Of these, 19% said that many breaches may go unreported, while 32% believe that a few may go unreported.

The representative body said that this year’s findings indicate that concerns around unreported breaches remain a prominent feature of the sector.

Chief executive of the Compliance Institute Michael Kavanagh said even within organisations with “strong compliance cultures”, there is a “real risk that some breaches are not reported”.

“The fact that over half of compliance professionals believe breaches go unreported is a reminder that vigilance is required at every level.” 

The survey found the main reason compliance professionals feel that breaches of data protection rules might not be reported is the fear of personal accountability — or being blamed for the incident, cited by 26% of respondents.

This was followed by the 22% who believe it is due to concerns over potential brand damage. Another 19% cited regulatory scrutiny or penalties as being the number one driver for not reporting.

However, 33% of respondents believe that, in the main, organisations would not intentionally fail to report a breach.

Mr Kavanagh said “perceptions of unreported breaches are not just a reflection of organisational culture, they point to structural challenges in compliance processes”.

“Staff may hesitate to escalate incidents due to fear of personal consequences, and without clear reporting protocols, even unintentional underreporting can occur. This leaves both organisations — and the individuals whose data they handle — vulnerable.” 

“Even a small number of unreported breaches can have a significant impact. It is essential that organisations encourage a culture where raising an incident is supported and protected,” Mr Kavanagh added.