As of 30 May 2025, new cybersecurity reporting obligations under Part 3 of the Cyber Security Act 2024 have come into effect. These provisions introduce mandatory reporting for certain businesses that make ransomware or cyber extortion payments.

Following the high profile data breaches in 2022, Boards of businesses of all shapes and sizes are asking questions about their obligations in relation to privacy and cybersecurity.