Regulation
Cybersecurity statistics about regulation
Showing 1-20 of 34 results
76% of healthcare practices say they are not ready for the proposed 2026 HIPAA Security Rule.
90% of organizations report high confidence in established frameworks such as GDPR.
89% of organizations expect increased regulation within five years or less, up from 66% in 2025.
Emerging global statutory fines reach up to €35 million or 7% of an enterprise's total global annual turnover.
78% of security leaders cannot generate the audit-ready evidence required by emerging frameworks like the EU AI Act.
There is a 20-point increase in organizations expecting new regulations within two to five years rather than beyond five years.
Nearly 70% of US CISOs and senior security leaders say they are actively following AI-related regulations or standards.
61% of organizations say the EU AI Act has already influenced AI investment strategies in the last 12 months.
US SELF DRIVE Act of 2026 requires the Secretary of Commerce to brief Congress on connected vehicle supply chain security within 180 days
US Commerce Department rule prohibits Chinese and Russian connected-vehicle software starting Model Year 2027
US connected vehicle hardware restrictions arrive for Model Year 2030 or January 1, 2029 for non-model-year components
US connected vehicle rule covers vehicles under 10,001 pounds
China's amended Cybersecurity Law took effect on 1 January 2026 (passed 28 October 2025) with raised penalties and extraterritorial reach
UK SI 2025/1110 mandates UN R155 and R156 for type-approval effective 13 November 2025
EU Delegated Regulation 2025/1455 extends UN R155 to L-category vehicles: new types compliant by 11 December 2027, existing types by 11 June 2029
35% of CNI organisations now cite regulation as the primary driver of maturity.
72% of consumers support stronger government regulations to force carrier action.
70% of CIOs expect new AI audit or explainability requirements within the next 12 months.
The number of victim notices in 2025 (278,827,933) is the lowest number of victim notices since 2014 and the lowest number since the last U.S. state and territories adopted data breach laws in 2018 (2025)
22% of IT leaders identified AI maturity and regulation as the second-largest disruptor in 2026.