DataCenterNews Asia Pacific - Specialist news for cloud & data center decision-makers
Asia

Guides

#
disaster recovery
#
multi-cloud
#
power / energy
#
software defined wide area network
#
storage

Search

Illustration fortified digital network shield barriers protecting interconnected servers cloud symbols cyber resilience
#
Ransomware
#
Advanced Persistent Threat Protection
#
Supply Chain

Global cyber regulation moves from compliance to resilience

Fri, 10th Oct 2025
Author image
By Shannon Williams, Journalist

NCC Group has released the fourth edition of its Global Cyber Policy Radar, examining the significant changes in cyber security regulation and government approaches across the world.

The report draws on NCC Group's experience advising governments and presents an analysis of broad trends now shaping how countries and organisations respond to emerging digital threats. Key themes include the rise of offensive cyber capabilities, the impact of intensified supply chain regulations, and the challenges posed by the coming era of post-quantum cryptography.

Offensive capabilities

One of the major trends highlighted is the shift away from relying only on sanctions to deter cyber threats, moving instead toward proactive development of offensive cyber arsenals by governments. The report suggests a growing willingness among authorities to engage in law enforcement takedown operations and to build the capability to respond forcefully to malicious actors.

It raises the question of whether other nations will emulate Russia and China, which have both involved private sector entities in offensive cyber efforts. The redefinition of what actions are judged as 'permissible' may affect organisations operating critical infrastructure, who could be required to undertake additional measures such as the use of honeypots or active cyber defence techniques.

Compliance to governance

The Global Cyber Policy Radar argues that a reactive, rule-by-rule approach to compliance is becoming inadequate. Instead, it calls for long-term, globally minded governance that can adapt to rapidly evolving priority shifts set by governments worldwide.

Kat Sommer, Associate Director of Government Affairs at NCC Group, commented: "Cyber rules are no longer just a compliance issue, they're a strategic imperative. This edition of the Radar helps organizations understand not just what's coming, but what it means for their business, and how to respond in a way that builds resilience and competitive advantage."

Sommer added: "Cyber security programs must adapt to a new era of geopolitics. Across governments worldwide, national security, sovereignty and interventionism are dominating cyber policy and regulatory agendas. Investment in offensive cyber capabilities is on the up, while government-mandated rules and regulations are increasingly likely to affect organizations at multiple touchpoints."

Continuing, Sommer said: "The impact on business leaders overseeing cyber security programs is significant. Reactive rule-by-rule compliance will no longer suffice. Cyber governance must be long-term, global and account for - and be flexible to - governments' fast-moving and shifting priorities."

Financial responsibility

The report notes that although some governments have earmarked more than USD $6 billion for measures to bolster national cyber resilience, the expectation remains that individual organisations are accountable for their own digital security. The investment is contextualised by comparing it to the equivalent cost of 62 F35C fighter jets, 630 M1 Abrams tanks, or 1,670 MQ-1 Predator drones.

Despite this financial support, the private sector is expected to meet stricter security requirements without direct government funding for their own cyber security programmes, regardless of size or sector.

Supply chain scrutiny

The Radar discusses tighter supply chain regulations, as governments work to ensure greater technological autonomy and reduced reliance on foreign suppliers. This move towards greater sovereignty in critical infrastructure and technology is pressuring businesses to reassess the security protocols and due diligence they require for their own products, services, and supply partners.

Verona Johnstone-Hulse, Government Affairs Lead at NCC Group, said: "2025 has been a year of unprecedented turbulence in the cyber landscape, with governments and organizations across all sectors facing increasingly sophisticated attacks. Major supply chain attacks have caused months-long disruptions, highlighting how intertwined cyber security is with economic and national security. Governments are now reevaluating their role in protecting organizations from attacks, mitigating damage, and strengthening their own defense capabilities."

Johnstone-Hulse further commented: "Amid an unpredictable geopolitical environment, we are continuing to see a pivot away from globalization. Heightened concerns over foreign influence in critical infrastructure, data and technologies are driving a renewed emphasis on the reshoring of essential supply chains - particularly in areas like AI. Governments are also making moves to enhance the security of key supply chains - both through enhanced regulations and strengthened procurement rules. Businesses need to understand what new protocols and due diligence are required to satisfy evolving sovereignty requirements."

Johnstone-Hulse added: "On a national level, cyber security no longer just plays a defensive role. Governments are investing in offensive capabilities to deter attacks and protect critical infrastructure, such as President Trump's commitment to invest USD $1 billion in offensive cyber operations. This increased focus is also driving debate about the role of the private sector. In the future, operators of critical infrastructure could be expected to implement proactive measures, such as honeypots and other active cyber defense initiatives, to strengthen overall resilience."

Additional topics

The report contains several sections designed to inform organisations as they plan their future digital strategies. These include an overview of cyber regulations on the horizon, analysis of recent policy developments, and a focus on preparing for the post-quantum cryptography era. The latter features expert insight from NCC Group's cryptography practice and a Microsoft cybersecurity policy director.

Questions raised for stakeholders consider the future stringency and number of cyber security rules, the recognition of cyber security as a contributor to economic growth, potential national bans on ransomware payments, and the implications of new reporting and notification schemes for incident response and insurance arrangements.

NCC Group's report also introduces a cyber regulations maturity curve, encouraging stakeholders to assess the adaptability of their current cyber governance and to anticipate required changes in the coming months.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Arista & Palo Alto Networks launch new AI-era data centre security
Dell boosts PowerProtect with new cyber resilience updates
Commvault adds AI-powered automation for cleaner, safer recovery
Commvault unveils Unity platform for unified multi-cloud data protection
Seagate launches Exos storage for AI-ready enterprise workloads

Top stories

Equinix invests USD $22 million in Lagos data centre for Africa
Q-CTRL integrates Fire Opal with RIKEN to drive quantum research
Duality & Google Cloud launch confidential AI with GPU power
ZutaCore & EGIL Wings launch 15MW AI Vault for green data centres
Helm 4 marks 10 years with major features for Kubernetes