Trends shaping privacy and security

Highlights from our recent webinar on where privacy and security teams are converging — and what's driving the shift.

At TerraTrue, we believe privacy and security should evolve in tandem with innovation. In our latest webinar, "Trends in Privacy & Security By-Design," CEO Jad Boutros and VP of Privacy Anthony Prestia (VP of Privacy) unpacked some of the most pressing trends shaping the landscape today, from artificial intelligence to third-party risk management.

If you missed it, here are some critical insights—and why you should watch the full discussion on YouTube.

Security By-Design: Back to the Forefront

First coined in 2002 with Microsoft’s "Trustworthy Computing" memo, Security By-Design (SbD) is back in the spotlight.

Here’s why:

A Need for Better Products, Not More Tools A recent Google study revealed a paradox: organizations using more security tools reported more breaches. The conclusion? Companies don't need more security products—they need secure products. By integrating security into the development lifecycle, SbD offers a robust, proactive approach.
AI: A Catalyst for SbD The rise of generative AI has introduced novel risks, prompting organizations to adopt frameworks like Google's Secure AI Framework (SAIF). According to recent IBM research, 96% of executives believe adopting generative AI makes a security breach likely within three years. TerraTrue customers are leading the charge by incorporating SbD into AI governance, though challenges remain in defining multidisciplinary roles and cadence for reviews. Establishing an SbD framework isn’t just about prevention. It’s about empowering faster execution and reducing compliance bottlenecks.

Microsoft's Renewed Commitment

In May 2024, Microsoft's Secure Future Initiative reinforced the importance of SbD, with CEO Satya Nadella emphasizing security above all else—even tying executive bonuses to cybersecurity goals. This strategic shift signals a broader industry movement toward foundational security practices.

AI in Privacy: More Than Technology

Privacy teams are at the forefront of AI governance, with more than half now owning these initiatives. The shift makes sense - privacy practitioners bring substantial knowledge and experience to AI oversight:

Many "AI" products are mature versions of existing ML systems
Current privacy laws already address many AI-related risks
Privacy-by-design principles help identify AI risks early in development

Clever privacy leaders are using enthusiasm for AI as an opportunity to better fund lean privacy programs. As privacy teams face increasing pressure to demonstrate value, safely enabling AI products can showcase that value.

Challenges for Privacy Teams in 2025

Recent IAPP research reveals growing pressure on privacy programs:

Median privacy budgets have remained flat since 2022, despite 81% of teams receiving new responsibilities
70% of respondents report limited privacy expertise availability
Only 38% plan to increase privacy headcount

This reality is pushing teams to focus on:

Increased reliance on automation tools
Enhanced integration capabilities
Metrics-driven program management
Both quantitative tracking (SLAs, review completion times) and qualitative measures (customer sentiment)

Third-Party Risk Management (TPRM): Scaling Security in a SaaS-Driven World

With over $1 billion annually spent on security at companies like JPMorgan Chase, third-party risk management is undergoing a major transformation. The build vs. buy equation has shifted dramatically over the past decade. While cloud computing has spurred a vast ecosystem of SaaS providers, it's also introduced new security challenges around data sharing and system access.

Traditional approaches like comprehensive penetration testing are no longer feasible. Instead, companies are adopting a three-pronged approach:

Technical Innovation

Real-time monitoring enables faster threat detection
Enhanced visibility into vendor data access patterns
Proactive identification of potential security incidents, as demonstrated when Okta customers detected vendor issues through monitoring tools

Process Enhancement

Risk-based assessment prioritization
Regular re-assessments to track evolving risk profiles
Integration of AI-powered document analysis for faster vendor reviews, particularly for SOC-2 reports

Legal Framework Evolution

Standardized security clauses through initiatives like MVSP
Clear accountability measures in vendor agreements
Enhanced data protection requirements

Regulatory Landscape Evolution

While federal privacy legislation remains uncertain, 2025 will likely bring:

Continued expansion of state privacy laws, with California, Virginia, and Connecticut serving as key models
Potential new children's privacy legislation
Shift in FTC focus toward content moderation and fraud
Ongoing antitrust enforcement in tech

Looking Ahead

The privacy and security landscape continues to evolve rapidly. Success requires building relationships across teams specializing in:

Intellectual property
Fraud prevention
Disinformation
Employment and labor
Organizational efficiency

At TerraTrue, we're proud to empower companies with collaborative, scalable solutions to embed privacy and security into every stage of product development. As we celebrate our sixth year of helping organizations build stronger privacy and security by-design programs, we remain committed to enabling faster execution while reducing compliance risks.

Watch the Webinar

These highlights only scratch the surface. Dive deeper into the future of privacy and security by watching our experts – Jad and Anthony – unpack these trends and more in the full webinar.

Click here to watch on YouTube.

Let us help you shift left to get privacy and security right.

‍