Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants.
FBI alert: cybercrime figures hit new highs
The latest FBI Internet Crime Complaint Centre (IC3) annual report is out, and the numbers make for brutal reading. Losses from cybercrime in the USA reached $20.9 billion in 2025, a 26 per cent jump from the year before. Coverage in CyberScoop led with the alarming trend that cumulative cybercrime losses over five years from 2020 to 2025 exceeded $71.3 billion: a jump of nearly 400 per cent from the $4.2 billion recorded in 2020.Where did the money go? Investment fraud was the biggest category of reported losses with $8.6 billion, followed by business email compromise ($3 billion) and tech support scams ($2.1 billion).
For the first time, the 2025 IC3 report included a dedicated section on AI. Scammers deployed fake social profiles, voice clones, forged documents, and deepfake videos leading to nearly $893 million in losses. As The Register noted, AI-powered business email compromise (BEC) seems to be where the serious money is. Meanwhile, reported ransomware complaints generated losses exceeding $32 million, up by 259 per cent compared to 2024. The FBI acknowledged those figures don’t include downtime, forensic costs, legal exposure, and reputational damage. Healthcare, manufacturing, and government sectors were the worst hit, the agency said. In a blog, a US IT provider Emerge made an excellent point: behind the staggering figures are real-world stories of regular businesses. That might be a company that sent funds to the wrong account or a hospital denied access to its patient records. The full report is available at ic3.gov and the FBI’s press release doubles as a useful executive summary.
Data protection and privacy roundup: Facing biometric privacy risk; Big Tech suspicion grows
A trial of live facial recognition on the Dublin-Holyhead ferry route scanned thousands of passengers and found no matches. Over three days, the UK Home Office checked 6,335 passengers against a watchlist of known offenders. The news adds to doubts about the accuracy and proportionality of technology described in the Irish Times as “controversial”. Earlier trials also produced few alerts, despite large numbers of faces scanned. Privacy campaigners have previously raised concerns about the technology.
Suspicion of Big Tech also emerged from a recent survey for Politico. In a poll of more than 6,698 adults in six EU countries, 84 per cent said they don’t trust US companies with their data, and 93 per cent feel similarly about China-based operators. European firms fared better, with 51 per cent of respondents trusting them. For context, the survey comes amid early attempts in Europe to wean itself off technology developed elsewhere and try to move towards digital independence.
Meanwhile, the .ie Domain Registry has launched Digitaltrust.ie, a quality mark aimed at building confidence in a company’s online presence. And even as the AI Act comes into force, GDPR will remain a central part of regulating AI, the Law Society’s annual conference heard.
Cybersecurity Act 2.0: How will it affect Irish SMEs?
Many digitally connected SMEs in Ireland could be affected by the EU’s proposed update to the Cybersecurity Act (CSA 2.0), even if they fall outside its direct scope. A new report from Digital Business Ireland, published in collaboration with BH Consulting, predicts “substantial” knock-on effects through supply chains, procurement requirements and investment decisions.
The report covers emerging compliance and certification requirements for companies, and identifies risks that are real but manageable with early preparation. The document also outlines six practical steps SMEs can take now, including risk assessments, aligning with recognised standards, and exploring EU cybersecurity certification. The report is free to download here.
Links we liked
Anthropic announces Mythos, a powerful AI that sent the security sector into a spin… MORE
- … and Project Glasswing is the closed industry group testing their products. MORE
- …the Cloud Security Alliance rallied experts to brief security leaders on Mythos. MORE
- …while the UK AI Security Institute has this evaluation of Mythos’ abilities. MORE
- …and Mozilla has a “hopeful” take on the vertigo-inducing news. MORE
Analysis of cybercrime forum chat shows how hackers think about AI. MORE
Jake Epstein has mapped and classified 322 security startups from RSA 2026. MORE
Cybersecurity has a seat at the board, but is anyone sitting in it? MORE
UK NCSC advice: abandon passwords in favour of passkeys. MORE
Why phishing simulations don’t build a security culture MORE
Have you signed up to our monthly newsletter? Every month we send out the latest cybersecurity and data protection news, trends and advice from around the globe.
Sign up here
