It is being increasingly used by cybercriminals in their attempts to defraud people with hackers using the material to find new ways to steal material and outsmart even the most advanced of security systems. The rise in the number of ‘pop-up’ social media adverts featuring fake, AI-generated endorsements from well-regarded and trusted celebrities is just one case in point.

Unfortunately, an increasing number of people are falling for these scams. There has been a 20% increase in reports of investment fraud in 2025 compared to 2024, with more than €20 million in losses, according to new figures from An Garda Síochána. Individual losses arising from the bigger investment scams can start anywhere from €10,000 and can increase significantly beyond this, according to Garda figures.

The huge importance of protecting sensitive customer financial information is not lost on the Irish financial services sector — or indeed, any business. In the wrong hands, sensitive financial data can be used to perpetrate fraud and identity theft, leading to significant financial losses and other headaches for customers and businesses alike. 

It could take years for a financial institution or business to repair the reputational damage that could arise following a data breach and in the interim important customers, investors and revenue could be lost. In addition, the fines faced by organisations for breach of data protection rules can run into the millions.

Data protection obligations on financial institutions and businesses can be onerous, but AI has turned this into an uphill battle for Irish financial services institutions. More than one-third (34%) of compliance professionals in Ireland say AI is making it more challenging for financial institutions to safeguard customer and other sensitive data, according to a new survey by the Compliance Institute. Only 7% of those polled believe that AI has made data protection easier.

The survey, which gathered responses from approximately 150 compliance professionals working primarily across Irish financial services organisations, explored views on the impact of AI on data protection.

Data breaches are an unfortunate reality across modern organisations, including those operating in highly regulated sectors. Even well-run organisations with strong compliance cultures are not immune to breaches. 

Indeed, four in 10 (39%) compliance professionals in the financial services sector are aware of data protection breaches having occurred within their current organisation, according to research conducted by the Compliance Institute earlier this year. 

That research also found that just over half (51%) of compliance professionals said they had encountered data protection breaches in organisations they previously worked in — evidence of the widespread and persistent nature of data protection risks across the sector.

Ireland’s position as a major centre for data hosting and digital infrastructure adds to this country’s vulnerability. With so much financial and commercial activity flowing through highly connected systems, cybercriminals are actively targeting Ireland.

Regardless of how prevalent and illusive data breaches have become, there is no room for complacency when it comes to data protection and combatting cybercrime. As more people manage their finances online — including for banking, pensions, insurance, or investments — data breaches and cybercrime are serious financial risks which need to be managed. 

Financial crime is increasingly digital in nature, faster to execute and more complex to detect. That is why sustained investment in awareness, prevention and cross-sector co-operation will remain essential in protecting consumers and maintaining trust in financial systems.

The nature of digital operations, combined with increasingly sophisticated cyber threats, means that firms must regularly reassess how they protect sensitive information and respond to changes in threats. Organisations must ensure that cyber resilience remains a strategic priority, supported by robust controls, ongoing staff awareness and clear response protocols.

Protecting data is not solely about preventing incidents. It is equally about detection, response and learning. Organisations that invest in continuous improvement are best positioned to meet regulatory expectations and maintain stakeholder and customer trust.

There’s an old saying that ‘time waits for nobody’. Today, the more fitting saying could be ‘AI waits for nobody’. If organisations want to safeguard customer data and boost their cyber resilience, no more time can be lost getting up to speed on AI and tackling the risks head on.

• Michael Kavanagh is CEO of the Compliance Institute, Ireland’s professional body for compliance practitioners.