Privacy teams in Oceania face stress & budget cuts

Privacy teams in Oceania are reporting higher stress and tighter budgets as organisations face more complex regulation, rapid technology change and sustained breach risk, according to a new study from ISACA.

The State of Privacy 2026 survey drew on responses from more than 1,800 privacy professionals worldwide across the ISACA community. In Oceania, 63% of respondents said their roles are more stressful than they were five years ago.

Technology change led the stress factors for Oceania respondents. Some 71% cited the rapid evolution of technology as a source of stress. That figure rose from 63% a year earlier. Compliance challenges followed at 62%. Resource shortages followed at 61%.

Budget pressure

The survey pointed to funding constraints in privacy functions. Globally, 43% of respondents said their privacy budget is underfunded. Another 36% said it is appropriately funded.

Oceania respondents reported a more downbeat view of the year ahead. Only 8% expect their privacy budget to increase over the next 12 months. The comparable global figure was 22%.

Most Oceania respondents expect less funding rather than more. Some 60% expect a budget decrease over the next 12 months. Globally, 50% expect a decrease.

One context sentence before a quote: ISACA said privacy risk was widening beyond specialist teams.

"Many organisations are asking small privacy teams to manage complex compliance obligations, emerging technologies like AI, and growing breach risk all at once," said Jamie Norton, Vice Chair of the ISACA Board, ISACA.

"Lower budgets can mean that organisations risk falling behind regulatory expectations as scrutiny continues to intensify. When investment doesn't keep pace, privacy risk quickly becomes a broader business and governance issue," said Norton.

Smaller teams

The study also reported a drop in the size of privacy teams. The global median privacy staff size fell to five this year from eight in 2025.

Respondents flagged shortages across technical and compliance skill sets. Nearly half of respondents, 47%, said technical roles on their teams are understaffed. Another 37% said legal and compliance roles are understaffed.

The survey also highlighted skills gaps. Some 53% of respondents said skills gaps exist among today's privacy professionals. Respondents most frequently cited technical expertise at 54%. They also cited experience with different types of technologies and or applications at 52%.

Organisations reported steps to cover gaps in staffing and experience. Globally, 48% said their privacy teams train non-privacy staff who want to move into privacy roles. Another 36% said they increase their usage of contract employees or outside consultants.

The survey also pointed to a workforce that often enters privacy from other disciplines. More than half of respondents worldwide, 55%, said that 50% or more of their privacy staff started their career in a completely different field and transitioned into a privacy role. Only 25% said that 50% or more of their privacy staff started their career in privacy and remain in privacy today.

Confidence levels

Oceania respondents reported lower confidence in privacy outcomes than global peers. Only 26% said they are confident in their organisation's ability to ensure the privacy of its sensitive data. The global figure was 43%.

Obstacles in privacy programmes remained common. Across all respondents, 44% said their organisation's privacy programme faces obstacles.

Respondents identified the management of risks associated with new technologies as the leading obstacle. It came in at 52%. A complex international legal and regulatory landscape followed at 45%. A lack of competent resources followed at 43%.

The survey also asked respondents where privacy programmes fail in practice. The most commonly cited failure was lack of training or poor training at 51%. That increased from 47% in 2025. Not practicing privacy by design followed at 50%, up from 41% in 2025. Data breach or leakage followed at 44%.

Material breaches remained a factor in privacy risk. Some 14% of respondents said their organisations experienced a material privacy breach in the past 12 months. Another 23% said they did not see a change in the number of breaches. Some 19% expect a material privacy breach in the next 12 months. That figure rose from 15% in 2025.

Controls and frameworks

The study found that privacy professionals use a mix of technical and governance controls. The most common control was data security at 72%. Encryption followed at 68%, down from 73% in 2025. Data loss prevention followed at 65%. Identity and access management followed at 63%, down from 75% in 2025.

Fewer organisations reported regular use of privacy by design in product and service development. Some 58% said they always or frequently practice privacy by design when building new applications or services. That figure fell from 62% in 2025.

Frameworks and regulatory references remained central to privacy management. Some 82% of global respondents said they use a framework or a law or regulation to manage privacy in their organisation. GDPR was the most commonly cited at 51%. The NIST Privacy Framework followed at 45%.

Confidence in compliance readiness was mixed. Globally, 46% said they are very or completely confident in their privacy team's ability to achieve compliance with new privacy laws and regulations.

In Oceania, 36% said they find it easy to understand their privacy obligations. The proportion who consider it difficult fell to 8% from 21% in 2025.

The report also recorded a shift in the expected use of AI for privacy work. Globally, 26% said they have no plans to use AI, bots or machine learning for privacy-related tasks. That figure fell from 36% in 2024 and 31% in 2025. Another 38% said they plan to use AI for privacy tasks in the next 12 months.