- Survey highlights ongoing concern about unreported incidents in Irish financial services
More than one in two compliance professionals in Ireland believe that data protection breaches continue to go unreported within organisations, according to a new survey by the Compliance Institute.
The Compliance Institute survey, which polled 150 compliance professionals working primarily in Irish financial services organisations nationwide, found that 51pc of respondents believe that, to varying extents, some breaches go unreported. Of these, 19pc said that many breaches may go unreported, while 32pc believe that a few breaches may go unreported.
Although perceptions have shifted slightly since Autumn 2023, when a greater number of respondents (65pc) to the same survey said they believe data breaches go unreported, the representative body said that this year’s findings indicate that concerns around unreported breaches remain a prominent feature of the sector.
Commenting on the survey Michael Kavanagh, CEO of the Compliance Institute,
“Even in organisations with strong compliance cultures, there is a real risk that some breaches are not reported. The fact that over half of compliance professionals believe breaches go unreported is a reminder that vigilance is required at every level.”
The Compliance Institute survey also explored the main reasons why data breaches might not be reported.
- The main reason given – as felt by 26pc, was for fear of personal accountability.
- This was followed by the 22pc who believe it is due to concerns over potential brand damage.
- Almost one-fifth (19pc) cited regulatory scrutiny or penalties as being the number one driver for not reporting.
- However, 33pc of respondents believe that, in the main, organisations would not intentionally fail to report a breach.
Mr Kavanagh commented,
“Perceptions of unreported breaches are not just a reflection of organisational culture, they point to structural challenges in compliance processes. Staff may hesitate to escalate incidents due to fear of personal consequences, and without clear reporting protocols, even unintentional underreporting can occur. This leaves both organisations - and the individuals whose data they handle - vulnerable.
Organisations must ensure that breaches are promptly identified, reported and investigated. Unreported breaches can have serious consequences, including regulatory action, reputational damage and exposure of sensitive data. Transparency and accountability are critical to building trust and ensuring compliance.”
The Compliance Institute emphasises that reporting breaches promptly not only meets regulatory obligations but also allows organisations to learn from incidents and strengthen their data protection measures.
“Even a small number of unreported breaches can have a significant impact. It is essential that organisations encourage a culture where raising an incident is supported and protected,” Mr Kavanagh concluded.
