summary
October 9, 2025 – NCC Group publishes the fourth edition of its Global Cyber Policy Radar, providing fresh insights into the rapidly evolving landscape of cybersecurity regulation and government policy around the world.
As geopolitical tensions reshape the digital realm, the fourth edition of Radar provides a strategic overview of the cyber law and regulatory trends that will define the next phase of global cyber governance. From the rise of offensive cyber capabilities. Strengthen supply chain monitoring. and the transition to post-quantum cryptography. This report provides business leaders with the foresight they need to navigate regulatory complexities and build future-proof cyber programs.
The latest edition also highlights the growing role of cybersecurity as an enabler of economic growth, with governments investing more than $6 billion in cyber defense while increasing the private sector’s responsibility to protect their countries’ digital environments. To put this investment into context, $6 billion in government spending on cybersecurity is equivalent to 62 F35C fighter jets. or 630 M1 Abrams tanks. or 1,670 MQ-1 Predator drones.
As policymakers look to post-quantum cryptography (PQC) challenges, this report includes spotlight interviews with Kevin Reifsteck, director of cybersecurity policy at Microsoft, and Javed Samuel, NCC group practice director for cryptographic services, exploring key highlights from government actions and how organizations should prepare for PQC.
“Cyber regulation is no longer just a compliance issue, it has become a strategic imperative,” said Kat Sommer, associate director of government affairs at NCC Group. “This Radar helps organizations understand not only what’s coming, but what it means for their business and how to respond in a way that builds resilience and competitive advantage.”
“Cybersecurity programs must adapt to a new era of geopolitics. Across governments around the world, national security, sovereignty, and interventionism dominate the cyber policy and regulatory agenda. Investment in offensive cyber capabilities is on the rise, but government-mandated rules and regulations are increasingly likely to impact organizations at multiple touchpoints.”
“The implications for business leaders overseeing cybersecurity programs are significant. Reactive, rule-by-rule compliance is no longer sufficient. Cyber governance is long-term and global, and must be flexible and considerate of governments’ rapidly changing and changing priorities.”
Verona Johnston-Hulse, head of government affairs at NCC Group, added: “2025 will be an unprecedented year of turbulence in the cyber landscape, with governments and organizations across all sectors facing increasingly sophisticated attacks. A large-scale supply chain attack has caused months of disruption, highlighting how intertwined cybersecurity is with economic and national security. Governments are now re-evaluating their role in protecting their organizations from attack. Reduces damage and strengthens own defense power.
“In an unpredictable geopolitical environment, we continue to pivot away from globalization. Growing concerns about foreign influence in critical infrastructure, data, and technology have re-emphasized the reshoring of critical supply chains, particularly in areas such as AI.Governments are also moving to strengthen the security of key supply chains, both through increased regulation and tighter procurement rules.Businesses need to: Understand what new protocols and due diligence are needed to meet evolving sovereignty requirements.
“At the national level, cybersecurity no longer only plays a defensive role. Governments are investing in offensive capabilities to thwart attacks and protect critical infrastructure, with President Trump pledging to invest $1 billion in offensive cyber operations. This increased attention is also driving discussion about the role of the private sector. In the future, we expect critical infrastructure operators to deploy proactive measures such as honeypots and other proactive cyber defenses.” This is an effort to strengthen overall resilience. ”
The main themes explored in Edition 4 are:
Transitioning from reactive compliance to strategic cyber governance The impact of ransomware pay bans and incident reporting requirements The global race to protect supply chains and critical infrastructure The urgency of preparing for PCQ transition, Microsoft expert insights
This report builds on NCC Group’s work as a trusted advisor to governments and regulators, providing expert analysis and practical guidance to CISOs, legal teams, and policy professionals.
Read the full report
Did you enjoy this great article?
Check out our free e-newsletter to read more great articles.
Subscribe
