Cybersecurity regulation insights

Helping you navigate the global cyber regulatory landscape

In today's interconnected world, regulators recognise organisations' direct impact on national security, public health and the global economy. Regulations serve as guardrails to help businesses stay resilient in the face of cybersecurity incidents to minimise disruption to operations.

Cyber regulations are proving to be a major driver for cybersecurity investment. Based on the 2025 Global Digital Trust Insights Survey,  96% of executives acknowledged that regulatory requirements have spurred them to enhance their security measures. Moreover, 78% believe that regulations have helped to challenge, improve or increase their cybersecurity posture. This indicates that, despite the difficulties of compliance, regulations are serving to further mature cybersecurity capabilities across industries.

Our insights from across the globe dive into the reasons for prioritising these regulations, detail key mandates in various regions and cover future trends with an eye toward how to prepare.

Office meeting

Explore insights on the latest cybersecurity regulations

With the European Union's commitment to digital sovereignty and resilience, cyber regulation in Europe continuously adapts to new threats and technological advancements. Compliance with European cyber regulations is essential for safeguarding personal data and critical infrastructure, as well as maintaining trust and credibility in the digital marketplace.

In Europe, cybersecurity regulation is rapidly evolving to address the complex threats posed by digitalisation. The European Union Agency for Cybersecurity (ENISA) plays a central role in supporting EU Member States in implementing and enforcing cyber regulations, providing guidance, expertise, and cooperation opportunities.

The emerging regulatory environment includes regulations such as NIS2, DORA, Cyber Resilience Act and the AIAct. While this introduces a complex regulatory environment especially when combined with US and APAC regulations, the guardrails that regulators put up can give organisations added confidence to explore, experiment, invent and compete. A new era of transparency and collaboration is on the horizon with public disclosure of cyber incidents and cyber practices. There will be increased responsibility placed on board members.

Learn more about EU cyber regulations:

Cyber regulation in the Americas encompasses a wide range of laws to address growing cyber threat challenges, protect individual privacy, and safeguard organisational security in the digital realm.

In the United States, key federal regulations governing cyber compliance and reporting include the SEC cyber disclosure rule, the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), the North American Electric Reliability Corporation Critical Infrastructure Protection plan (NERC CIP) and TSA security directives 1 and 2. At the state level, the New York Department of Financial Services (NYSDFS) Part 500 cyber regulation and the California Consumer Privacy Act (CCPA) regulations have been among the most influential.

In Canada, both privacy and cybersecurity regulations have been undergoing changes. Currently privacy regulations such as the Personal Information Protection and Electronic Documents Act (PIPEDA) sets out rules for the collection, use, and disclosure of personal information at a national level, while the provinces have established their own requirements. Cybersecurity regulations are defined by sector, and regulators such as OSFI continue to focus on topics like third party risk management, resilience, insider risk and foreign interference, proactive risk management and breach reporting. 

In Latin America, countries like Brazil, Mexico, and Argentina have enacted comprehensive data protection laws inspired by the European Union's General Data Protection Regulation (GDPR). These laws establish principles for the processing of personal data, grant individuals certain rights over their data, and impose obligations on organisations to protect personal information.

Learn more about the latest cyber regulation in the Americas:

With the rapid advancement of technology, and the increasing interconnectedness of societies, countries in the Asia Pacific region have recognised the need for robust cyber regulations to protect against cybercrime, data breaches and other malicious activities. These regulations are designed to establish clear guidelines for the collection, use and protection of personal data, as well as promote cybersecurity best practices across various sectors. Examples include Australia’s Privacy Act, Singapore's Personal Data Protection Act and the Cybersecurity Act.

Each country in the region has implemented its own set of laws and regulations to safeguard digital assets and ensure the trust and confidence of individuals and businesses in the online environment. By staying at the forefront of cyber regulation, the Asia Pacific region is actively working towards creating a secure and resilient digital ecosystem that fosters innovation and economic growth while mitigating the risks associated with cyber threats.

Learn more:

Learn more about

People going to work

The Future Secure: Bringing leadership and innovation to the forefront

Watch PwC's Global Cybersecurity Summit and hear from industry leaders, cybersecurity executives, and innovative thinkers from around the world, sharing their perspectives on the latest risks and threats, cyber regulation, cyber strategy, GenAI in cyber defence, and more.

Watch now

Global Cybersecurity & Privacy

Security at the epicentre of innovation.

Visit site

{{filterContent.facetedTitle}}

{{contentList.dataService.numberHits}} {{contentList.dataService.numberHits == 1 ? 'result' : 'results'}}
{{contentList.loadingText}}

Contact us

Sean Joyce

Sean Joyce

Partner, Global Cybersecurity and Privacy Leader, Risk Services leader, PwC US

Naren Kalyanaraman

Naren Kalyanaraman

Partner, Cybersecurity, Privacy and Financial Crime National Leader, PwC Canada

Grant Waterfall

Grant Waterfall

EMEA Cybersecurity & Privacy Leader, PwC Germany

Tel: +49 170 1553647

Sean King

Sean King

Partner, Cybersecurity and privacy, PwC Japan