More than four in ten compliance professionals say they are aware of data protection breaches having occurred within their current organisation, according to a new survey by the Compliance Institute.
The Compliance Institute survey, which polled 150 compliance professionals working primarily in Irish financial services organisations nationwide, found that 19pc of respondents are aware of at least one data protection breach in their current organisation, with one in five (20pc) indicating they know of multiple instances.
An even greater proportion (51pc) said they had encountered data protection breaches in organisations they previously worked in, which the representative body says highlights widespread and persistent nature of data protection risks across the sector.
The findings also point to a growing external threat environment. Over one quarter (26pc) of respondents said their organisation had experienced a data breach originating from outside the organisation, such as hacking or other cyber incidents. This represents a 4pc increase compared with findings from the same survey conducted in Autumn 2023.
Michael Kavanagh, CEO of the Compliance Institute, commented on the findings,
“Data breaches are an unfortunate reality across modern organisations, including those operating in highly regulated sectors. While governance standards and security frameworks adapt over time, the data suggests that incidents remain a persistent feature of operational risk”.
Mr Kavanagh spoke of the importance of continued vigilance and investment in controls.
“Even well run organisations with strong compliance cultures are not immune to breaches. The nature of digital operations, combined with increasingly sophisticated cyber threats, means that firms must regularly reassess how they protect sensitive information and respond to changes in threats”.
“When over half of compliance professionals report encountering breaches during their careers, it reinforces the reality that this is not confined to a small number of firms and reflects the broader operational and technological challenges facing organisations handling large volumes of data”.
Mr Kavanagh added that the increase in externally driven breaches reflects the changing threat environment.
“Cyber risks are on the rise, with threat actors constantly refining their tactics. Organisations must ensure that cyber resilience remains a strategic priority, supported by robust controls, ongoing staff awareness, and clear response protocols”.
The Compliance Institute said the findings serve as a reminder that strong data governance requires both preventative and responsive capabilities.
Mr Kavanagh concluded,
“Protecting data is not solely about preventing incidents. It is equally about detection, response and learning. Organisations that invest in continuous improvement are best positioned to meet regulatory expectations and maintain stakeholder trust.
Maintaining trust depends on organisations treating data protection as a core business responsibility. Ongoing training, clear accountability and a culture of transparency are essential in ensuring that risks are managed effectively as digital operations grow more sophisticated”.
