NCC Group, a global cybersecurity company, has released the third edition of its Global Cyber Policy Radar report, revealing significant shifts in the cybersecurity regulatory environment following recent geopolitical changes.
The report emphasizes that governments worldwide are adopting a “war footing” in cyberspace. The NCC Group looked at how many speeches UK Defense Ministers, U.S. Defense Secretaries, and European UnionDefense Commissioners have given since the Russian invasion of Ukraine in early 2022. Analysis showed a steady increase, with cyber mentions in speeches nearly doubling between 2023 and 2024, despite changes in government leadership. The report specifically addresses the implications of the election of U.S. President Donald Trump, noting that while cyber resilience has historically received cross-partisan support, the “medium-term impact of U.S. withdrawal from global initiatives and reduced funding for key government agencies” remains to be seen.
“As the dust from the 2024 election cycle settles, geopolitical turbulence is impacting global approaches to cyber security and cyber policy,” stated Kat Sommer, NCC Group’s head of Government Affairs, in the company’s press release. “Pivotal discussions around global trade are causing ripple effects on international relations, while governments look inwards to reinforce their national cyber defences.”
Key Findings
The report highlights several important trends:
- Organizations considered nationally important should prepare for increased government intervention in cybersecurity practices and technology investments.
- Incident reporting requirements have grown considerably in scale and complexity.
- Over two-thirds of organizations believe supply chain cyber threats will increase in severity over the next 12 months.
- The industrial sector was the most targeted group in 2024, experiencing 1,424 ransomware attacks, an increase from 2023
Critical Questions for Organizations
NCC Group suggests organizations consider three critical questions:
- Will cyber rules be the exception in the global rollback of regulations?
- Has the era of global cooperation on AI safety come to an end?
- How far down the supply chain will regulatory requirements and liability be pushed?
The report also features a special section on operational technology (OT) regulation, as policymakers extend cyber rules to industrial organizations and implement more stringent regulatory controls in response to increasing cyberattacks targeting OT.
For organizations navigating this uncertain landscape, NCC Group emphasizes that investing in proactive cyber resilience is essential regardless of government requirements. “Failure to invest in proactive cyber resilience programmes not only puts future compliance at risk but will also hinder organizations’ resilience in the long term,” Sommer added.
NCC Group is a cyber and software resilience business operating across multiple sectors, geographies and technologies. With headquarters in the UK, but locations across the globe, NCC advises global technology, manufacturers, financial institutions, critical national infrastructure providers, and governments on the best way to keep businesses, software and personal data safe. The full report is available for download here.
