The UK Government has published its 2025/2026 Cyber Security Breaches Survey, which is drawn from information received from thousands of UK businesses. The 2025/2026 survey paints a picture of a cyber threat landscape that is stable in its scale but shifting in its character. The publicity surrounding high-profile incidents has not yet resulted in a […]
Crisis & Data Breach Response
The Era of AI-Driven Data Breaches Has Arrived
A recent lawsuit signals the rapid convergence of issues relating to artificial intelligence, vendor‑managed platforms, and individual arbitration in the data breach ecosystem. In Woodard v. OpenAI, Inc. & Mixpanel, Inc., Case No. 3:25-cv-10301 in the Northern District of California, Plaintiffs alleged that Mixpanel uses artificial intelligence technologies developed by OpenAI to collect user data. […]
Britain’s Financial Regulators Raise the Bar on Cyber Reporting and Resilience
Cyber risk has shifted from a technical issue to a systemic one and Britain’s financial regulators are making that reality unmistakably clear. On March 18, 2026, the Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA), and Bank of England announced a new, unified cyber and operational resilience framework that strengthens the requirements on how firms […]
Connecticut Proposes Mandatory Forensic Investigation and Reporting for Large Scale Data Breaches
Connecticut lawmakers have introduced legislation that, if enacted, would significantly expand breach-response obligations for organizations affected by large-scale cybersecurity incidents. As proposed, Raised Senate Bill 117 (SB 117), would create a new category of “massive” data breaches and impose mandatory forensic investigation and reporting requirements that go well beyond Connecticut’s existing breach notification framework. What […]
CISA Warns Organizations to Harden Endpoint Management Systems Following Cyberattack on Stryker Corporation
On March 18, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert (the Alert) urging U.S. organizations to harden their endpoint management systems following the March 11, 2026 cyberattack against medical technology firm Stryker Corporation (Stryker), which disrupted Stryker’s internal Microsoft environment. CISA stated that it is conducting enhanced coordination with federal partners, […]