CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Cybersecurity and data protection budget allocation challenges

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

Organizations continue to face internal budget conflicts between cybersecurity, data protection, and cyber-resilience initiatives, with 72% of security professionals reporting that data security has never been more critical. However, legacy network and perimeter security tools are actively impeding adequate data protection, as evidenced by over half of organizations lacking full vulnerability visibility and nearly half admitting their data security processes hinder competitiveness. Budget challenges are exacerbated by the need for modern data protection strategies that support AI adoption, as autonomous AI agents heighten risks of unintended data exposure. Traditional siloed solutions fail to provide the speed, flexibility, scalability, and AI readiness required today, with only 33% of organizations using tokenization—a critical capability for reducing risk while enabling data-driven innovation. The shift toward integrated strategies that protect data across cloud and AI environments is now a strategic imperative, with top priorities including protecting enterprise data at scale, improving security posture, and adopting proactive security measures. Prior context includes fragmented responsibilities across departments leading to silos, competition between prevention-focused cybersecurity and recovery-focused data protection teams, and leadership viewing security spending as an intangible cost. Regulatory pressures often drive compliance-focused strategies over resilience-focused ones, while modern threats like sophisticated ransomware and polymorphic malware demand unified approaches that align prevention and recovery.

Timeline

  1. 14.08.2025 17:00 2 articles · 8mo ago

    Organizations struggle with budget allocation for cybersecurity and data protection

    The Capital One Software/Forrester report (February 2026) quantifies how legacy network and perimeter security tools actively impede data protection efforts. 72% of security professionals acknowledge data security is more critical than ever, but investments in traditional tools (e.g., SASE, firewalls, VPNs, IDS/IPS) create visibility gaps (over 50% lack full vulnerability visibility) and operational inefficiencies that hinder competitiveness. Modern data security requires moving beyond static, perimeter-based approaches to address data movement across cloud and AI environments, with tokenization underutilized (only one-third adoption) despite its role in reducing risk and enabling data-driven innovation. AI adoption is directly threatened by inadequate data protection measures, as autonomous AI agents increase the risk of unintended data exposure.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

AI-Automated Exploitation Accelerates Threat Actor Capabilities

AI-driven automation is significantly reducing the cost and increasing the speed of cyber exploitation. Threat actors now use AI to accelerate reconnaissance, vulnerability discovery, exploit development, and operational tempo. This shift makes large vulnerability backlogs more dangerous, as attackers can exploit them faster. Boards and CISOs must address this by focusing on operational truth and reducing vulnerability exposure at the source. Regulatory pressures, such as the EU's Cyber Resilience Act (CRA) and Digital Operational Resilience Act (DORA), are increasing expectations for vulnerability handling and secure-by-design practices. Organizations must invest in reducing vulnerability backlogs to prevent operational disruption and legal liabilities.

Open in new tab

UK Introduces Cyber Security and Resilience Bill to Strengthen National Defenses

The UK government has introduced the Cyber Security and Resilience Bill, aiming to upgrade the 2018 NIS Regulations and bolster national cyber defenses. The bill proposes stricter security requirements for essential services, expanded incident reporting, and enhanced regulatory powers. It also includes new regulations for managed service providers and critical suppliers, with tougher penalties for serious offenses. The legislation follows multiple high-profile breaches and aims to address growing cyber threats, including those from AI and unsupported equipment. The bill aims to address annual damages of nearly £15 billion ($19.6 billion) from cyberattacks, with the average significant cyberattack costing over £190,000, totaling roughly £14.7 billion each year. The National Cyber Security Centre (NCSC) reported a 130% increase in "nationally significant" cyber incidents in 2025 compared to 2024. The Technology Secretary will have the authority to direct regulators and organizations to take actions when national security is threatened. Additionally, the UK has announced a new cybersecurity strategy backed by over £210 million ($283 million) to boost cyber defenses across government departments and the wider public sector. This includes establishing a dedicated Government Cyber Unit to coordinate risk management and incident response, setting minimum security standards, improving visibility of cyber risks, and requiring departments to maintain robust incident response capabilities. A new Software Security Ambassador Scheme will promote best practices, with major firms such as Cisco, Palo Alto Networks, Sage, NCC Group, and Santander joining as ambassadors. The UK has also announced plans to ban public-sector and critical infrastructure organizations from paying ransoms following ransomware attacks. The Public Bill Committee is asking for written views from industry experts to scrutinize the Cyber Security and Resilience Bill (CSRB). The CSRB is the long-awaited successor to the NIS Regulations 2018 and promises a NIS2-style revamp of UK cyber regulation for critical infrastructure sectors. The bill has completed its second reading in parliament and has reached the committee stage, where it will be subject to further review. The committee is expected to report by March 5, after which the bill will receive its third reading in the House of Commons, before reaching the Lords in spring/summer. Royal Assent is scheduled for late 2026. The bill seeks to implement several key updates to the NIS Regulations 2018, including an expanded scope to include MSPs, datacenters, large load controllers, and other organizations yet to be defined by regulators. The bill includes stricter rules around incident reporting timelines and a wider scope for reportable incidents. The bill mandates in-scope organizations to manage supply chain risk more proactively and meet 'proportionate and up-to-date security requirements' drawn from the NCSC Cyber Assessment Framework (CAF). The bill provides stronger powers for regulators and potentially higher penalties. Trend Micro's UK cybersecurity director, Jonathan Lee, welcomed the consultation and emphasized the importance of involving frontline workers in making the legislation effective. Lee noted several areas where the bill needs revising, including clearer risk-based definitions for managed services and critical suppliers, streamlined incident-reporting thresholds, consistency across regulators, and transparent information-sharing mechanisms. Mark Bailey, partner at Charles Russell Speechlys, agreed that there are significant gaps in the legislation, particularly in secondary legislation covering areas like incident reporting thresholds, critical supplier definitions, and managed service provider obligations.

Open in new tab

GitHub Strengthens npm Supply Chain Security with 2FA and Short-Lived Tokens

GitHub is implementing enhanced security measures to protect the npm ecosystem, including mandatory two-factor authentication (2FA) and short-lived tokens. These changes aim to mitigate supply chain attacks, such as the recent "s1ngularity", "GhostAction", and "Shai-Hulud" attacks, which involved a self-replicating worm and compromised thousands of accounts and private repositories. The measures include granular tokens with a seven-day expiration, trusted publishing using OpenID Connect (OIDC), and automatic generation of provenance attestations for packages. Additionally, GitHub is deprecating legacy tokens and TOTP 2FA, expanding trusted publishing options, and gradually rolling out these changes to minimize disruption. GitHub removed over 500 compromised packages and blocked new packages containing the Shai-Hulud malware's indicators of compromise. The company encourages NPM maintainers to use NPM-trusted publishing and strengthen publishing settings to require 2FA. Ruby Central is also tightening governance of the RubyGems package manager to improve supply-chain protections.

Open in new tab

Ray Security Launches Predictive Data Security Platform

Ray Security has emerged from stealth with $11 million in funding to address data security and data loss prevention (DLP) challenges. The company's predictive data security platform uses AI to anticipate data access needs and apply protection accordingly. The solution aims to tackle insider threats, ransomware, and AI data access governance issues. The platform differentiates itself by moving beyond reactive measures, analyzing historical usage patterns to predict future access requirements. This approach helps manage access control, reducing the risk of data breaches and compliance issues exacerbated by AI adoption. Ray Security's solution is designed to address the growing complexity of data security, particularly in environments with extensive AI integration.

Open in new tab

Chinese State-Sponsored Actors Target Global Critical Infrastructure

Chinese state-sponsored APT actors have **dramatically escalated cyber operations against Taiwan and expanded into Southeast Asia**, with Taiwan’s National Security Bureau (NSB) reporting **960,620,609 intrusion attempts** in 2025—a **6% year-over-year increase** and **112.5% surge since 2023**. The **energy sector** faced a **tenfold spike in attacks**, while **emergency/hospital systems** saw a **54% rise**, including **ransomware deployments** disrupting operations in at least **20 hospitals** and stolen medical data sold on dark web forums. In **February 2026**, Singapore’s Cyber Security Agency (CSA) confirmed that **UNC3886**—a China-nexus APT group—executed a **deliberate cyber espionage campaign** against all four of Singapore’s major telecommunications operators (**M1, SIMBA Telecom, Singtel, StarHub**). The actors **weaponized a zero-day exploit** to bypass perimeter defenses, deployed **rootkits for persistence**, and exfiltrated **technical network data**, though no personal customer data was compromised. Singapore’s **Operation CYBER GUARDIAN**—the country’s **largest and longest-running anti-cyber threat effort**—successfully disrupted UNC3886’s access, engaged **over 100 investigators from six agencies**, and expanded monitoring to **banking, transport, and healthcare sectors** to prevent lateral movement. This campaign underscores the PRC’s **growing focus on Southeast Asian critical infrastructure** alongside its long-standing operations in Taiwan and North America. The campaigns, attributed to **BlackTech, Flax Typhoon, Mustang Panda, APT41, and UNC3886**, leverage **hardware/software vulnerabilities, DDoS, social engineering, and supply-chain compromises**, often correlating with **PLA military drills, political events, and visits by Taiwanese officials**. Taiwan’s NSB is now collaborating with **30+ countries** on joint investigations, while advisories from **CISA, NSA, and allies** warn of a shift from espionage to **potential disruptive capabilities**. Earlier phases targeted **U.S. government agencies (CBO, Treasury, CFIUS)**, **European telecoms**, and global critical infrastructure via exploits in **Cisco, Ivanti, Palo Alto, and Citrix devices**.

Open in new tab