards, at least in Europe.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

“As organizations adopt new technologies at speed, the volume and complexity of privacy obligations grow in parallel – yet many teams are still operating without the staffing, funding, or training they need to keep pace,” said Chris Dimitriadis, global chief strategy officer at ISACA.

According to the report, based on a survey of 1,854 respondents, 44% of privacy professionals in Europe say their teams are underfunded, while over half (54%) expect privacy budgets to decrease further in 2026.

Europe has the most privacy guardrails and regulations of any region, and professionals there seem to be struggling to identify and understand their privacy obligations.

ADVERTISEMENT

Regulatory requirements get the boards’ attention. However, the focus seems to be very much on compliance only.

“Boards must treat privacy as a strategic driver of trust, resilience, and competitive advantage, not just a compliance checkbox. When organizations equip their privacy teams with the skills, resources, and authority they need, they are not just reducing risk – they are preparing their business for the next wave of regulatory and technological change,” Dimitriadis said.

Unlock more exclusive Cybernews content on YouTube

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked