The number of victim notices in 2025 (278,827,933) is the lowest number of victim notices since 2014 and the lowest number since the last U.S. state and territories adopted data breach laws in 2018 (2025)

22% of IT leaders identified AI maturity and regulation as the second-largest disruptor in 2026.

Nearly three-quarters (73%) of respondents globally reported feeling that government regulation of AI to protect their identity data online is important.

74% of Indonesians said government regulation of AI is incredibly important (the highest rate).

35% of respondents from the Netherlands said government regulation of AI is incredibly important.

In Sweden, only 31% of respondents said government regulation is incredibly important (the lowest rate).

69% of security professionals think current laws are still not strict enough.

Only one-fifth of OEMs are implementing a compliance plan for the EU Cyber Resilience Act. This is also stated as nearly one-fifth of respondents who admit they have no compliance plan regarding cybersecurity regulations.

More than half of OEMs claim to comply or plan to comply with cybersecurity regulations.

A fifth of OEMs are unsure of which regulations or standards apply regarding cybersecurity.

44% of financial institutions cited complying with cyber security regulations as the single most pressing challenge.

25% of businesses cited changes in legislation and regulation as a key business risk.

58% of UK CISOs report that regulations put enhanced pressure on their wellness.

79% of UK CISOs report that the implementation of regulations has had an impact on their mental health.

77% of UK CISOs feel that their IT budget is not completely reflected by their board’s objectives to meet regulatory requirements.

57% of CISOs prioritize regulation and compliance knowledge, compared to 44% of board members.