cybersecurity

Employees Regularly Paste Company Secrets Into ChatGPT

By / Blog / ,

TLDR

Employees risk data security by sharing sensitive information with ChatGPT, with 45% using generative AI tools and 22% pasting PII/PCI data. This raises compliance and data leakage concerns, as 82% of data shared is from unmanaged accounts. ChatGPT leads AI adoption in enterprises at 43%, while Microsoft Copilot sees low usage (2%). Security measures like enforced Single Sign-On are essential to mitigate risks.

https://www.theregister.com/2025/10/07/gen_ai_shadow_it_secrets/

Cloud Compliance Requirements: What You Need to Know

By / Blog / ,

Cloud compliance is becoming a strategic necessity for businesses operating in multiple regions and sectors. Major regulations, such as GDPR, HIPAA, and PCI DSS, dictate how data is handled, driving system design and vendor selection. Non-compliance can result in severe fines, delayed launches, reputational damage, or even loss of market access. Certifications such as ISO 27001, SOC 2, and FedRAMP are increasingly prerequisites for customer and partner trust, while frameworks like NIST and CIS help ensure daily operational discipline. To keep pace with evolving laws surrounding privacy, AI risk, digital sovereignty, and industry-specific requirements, organizations must integrate compliance into their core cloud strategy, adopt ongoing monitoring, and ensure leadership remains directly involved. This approach turns compliance from a defensive burden into a competitive advantage and a key proof of enterprise readiness.

https://appinventiv.com/blog/cloud-regulatory-compliances-guide/

Are We Paying Enough Attention to the AI Risks?

By / Blog / ,

KPMG Legal Reimagined outlines the primary legal, regulatory, and ethical risks associated with organizations utilizing AI. Key themes and takeaways:

  • Regulatory Landscape: Laws vary; the EU has the AI Act with strict requirements, while the UK is using decentralized, principle-based oversight.
  • Ethical Considerations: Focus on transparency, explainability, bias, and fairness. Ethics boards are used to oversee these issues.
  • Third-Party Risk: AI risk extends to suppliers; due diligence and contracts are vital.
  • Data Protection: Personal data must always comply with laws like GDPR; clear privacy notices are mandated.
  • AI and Copyright: Tension exists between using AI and creative industries’ rights; guidelines limit how legal data and generative AI can be used.
  • Pace of Change: Rapid AI advancements challenge legal professionals to keep up with new technologies and laws.
  • Opportunities for Legal Teams: AI can improve legal workflows and create new skill needs; leaders should plan for evolving roles and tech adoption.

https://kpmg.com/se/en/insights/newsletters/legal-reimagined/2025/are-we-paying-enough-attention-to-the-ai-risks.html

Finance Sector Most Affected by GDPR Data Breaches

By / Blog / ,

Between 2023 and Q1 2025, the finance sector reported the highest number of GDPR data breaches in the UK, with 3,820 cases. This includes 2,175 reported specifically by finance, insurance, and credit companies. Other sectors with high breach numbers include education, childcare, retail, and manufacturing. Data breaches range from sending emails to the wrong recipients to cyberattacks, and they are more common in sectors that hold sensitive data. Most incidents are reported in the fourth quarter of each year.

https://www.financialreporter.co.uk/finance-sector-most-affected-by-gdpr-data-breaches.html

Making Cybersecurity Training a Priority for Everyone

By / Blog / ,

TLDR: Cybersecurity relies on skilled users, not just technology; 95% of data breaches in 2024 were due to human error. Investment in user education and reskilling is essential. Training must be relevant and encompass all employees, not only specialists. With AI's rise, ethical understanding and critical thinking in cybersecurity training are critical. Cybersecurity should be a collective responsibility, integrated into daily life, and treated as a public good requiring cooperation and constant adaptation.

https://www.weforum.org/stories/2025/10/cybersecurity-people-not-just-technology/

Council Post: Cybersecurity Is No Longer Just An IT Problem—It’s a Business Imperative

By / Blog /

Cybersecurity has become a top business concern, integral to growth, trust, and corporate reputation. It’s no longer just a technical or IT problem; organizational leaders at all levels must treat it as a vital part of business strategy. Regulatory measures and global pressures demand board-level involvement. Companies succeed when cybersecurity is woven into their culture, governance, and strategic decisions—not simply left as an IT task. Smart businesses align their security efforts with overall business goals, investing in people, culture, and adaptive strategies to remain resilient and competitive.

https://www.forbes.com/councils/forbestechcouncil/2025/10/03/cybersecurity-is-no-longer-just-an-it-problem-its-a-business-imperative/

EU Consistently Targeted by Diverse yet Convergent Threat Groups

By / Blog / ,

ENISA's 2025 Threat Landscape report reveals heightened cyber threats to the EU, detailing 4,875 incidents primarily involving DDoS attacks (77%), with hacktivism leading (80%). Ransomware poses a significant threat, fueled by increased cyber dependency and collaborative tactics among threat groups. Phishing remains the top intrusion method (60%). Public administration is the most targeted sector (38.2%), emphasizing the need for enhanced cybersecurity measures in critical infrastructures. The report highlights the growing influence of AI and vulnerabilities in mobile devices.

https://www.enisa.europa.eu/news/etl-2025-eu-consistently-targeted-by-diverse-yet-convergent-threat-groups

NIS2 Explained in Detail for Small and Medium-sized Enterprises

By / Blog / ,

NIS2 Directive mandates enhanced information security for around 29,500 German companies, impacting SMEs by shifting responsibility to top management. Key obligations include implementing an Information Security Management System (ISMS), risk management, compliance reporting, and business continuity plans with fines up to €10 million. The regulation integrates with existing laws like GDPR, creating a comprehensive governance framework essential for economic stability and supply chain security. Immediate actions for companies include assessing impact, establishing ISMS, embedding risk management, and ensuring management accountability.

https://morethandigital.info/en/nis2-in-detail-for-small-and-medium-sized-enterprises/

Understanding Your OT Environment: the First Step To Stronger Cybersecurity

By / Blog / ,

New guidance for operational technology (OT) aims to create a comprehensive ‘definitive record’ of OT environments to improve cybersecurity. This includes documenting system components, connectivity, architecture, supply chain access, and potential impacts of failures. Effective cybersecurity relies on visibility and management of sensitive information. The guidance, produced with international partners, encourages collaboration in maintaining updated records for informed decision-making.

https://www.ncsc.gov.uk/blog-post/understanding-ot-environment-1step-stronger-cyber-security

The 7 Cyber Security Trends Of 2026 That Everyone Must Be Ready For

By / Blog /

Cybercrime will become the world’s third-largest economy in 2026, driven by advanced AI, deepfakes, and quantum threats. Businesses face new, growing risks but have opportunities to strengthen defenses.

Main Trends for 2026

  1. AI Agents: Autonomous AI tools escalate both attacks and defensive responses, increasing risk and sophistication on both sides.
  2. Deepfakes: More convincing fake audio and video will make social engineering attacks easier and more common.
  3. Ransomware: Ransomware attacks will grow and evolve, aided by deepfakes, ransomware-as-a-service, and anonymous cryptocurrencies.
  4. Human Factor: Humans remain the weakest link; companies will focus more on employee training and building security awareness.
  5. Quantum Security: Quantum computing threatens current encryption; focus shifts to quantum-resistant encryption methods.
  6. Regulations: Governments introduce stricter reporting and resilience requirements for companies, but effectiveness is unclear.
  7. Cyberwarfare: Nation-state and terrorist cyberattacks grow, targeting infrastructure, sowing chaos, and using disinformation.

Organizations should invest in quantum-safe encryption, AI-driven security, and human training now to prepare for the escalating threat of cybercrime.

https://www.forbes.com/sites/bernardmarr/2025/09/26/the-7-biggest-cyber-security-trends-of-2026-that-everyone-must-be-ready-for/

Scroll to Top