By: Kieran Doyle, Nicole Gabryk, Lana Remedi, Stephen Morrissey, Christy Mellifont, Joseph FitzgeraldIan Johnston, Sorawat Wongkaweepairot and Pippa Austin.

Issue 14 of our Cyber, Data and Technology Bulletin is out now, covering major developments for insurers, brokers and customers across APAC.

In Australia, we unpack the latest OAIC Notifiable Data Breach statistics, new enforcement action following the Vinomofo determination, and ACMA’s record penalty against Southern Phone for anti‑scam compliance failures. Mandatory ransomware payment reporting has entered its enforcement phase, and ASIO has issued firm warnings about escalating state‑sponsored activity targeting critical infrastructure and the private sector.

Cyber threats remain high, with sanctions on Russian cybercrime providers, increased pro‑Russia hacktivism impacting OT systems, and a rise in software supply chain compromises. AI governance is also in focus, with new ACSC/CISA guidance for AI in OT environments and the release of Australia’s National AI Plan.

Across APAC, regulatory scrutiny continues to tighten. New Zealand reports rising privacy complaints and breaches alongside its new Biometrics Code of Practice, while pushing for urgent Privacy Act reform. Thailand’s PDPC is increasing enforcement around breach‑readiness, and Singapore will require directors of critical infrastructure operators to complete mandatory cyber governance training.

We hope you find this edition both insightful and practical in navigating the ever-evolving cyber and technology landscape.

If you’d like to discuss any of the topics covered, please don’t hesitate to reach out to a member of our team or click here to find out more.