Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants.
Dr Valerie Lyons to speak at prestigious RSA 2026 Conference
BH Consulting Chief Operations Officer Dr Valerie Lyons has been selected to speak at the renowned RSAC Conference 2026, which takes place from March 23-26 in San Francisco. In 2022, Dr Lyons was the first woman in Ireland to be selected to speak at RSA, and for this year, she was one of 250 speakers chosen from a field of more than 2,500 submissions, succeeding against a 90% rejection rate. The rigorous process for judging applications to present at RSA means speakers must dedicate considerable time and effort to preparing their submissions, analysing previous years’ talks to identify topics likely to interest the programme selectors. Dr Lyons’ session in 2026 will focus on Dignity by Design, which is a human-rights-aware cousin of Privacy by Design.
EU aims to bolster resilience with upgraded Cybersecurity Act
The European Commission has unveiled a comprehensive cybersecurity package aimed at strengthening the EU’s resilience against escalating cyber and hybrid threats targeting critical infrastructure, public services and democratic institutions. The proposal, published on 20 January 2026, includes a revised Cybersecurity Act and targeted amendments to the NIS2 Directive, aimed at enhancing the bloc’s collective cyber-defence capabilities.
A key objective of the updated Cybersecurity Act is to fortify the security of the EU’s ICT supply chains. In its statement, the Commission said that, once adopted, the new Act will enable the EU to list high-risk third countries, and consequently companies, identify strategic sectors, and exclude those organisations from their ICT supply chain. The measures also aim to reduce administrative burdens on companies, streamline incident reporting and reinforce the role of the EU’s cybersecurity agency ENISA. The proposals now move to discussions in the European Parliament and EU Council.
Infosecurity Magazine’s report on the package noted that the original 2019 Cybersecurity Act was criticised for excluding small and medium businesses due to costs, along with the slow rollout of certification schemes. The intervening years have seen AI threats become much more prominent, as well as heightened geopolitical tensions. Meanwhile Euronews led with the risk from technology suppliers to mobile networks in the EU. It noted that enforcement of the new rules wouldn’t be in place for some years.
Data protection and privacy roundup: Omnibus not optimal, AI accountability, social scams
Proposed reforms under the Digital Omnibus initiative could significantly narrow the definition of personal data and weaken core GDPR protections if adopted. That’s the view of the European Data Protection Board and European Data Protection Supervisor which issued a joint opinion in February, arguing that several measures risk reducing fundamental privacy rights. They warned the reforms could create legal uncertainty and undermine established case law, particularly around personal data scope, AI decision-making safeguards and access rights. While supporting efforts to streamline compliance, the authorities called for revisions to the most contentious proposals in order to preserve robust data protection standards.
Ireland’s Regulation of Artificial Intelligence Bill 2026 implements the EU AI Act in Irish law, creating a full national framework to govern AI. It establishes the independent AI Office of Ireland as national hub, coordinator and market surveillance authority, using a distributed model that relies on existing sectoral regulators. The Office will oversee enforcement, sandboxes and guidance, with strong accountability rules, affecting all organisations that develop, deploy, import or distribute AI systems. The Irish Computer Society called it “one of the most significant developments in national technology governance in recent years”, and said it would make Ireland become a “leading EU jurisdiction for responsible AI regulation”.
Meanwhile the largest global collaboration on AI safety to date, the second International AI Safety Report, was published this month. It is the next iteration of the comprehensive review of the latest scientific research on the capabilities and risks of general-purpose AI systems. It features contributions from over 100 AI experts, led by Turing Award winner Yoshua Bengio. The report is supported by more than 30 countries and international organisations.
Social media platforms make close to €4.4 billion every year from scam ads targeting people in Europe, and around 10 per cent of all social media advertising revenue in 2025 came from fraudulent advertising. That’s the key finding of a Juniper Research study carried out for Revolut, the online bank. It said users in Europe were served close to one trillion scam ads in 2025. In Ireland, scam ads earned perpetrators €32 billion, and the average cost to victims was just over €1,500.
The European Court of Justice has found in favour of WhatsApp Ireland, allowing it to challenge a €225 million fine over GDPR breaches. The original fine of €50 million via the Data Protection Commission was subsequently increased to the larger amount by the European Data Protection Board. The case has been referred back to the General Court, the EU’s second-highest court, to rule on its merits.
Links we liked
“Time to treat cybersecurity incidents … like preventable disasters.” MORE
Security leader Tarah Wheeler bemoans the lack of an industry best practice. MORE
Useful explainer on cloud security posture management from the UK NCSC. MORE
Canada’s Centre for Cybersecurity shares its outlook for ransomware. MORE
Allison Nixon has an excellent deep dive on the Shinyhunters gang. MORE
Bugcrowd’s insight into how hackers’ minds work. MORE
The best defence is..? Why many states are adjusting their cyber strategies MORE
DDoS attacks doubled in 2025 compared to the year before, says Radware. MORE
Podcast: Tenable’s Thomas Parsons on spotting security talent. MORE
PowerShell scripts for checking secure boots. MORE
Have you signed up to our monthly newsletter? Every month we send out the latest cybersecurity and data protection news, trends and advice from around the globe.
Sign up here
