Cyber assaults reign supreme among international business anxieties, according to Kroll's findings

Cyber assaults reign supreme among international business anxieties, according to Kroll's findings

Global Businesses Brace for Evolving Cybersecurity and Privacy Regulations

In a world where cyber threats loom large, a recent survey by advisory firm Kroll has revealed that businesses worldwide are grappling with increasingly complex and evolving regulations surrounding cybersecurity and privacy compliance.

Kroll's survey, conducted in February and involving 1,200 respondents from over 20 countries, predicts cyberattacks as the most significant threat for businesses in the coming year. The survey provides insights into how businesses are thinking about and dealing with these concerns as global tensions escalate.

One striking finding is the heightened awareness of compliance challenges among European companies. Despite the European Union enacting some of the strictest privacy regulations, European companies were, on average, the least confident in their compliance capabilities. This likely reflects a greater awareness of compliance challenges, as they study new U.S. privacy requirements coming online at the state level.

The survey also sheds light on the challenges businesses face in navigating this complex regulatory landscape. Among these challenges are managing multiple overlapping regulations, adapting to new AI-related rules, handling increased enforcement actions, and integrating privacy into organizational culture and technology.

Malware and data extortion are specific fears cited by nearly half and more than a third of the respondents, respectively. Roughly three-quarters of respondents said their cybersecurity and privacy concerns had increased over the past year.

Despite these concerns, less than half of companies concerned about compliance have taken steps to prepare. These steps might include increasing budgets, expanding teams, upskilling workforce, or hiring external experts. The average business gave itself a 7.4 score out of 10 in terms of preparedness for compliance with these new rules.

The expansion and strengthening of privacy laws worldwide is a key trend in this landscape. For instance, the General Data Protection Regulation (GDPR) in the EU, various US state-level privacy laws (including updates to the California Consumer Privacy Act), and stricter international data transfer protocols are all introducing enhanced rights for individuals, like data access, deletion, and breach notification requirements.

The introduction of new AI and technology-specific regulations is another trend, responding to emerging risks from artificial intelligence, automated decision-making, and advanced data analytics. Companies must comply with both traditional privacy laws and new AI frameworks, increasing regulatory complexity.

Greater federal enforcement and cybersecurity reporting requirements, especially in the US, intensify oversight on companies’ cyber incident responsiveness and data protection practices. The rising importance of operational resilience frameworks, particularly in financial services, also demands robust cybersecurity and third-party risk management.

Cross-border data privacy is becoming a strategic business priority, requiring organizations to adopt privacy-by-design, enhance internal education, share accountability, and develop adaptable data governance to meet differing territorial laws and international data sharing protocols.

Financial-services companies and technology firms face specific scrutiny under various regulations. Financial-services companies, for example, must comply with the EU’s Digital Operational Resilience Act (DORA) and the U.S.’s Gramm-Leach-Bliley Act (GLBA), which regulates customer data confidentiality and sharing. Technology firms, often acting as critical ICT service providers, must align with multiple regulations globally, including GDPR, ePrivacy, and emerging AI laws, while ensuring product and service design embeds privacy and security by default.

In summary, businesses worldwide—and especially financial and technology companies—are navigating an escalating and intertwined set of cybersecurity and privacy regulations in 2025. Success depends on proactive governance, cross-disciplinary collaboration, continuous compliance monitoring, and agility to adapt to evolving laws and enforcement environments.

1. Businesses worldwide are dealing with intensified cybersecurity and privacy compliance challenges as global regulations become increasingly complex and evolve.
2. Malware and data extortion are major concerns that nearly half and more than a third of respondents, respectively, have cited in the face of these regulatory changes.
3. Despite the heightened awareness of compliance challenges, particularly in Europe, less than half of companies concerned about compliance have prepared by increasing budgets, expanding teams, upskilling workforce, or hiring external experts.
4. Cross-border data privacy is emerging as a strategic business priority, requiring organizations to adopt privacy-by-design, enhance internal education, share accountability, and develop adaptable data governance to meet differing territorial laws and international data sharing protocols.
5. Financial-services companies and technology firms, particularly those in the European Union and the United States, are under specific scrutiny and must comply with multiple regulations, including GDPR, DORA, GLBA, ePrivacy, and emerging AI laws, ensuring product and service design embeds privacy and security by default.

Read also: