Starting October 1, 2026, Connecticut’s new bill, Raised Bill No. 117, will require organizations to hire outside forensic experts and submit a detailed report to the state if they discover a data breach affecting at least 100,000 Connecticut residents. This only applies to Connecticut residents and excludes non-CT residents. For organizations across the U.S. handling Connecticut resident data, a single large breach could trigger Connecticut’s requirements regardless of location. For CISOs, CIOs, General Counsel, and privacy leaders, this bill demands immediate updates to incident response, forensics, and cybersecurity strategies.

Since the U.S. Department of Defense labeled Anthropic, the maker of Claude AI, a “supply chain risk,” the current administration has blacklisted Anthropic across all federal agencies after a disagreement about how the military can use the Claude platform. Anthropic refused to remove certain safeguards that block mass surveillance of Americans or powering fully autonomous weapons which resulted in the Pentagon putting Anthropic on a blacklist for all future defense work. Meanwhile, Claude became the top app on Apple’s U.S. App Store, even as the federal government ban took hold.

Recent industry reports indicate that, although global ransomware activity decreased slightly toward the end of 2025, the overall risk to organizations has not substantially declined. Attackers used the breathing room created by stronger backups and incident response capabilities to refine their operations, focusing on stealth, precision, and higher leverage over fewer but more lucrative victims. 

Cyber risk isn’t just an IT problem; it’s something every leader needs to take seriously. These days, regulators, customers, and insurers all want to see a clear, consistent plan for managing cyber security risks, not just a bunch of tools or one-off fixes. For CISOs, CIOs, compliance leaders, and IT directors, the question is no longer if to invest, but how to govern that investment through a disciplined framework.

Celebrate Data Privacy Week 2026 with JANUS Associates. Strengthen cybersecurity, reduce breach risk, and build a resilient data protection and privacy program.

Cybersecurity in 2025 moved decisively from “advanced persistent threat” to “always-on, AI-enabled risk,” especially for regulated, security‑sensitive sectors. Executives planning for 2026 should treat cyber as an integrated business risk discipline, not a series of point technology decisions.