Manchester, UK - April 2026 - NCC Group, a people‑powered, tech‑enabled global cyber security and resilience business, today released the fifth edition of its Global Cyber Policy Radar, revealing how intensifying geopolitical tensions, the growth of state‑led cyber operations and rapid AI adoption are fundamentally reshaping the global cyber regulatory landscape.
Drawing on NCC Group’s work as a trusted advisor to governments worldwide, the report shows that cyber policy is no longer a purely technical discipline, but a core instrument of national security, economic strategy and geopolitical influence. From supply‑chain controls to data sovereignty and offensive cyber operations, regulation is increasingly being shaped by how states seek to project power and manage risk in a more fragmented global order.
The Global Cyber Policy Radar identifies three major forces now driving cyber regulation globally:
- Digital sovereignty is fragmenting the global cyber landscape, with governments asserting greater control over data, cloud infrastructure, technology supply chains and critical services – often without a shared international rulebook.
- AI security is being enforced through existing cyber regulation, rather than new standalone AI laws, increasing scrutiny of how organisations deploy and secure AI across their digital estates.
- Cyber accountability is moving decisively to the boardroom, as regulators impose direct oversight and personal responsibility on senior leadership.
The report also highlights a significant shift in nation state cyber posture. Faced with persistent and disruptive cyber activity, governments are increasingly concluding that defence alone is insufficient. As a result, offensive cyber capabilities are moving from the margins to the centre of national security strategy.
Recent U.S. cyber operations, including activity linked to Iran, highlight how cyber capabilities are increasingly integrated into wider military and geopolitical strategy. This offence‑forward shift, now mirrored by a growing number of European states, raises critical questions about international cooperation, escalation risks and the role of the private sector.
In the absence of agreed international guardrails, the report warns that the expansion of offensive cyber activity risks further fragmenting cyberspace, complicating compliance for global organisations and increasing pressure on companies to engage with government‑led cyber efforts.
More broadly, as major frameworks such as NIS2, DORA, the EU Cyber Resilience Act, the AI Act and U.S. CIRCIA move into force or enforcement, organisations face heightened scrutiny of governance, resilience and board‑level decision‑making. The Global Cyber Policy Radar urges a proactive response: strengthening cyber governance, clarifying positions on public–private cooperation and ensuring boards are equipped to navigate a world where cyber risk, geopolitics and regulation are inseparable.
Katharina Sommer, Director of Government Affairs and Analyst Relations at NCC Group, said:
“Cyber policy has become an extension of geopolitics. As trust between states erodes, cyber regulation is increasingly shaped by national security concerns, supply‑chain risk and the use of cyber capabilities as a strategic tool.”
“Our latest Global Cyber Policy Radar shows that governments are no longer relying on resilience alone. From U.S. cyber operations linked to Iran to the expansion of offensive cyber capabilities across Europe, states are signalling that cyber is now a core component of deterrence and power projection.”
“For organisations, this fundamentally changes the operating environment. Digital sovereignty, offensive cyber activity and regulatory accountability are converging, placing new expectations on boards to understand not just compliance, but where their organisation stands when governments call for cooperation. Those that engage early, build evidence‑led resilience and put cyber firmly in the boardroom will be best placed to navigate this increasingly fragmented landscape.”