Editor's note: Take the 2025 Governance Survey!
The fields of privacy, AI governance, cybersecurity law and digital responsibility are intersecting more than ever before. To help understand and serve these colliding disciplines, the IAPP is calling for participation in its annual Governance Survey. This iteration of the survey will broadly explore governance operations, staffing and resourcing across geographies and sectors.
This survey is for IAPP research purposes only. All responses will be strictly confidential, and you will never be contacted about your responses.
In antiquity, society often perceived risk through the purview of the divine. Fate and providence were matters to be deciphered by augury, the methods of which included observing the behavior of birds and, more latterly, the finding of omens in the entrails of sacrificed animals.
Modernity has relegated such practices obsolete. Rudimentary or divine methods of assessing risk have been usurped by the rising perception that risk is a concept of choice and action rather than fate and passivity. Indeed, even the word risk derives from "risicare," the Italian verb "to risk."
Though more precise calculations are possible with today's auspices, in the field of digital governance risks, the complexities, volatilities and consequences are proliferating and compounding in ways that may sometimes feel as if divine intervention is needed. And, as much as divinity is staging a comeback, organizations are searching for calculable and demonstrable ways to define, assess and manage digital risk.
Unfortunately, there is no prophetic oracle to pronounce the measurement of risks for digital governance across the intersection of law, technology and human interest. Not yet, at least, and perhaps never. There are, however, many structures, techniques and methods to help identify, categorize and respond to different risks. International standards have flourished to homogenize risk management; laws are proclaimed as "risk-based;" and organizations increasingly stress-test scenarios, including via red teaming, to explore and simulate risk in distinct environments.
Understanding how others perceive these issues is another way in which individuals and organizations observe risk and, indeed, opportunity. My peers' risks may be mine too. Birds of a feather flock together. Perhaps the augurs were onto something. How one's peers respond may help determine whether and how one follows or, even, how one opportunistically distinguishes and differentiates oneself.
Last year's IAPP Privacy Governance Report documented the efficacy of, and corresponding confidence in, an organization's approach to privacy governance by reference to the specific practices, measures and personnel deployed. A recurring theme was how organizations, and the individuals tasked within them, are taking on more work, adjacent and additional to their privacy work. In fact, 81% of privacy professionals have been tasked with an additional responsibility, such as artificial intelligence governance, cybersecurity regulatory compliance and platform liability, alongside their existing privacy day jobs. That increase in volume as the variety of work poses challenges and even risks. Doing so against a backdrop of flat budgetary investment heightens challenges.
This year's governance survey invites responses to help document, in more empirical terms than the augurs, how digital risk is perceived in today's world and does so through four prominent prisms: the geopolitical, the technological, the societal and the organizational. The results, as selected by respondents, will index the top risks overall and across those categories, and will help inspire and inform discussion at Navigate: a Digital Policy Leadership Retreat.
Chi non risica non rosica. Nothing ventured, nothing gained. Take the survey and stand to gain from a richer understanding of the risks shaping the governance of digital technology.
Joe Jones is the director of research and insights for the IAPP.
