Tag: Trends and Insights

Key Takeaways Introduction: what happened in the Carnival data breach? Carnival Corporation is one of the world’s largest cruise operators, with a portfolio of cruise brands serving customers across international markets. On 14 April 2026, Carnival Corporation said its IT security team identified unauthorized activity involving an employee account. According to the company, an unauthorized…

Recent regulatory activity in the US and UAE points to a bigger GRC trend: regulators are looking beyond policies and asking whether organizations can prove control across more areas of the business.  In the US, the Department of Justice announced a $549.5m False Claims Act settlement over alleged evasion of customs duties on Chinese aluminum extrusions. The…

Key takeaways Ireland’s Data Protection Commission has opened an inquiry into SHEIN Ireland over transfers of EU/EEA personal data to China. The DPC has said transfers to China are now an “important strategic priority,” and the inquiry will examine GDPR principles, transparency obligations, and Chapter V transfer requirements. This messaging makes this far more than…

Key takeaways / abstract Anti-bribery enforcement is not standing still. In the space of a few weeks, cases and enforcement activity across the UK, US and Middle East have pointed to the same issue: regulators are not just looking for policies. They are looking for proof that compliance programs work in practice. The Ultra Electronics…

Last week’s AI headlines did not just signal another round of model launches. They signaled a shift in cyber risk that business leaders should take seriously. In the space of a few days, Anthropic unveiled Mythos, OpenAI expanded trusted access to a more cyber-capable model for verified defenders and the UK government issued an open…

Recent ESG headlines are not pointing in one simple direction. In the U.S., the political environment has become less supportive of climate-related regulation under the current administration, but investor pressure has not disappeared. In the past week alone, investors pressed Amazon, Microsoft, and Google for sharper disclosure on the water and power demands of their…

On 31 March 2026 UK’s Information Commissioner’s Office (ICO), called on businesses to review their use of automated decisions in recruitment and published fresh expectations for organizations using automated decision-making in hiring. The regulator said it had engaged with more than 30 employees, wrote to 16 organizations likely to be using automated decision-making in candidate…

As many business leaders will have noticed, data breach headlines have come thick and fast in early 2026, but the bigger story is not just volume. It is pattern. Look across the year’s most visible incidents and the same problem keeps surfacing through different routes. Different sectors, different systems, different immediate causes, but the same…

Recent reporting suggests compliance leaders are entering a tougher phase. Regulatory fragmentation is pushing businesses away from self-declaration and toward verified data. Meanwhile AI, fraud, and rising complexity are turning compliance into a technology arms race just as already-stretched teams face tighter resources and mounting pressure to move faster. That is exactly why the idea…