Data Privacy & Cybersecurity

HITRUST CSF v11.6 Assessment Creation Deadline

HITRUST has announced that effective August 22, 2025, all new e1 and i1 assessments must be created using CSF v11.6.0. Existing assessments using v11.5.1 can still be submitted, with a future deadline to be announced.

HITRUST 2025 H2 Threat Analysis on AI Tactics and Assessments

HITRUST released its 2025 H2 Cyber Threat Adaptive Report, indicating that its e1, i1, and r2 assessments effectively mitigate top attack techniques, including AI-driven tactics. The report analyzed threat indicators, intelligence articles, and breaches, mapping data to the MITRE ATT&CK framework.

ISO 20022 Becomes Standard for Cross-Border Payments

As of November 22, 2025, ISO 20022 is the mandatory standard for cross-border payments, replacing the MT message format. This change aims to enhance efficiency, data richness, and compliance for financial institutions worldwide, supporting G20 goals for international payments.

ISO 20022 Payments Standard Deadline Approaching

SWIFT has issued a notice reminding financial institutions that the ISO 20022 standard for cross-border payments will become mandatory on November 22, 2025, ending the coexistence period with older MT formats. Institutions must complete their migration and testing to avoid disruptions and potential charges.

ISO 20022: AI for Structured Postal Data Transition

SWIFT is providing an open-source AI solution to help financial institutions transition from unstructured to structured postal data for ISO 20022 payment messages. This is a mandatory change required by November 2026 to avoid message rejection and ensure data integrity for AML efforts.

NCSC Advises UK Organizations on Middle East Conflict Cyber Threats

The UK's National Cyber Security Centre (NCSC) has issued an alert advising UK organizations to review their cybersecurity posture due to the evolving conflict in the Middle East. The advisory highlights a heightened risk of indirect cyber threats and encourages organizations to implement enhanced monitoring and review their external attack surface.

CYBERUK 2026 Conference Announcement

The UK's National Cyber Security Centre (NCSC) has announced details for the flagship CYBERUK 2026 conference in Glasgow, scheduled for April 21-23. The event will focus on accelerating cyber defences and will feature international security chiefs and industry leaders. Registration for private sector delegates remains open until April 2, 2026.

NCSC Warns of Hacktivist DoS Attacks on UK Organisations

The UK's National Cyber Security Centre (NCSC) has issued a warning regarding persistent denial of service (DoS) attacks by Russian-aligned hacktivist groups targeting UK organisations, particularly local government and critical infrastructure operators. The NCSC urges organisations to review their cyber defences and resilience measures.

NCSC Alert: Cisco SD-WAN Exploited Globally

The UK's NCSC, along with international partners, has issued an alert regarding the exploitation of Cisco Catalyst SD-WAN devices. Threat actors are gaining root and persistent access, and organizations are urged to investigate potential compromises and apply security updates.

NCSC: Pro-Russia Hacktivists Target UK Organisations with DDoS Attacks

The UK's National Cyber Security Centre (NCSC) has issued guidance warning that pro-Russia hacktivist groups, particularly NoName057(16), continue to target UK organisations with DDoS attacks. The NCSC urges local government and critical infrastructure operators to review and harden their denial-of-service defences.