Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

I've spent the last few months talking to partners and prospects across EMEA about the upcoming Cyber Security and Resilience Bill, and there's a common theme: everyone knows it's coming, but most aren't sure where to start. The conversations usually begin with "Is this just another compliance checkbox?" and end with "How do we actually implement this without ripping out our entire infrastructure?" Here's what I've learnt from these discussions.

The General Data Protection Regulation (GDPR) and the UK’s Data Protection Act 2018 (DPA 18) have transformed how businesses must handle personal data. With fines of up to €20 million or 4% of global annual turnover for non-compliance, organisations cannot afford to take data protection lightly. The law‑firm DLA Piper reports that by January 2025 the total fines across Europe since GDPR came into force stood at €5.88 billion.

On October 15, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive ED 26-01, ordering federal agencies to mitigate a significant security breach involving F5 BIG-IP products. F5 disclosed that nation-state threat actors maintained long-term unauthorized access to internal systems, exfiltrating: This breach represents a major risk to organizations running F5 devices, especially those with exposed management interfaces or unpatched systems.

When the Australian Signals Directorate (ASD) reports that a cyberattack hits an Australian organisation every six minutes, it's clear we need more than crossed fingers and hope to protect our digital assets. That's where the Essential Eight comes in—Australia's homegrown cybersecurity framework that's helping organisations across the country build stronger defences against increasingly sophisticated threats.

The EU Cyber Resilience Act (CRA) and the Digital Operational Resilience Act (DORA) are shaping the regulatory landscape for cybersecurity in Europe and across the globe. While DORA focuses on the financial sector and ICT providers, the upcoming CRA will extend requirements to all digital products and services, emphasizing secure-by-design practices and software resilience.

The UK government’s plan to introduce mandatory digital ID cards has sparked widespread debate, with critics warning of privacy concerns, cybersecurity risks, and potential government overreach.

Over the past decade, data has evolved from being an operational byproduct to becoming one of the most valuable assets of any business. The explosion of IoT devices, cloud applications, and AI-driven systems has generated unprecedented volumes of personal and non-personal data. Alongside this growth, regulations in the EU have progressed in step.

Public sector organizations face unprecedented cybersecurity challenges as artificial intelligence reshapes how adversaries launch attacks. Threat actors now use AI to execute large-scale, highly personalized phishing campaigns, automate the discovery of vulnerabilities, and evade detection faster than traditional defenses can respond.