The deadline for European Union member states to pass the new EU NIS2 regulation into national law was October 17, 2024, yet only a few countries have transposed it into law, leaving others lagging behind, with regulations in draft or public consultation phases, or not at all. In the absence of certainty for firms (or what NIS2 calls entities), confusion is understandable, but steps can be currently taken considering what we already know.

When it comes to security, 2024 was unfortunately a standout year for the healthcare sector. Kroll found that the healthcare industry was the most breached, had fairly immature incident response practices, and unfortunately suffered numerous cyberattacks culminating in a year that left healthcare boards thinking deeply of the overall risk to their businesses.

The European Union’s (EU) AI Act (the Act) represents landmark artificial intelligence (AI) regulation from the EU designed to promote trustworthy AI by focusing on the impacts on people through required mitigation of potential risks to health, safety and fundamental rights. The Act introduces a comprehensive and often complex framework for the development, deployment and use of AI systems, impacting a wide range of businesses across the globe.

Note: These vulnerabilities remain under active exploitation and Kroll experts are investigating. If further details are uncovered by our team, updates will be made to the Kroll Cyber Risk blog. A critical authentication bypass vulnerability (CWE-288) affecting FortiOS and FortiProxy (FG-IR-24-535) allows remote attackers to obtain super admin privileges via Node.js WebSocket traffic.

For many organizations, their online presence is not only critical to their commercial success but a key element of how they manage public perception. Yet from typosquatting to domain hijacking, authentic business websites are at significant risk of exploitation, with serious potential consequences. Domain monitoring enables organizations to defend against these types of threats by identifying potential issues early and taking effective action to mitigate the risks.

Ivanti has disclosed vulnerabilities affecting Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS) and Ivanti Neurons for Zero Trust Access (ZTA) Gateways. According to Ivanti, CVE-2025-0282 has been exploited on a limited number of ICS appliances. There are no confirmed reports of exploitation for Ivanti Policy Secure or ZTA Gateways. There is no indication that CVE-2025-0283 is actively exploited or chained.

The software development life cycle (SDLC) process continues to present significant security risks to organizations and their customers. By proactively integrating security at the heart of application development, DevSecOps transforms how businesses identify and manage potential vulnerabilities when developing software.

Chances are, your business is already operating in the cloud. The rewards of moving into the cloud are undeniable - organizations can build and launch new services and add computing capacity more easily than on premises in a more cost-effective manner. The cloud is indispensable for growing at the speed of the market.

As cloud computing technologies are quickly have become mainstream due to the multitude of benefits that have transformed how we store, manage, and access data, the enterprise landscape is rapidly changing how they interact with data and applications. However, one of the overlooked and most misunderstood activities that must be performed to successfully leverage cloud computing technologies is the creation of a cloud computing security architecture.

Explore Our Latest Insights on Artificial Intelligence (AI). Learn More.