Compliance Institute’s recent survey featured in online and print coverage in the Irish Examiner and the Silicon Republic.

Online and Print (See below):

Irish Examiner - Majority of compliance workers fear data breaches go unreported

Fear of being blamed for a mistake cited as one of the major reasons, a survey has found

Ronan Smyth

More than half of Irish compliance professionals believe that data breaches go unreported within organisations with fear of being blamed for a mistake cited as one of the major reasons why, a survey has found.

The survey, conducted by the Compliance Institute survey on 150 members, shows that 51% of respondents believe that, to varying extents, data breaches go unreported. 

Of these, 19% said that many breaches may go unreported, while 32% believe that a few may go unreported.

The representative body said that this year’s findings indicate that concerns around unreported breaches remain a prominent feature of the sector.

Chief executive of the Compliance Institute Michael Kavanagh said even within organisations with “strong compliance cultures”, there is a “real risk that some breaches are not reported”.

“The fact that over half of compliance professionals believe breaches go unreported is a reminder that vigilance is required at every level.” 

How investment scams are costing Irish victims thousands as fraudsters play the long game

The survey found the main reason compliance professionals feel that breaches of data protection rules might not be reported is the fear of personal accountability — or being blamed for the incident, cited by 26% of respondents.

This was followed by the 22% who believe it is due to concerns over potential brand damage. Another 19% cited regulatory scrutiny or penalties as being the number one driver for not reporting.

However, 33% of respondents believe that, in the main, organisations would not intentionally fail to report a breach.

Mr Kavanagh said “perceptions of unreported breaches are not just a reflection of organisational culture, they point to structural challenges in compliance processes”.

“Staff may hesitate to escalate incidents due to fear of personal consequences, and without clear reporting protocols, even unintentional underreporting can occur. This leaves both organisations — and the individuals whose data they handle — vulnerable.” 

“Even a small number of unreported breaches can have a significant impact. It is essential that organisations encourage a culture where raising an incident is supported and protected,” Mr Kavanagh added. 

 

 

Silicon Republic - Data breaches going unreported, says Irish compliance survey

The Compliance Institute polled 150 compliance professionals working primarily in Irish financial services organisations.

More than half (51pc) of surveyed compliance professionals in Ireland believe that data protection breaches go unreported within organisations, according to the results of a new survey by the Compliance Institute.

Of this cohort, 19pc of respondents to the survey, which polled 150 compliance professionals working primarily in Irish financial services organisations, said that “many” breaches may go unreported, while 32pc believed that “a few” breaches may go unreported.

Michael Kavanagh, CEO of the Compliance Institute – the professional body for 3,850 compliance professionals in Ireland – said: “Even in organisations with strong compliance cultures, there is a real risk that some breaches are not reported.

“The fact that over half of compliance professionals believe breaches go unreported is a reminder that vigilance is required at every level.”

49pc of respondents said they did not think data breaches “knowingly” went unreported, while 33pc said that in the main, organisations would not intentionally fail to report a breach.

In terms of the reasons for data protection breaches going unreported, 26pc of respondents said the fear of personal accountability would be a factor, while 22pc cited concerns over potential brand damage, and 19pc said regulatory scrutiny or penalties would be the main reason for not reporting breaches.

Kavanagh said: “Perceptions of unreported breaches are not just a reflection of organisational culture; they point to structural challenges in compliance processes. Staff may hesitate to escalate incidents due to fear of personal consequences, and without clear reporting protocols, even unintentional underreporting can occur.

“This leaves both organisations, and the individuals whose data they handle, vulnerable. Organisations must ensure that breaches are promptly identified, reported and investigated. Unreported breaches can have serious consequences, including regulatory action, reputational damage and exposure of sensitive data. Transparency and accountability are critical to building trust and ensuring compliance.”

The Compliance Institute noted that reporting breaches promptly not only meets regulatory obligations but also allows organisations to learn from incidents and strengthen their data protection measures.