Date: 8th December 2023
The Echo - Compliance Professionals see data violations.
Compliance Institute was featured in print media coverage in The Echo today.
More than one in two (53%) Compliance Professionals believe that data protection rules have been breached in their organisation at one time or another.
An even greater number (62%) acknowledged that they are aware of such breaches having taken place in organisations they previously worked in.
A new survey by Compliance Institute, which polled 230 Compliance Professionals working primarily in Irish financial services organisations nationwide, found that almost one-fifth (19%) of those asked said they were aware of more than one instance of a data breach situation in their organisation.
Two-thirds (65%) of compliance experts, reported that they believe certain data protection breaches go unreported to varying degrees.
When asked to identify what they believe are the factors contributing to organisations not reporting data protection breaches, nearly half of those surveyed (48%), believe that businesses, for the most part, do not intentionally neglect to report breaches. 46% however, thinks that concerns about potential damage to their brand reputation might lead organisations to keep such violations confidential. Fewer survey participants said that penalties linked to data breaches and scrutiny from regulatory authorities was a contributing factor.
Michael Kavanagh, CEO, Compliance Institute commented on the survey findings, “The reality is that data breaches can occur within even the most vigilant and secure organisations, underscoring the need for constant diligence in safeguarding sensitive information. Recent reports give weight to the contention that no organisation is 100pc impervious to a breach”. The Compliance Institute points to two examples of the vulnerabilities of even the most accountable organisations.
Mr. Kavanagh continued: “In August of this year, the Central Bank of Ireland, the nation’s financial services watchdog suffered an archiving error data breach that impacted the retention of certain data on borrowers' credit reports stored within the Central Credit Register (CCR)[1]. Following this, the Data Protection Commission (DPC) has initiated an inquiry into the breach.
“Also, earlier this year, a disclosure made under the Freedom of Information Act revealed that Revenue said there had been 256 data breaches throughout last year, with a further 119 in the period from January to June 2023”.
Findings from the Compliance Institute’s Data Breach Survey revealed: A majority of surveyed compliance professionals (65%) assert that breaches frequently go unreported, with a substantial quarter (24%) going so far as to believe that "many" breaches are left unaddressed.
Less than half (48%) express confidence that organisations would not wilfully fail to report a breach.
The predominant deterrent for reporting appears to be the fear of damaging brand reputation (46%), closely followed by the apprehension of being held accountable (44%). Additionally, a significant four in ten (40%) are of the opinion that penalties and regulatory scrutiny act as disincentives for reporting incidents.
Mr. Kavanagh added: “Organisations have distinct obligations and responsibilities in safeguarding data, and even when they diligently meet their legal requirements, errors can occur. These errors typically include IT blunders, human oversight, and malicious cyber activities, among various other potential pitfalls. Expecting absolute invulnerability from every organisation is unrealistic, particularly considering the relentless pace at which cybercriminals advance their tactics to steal data. The response protocol an organisation takes following a breach holds equal importance to its pre-emptive security measures”.