S‑RM’s 2026 Cyber Incident Insights Report offers one of the clearest indicators yet of how rapidly the global threat landscape is shifting. Drawing on more than 800 incidents handled throughout 2025, the report reveals a ransomware ecosystem that is expanding, fragmenting and becoming less predictable, while AI adoption(on both sides of the divide) introduces new
Continue Reading Key Takeaways from the S-RM Cyber Incident Insights Report 2026
On February 20, 2026, Texas Attorney General Ken Paxton filed suit against Shein US Services, LLC, alleging false, deceptive, and misleading practices in violation of the Texas Deceptive Trade Practices Act. The complaint targets both product safety concerns and alleged misrepresentations regarding consumer data practices.
Shein, founded in China in 2008, is a global fast‑fashion
Continue Reading U.S.: Texas AG Sues Shein Over Alleged Deceptive Practices and Data Privacy Risks
On 20 January 2026, the European Commission proposed a new cybersecurity package, aimed at strengthening the EU’s cybersecurity resilience and capabilities. The package includes a revised Cybersecurity Act (“CSA“) and targeted amendments to the NIS2 Directive (see our blog post for further information on the amendments to the NIS2 Directive). The revised
Continue Reading EU Commission looks to strengthen EU Cybersecurity Resilience and Capabilities
The NIS2 Directive continues to evolve – and organisations must keep pace. On 20 January 2026, the Commission unveiled a set of targeted amendments to the NIS2 Directive (“the Proposal“), signalling the next phase of its push to modernise and streamline the EU’s cybersecurity legal framework.
Positioned within a broader legislative package, also
Continue Reading EU: NIS2 Update – EU Moves to Harmonise Cyber Controls, Refine Scope, and Add New In-Scope Entities
Since the enactment of Singapore’s Cybersecurity Act 2018 (Cybersecurity Act), Singapore’s digital economy has grown rapidly, and cyber threats have evolved at a remarkable pace. To address this shifting landscape, the Cybersecurity (Amendment) Act 2024 (Amendment Act) was passed last year, introducing significant amendments to the Cybersecurity Act to broaden regulatory
Continue Reading Singapore: Key Amendments to the Cybersecurity Act Now in Force
Over the last decade, the EU has launched an unprecedented constellation of laws: GDPR, the AI Act, the Data Act, NIS2, the Cyber Resilience Act, DORA, DSA, DMA, eIDAS 2.0 and more. Together – under the ‘Digital Decade’ banner – they aim to form a powerful framework to protect fundamental rights, promote trustworthy technology and
Continue Reading EU: Digital Autofocus – Will Europe’s Digital Omnibus bring clarity to Regulation?
On 28 October 2025, China passed amendments to the Cybersecurity Law, marking the first update since its enactment in 2016. These amendments reflect China’s heightened focus on cybersecurity and AI governance and are scheduled to take effect on 1 January 2026.
Key Updates
The amendments primarily focus on the law’s enforcement provisions. Key updates include:
Continue Reading CHINA: Amendments to Cybersecurity Law Effective 1 January 2026
The Threat
Malware usage by adversaries has reportedly declined. Partly due to sophisticated detection methods commonly deployed by medium to large organisations.
Conversely, insider threats (cybersecurity risks originating from within an organisation) are increasing, posing complex and costly challenges for businesses. CrowdStrike’s 2025 Global Threat Report indicates that insider threat operations accounted for 40% of
Continue Reading Insider Threat: Client Considerations and Justifications
Australian Clinical Labs (ACL) has been ordered to pay AUD5.8 million for breach of the Privacy Act 1988 (Cth) (Privacy Act) following a 2022 cyber incident which impacted the personal information of over 223,000 individuals. This is the first ever civil penalty proceeding under the Privacy Act.
ACL was held to
Continue Reading Australian Clinical Labs ordered to pay AUD5.8 million following cyber incident
Visible cyber fallout is everywhere. Impact to business operations (and therefore revenue) including halted production lines, emptied supermarket shelves, online payment unavailability, and patient backlogs have all brought cyber into the media and the boardroom at an alarming rate in the last year. Last week, the NCSC’s Annual Review 2025[1] showed impact climbing fast
Continue Reading UK: It’s time to act – the UK National Cyber Security Centre’s wake-up call for business leaders
