Rising Concerns Over Proposed Changes to GDPR Reporting Rules
GDPR changes aim to ease compliance for small and mid-sized businesses by expanding exemptions from record-keeping requirements to companies with fewer than 750 employees and under certain revenue or asset thresholds. While the European Commission argues this will reduce bureaucracy and boost competitiveness, civil rights groups warn that loosening these obligations could undermine accountability and weaken protections for individuals’ data rights, especially if exemptions allow companies to process sensitive data without sufficient oversight. Industry groups like the Computer and Communications Industry Association (CCIA) contend that the reforms are too limited to address deeper structural issues within the GDPR framework, calling for broader harmonization and enforcement improvements. The debate highlights a tension between economic interests and data protection, as well as uncertainty about the direction of future GDPR reforms.
The Growing Cybersecurity Challenges for Community Banks
Despite being vital to local economies, community and midsize banks often lack the resources and expertise of larger financial institutions. These banks are particularly vulnerable to increasingly sophisticated cyberattacks due to a tendency to focus on compliance and post-incident response rather than proactive prevention, as well as their reliance on third-party vendors without adequate oversight. Underutilizing external cybersecurity experts and legal counsel, along with hesitancy to adopt advanced technologies like AI, further exposes these banks to risks — especially as cybercriminals themselves leverage AI to automate attacks and craft personalized scams. Ultimately, community banks need to shift toward a more proactive, layered defense strategy, emphasizing robust preventive measures, rigorous vendor management, and strategic engagement with new technologies to protect customer trust and their critical role in the financial system.
The Emerging Threats Discussed at RSA
The transformative impact of AI on cybersecurity topped the list from the RSA Conference 2025 of emerging threats. AI is now central to both cyber defense and attack, with businesses rapidly adopting autonomous "agentic AI" systems to automate tasks but also facing new vulnerabilities as these tools gain access to sensitive data. Major vendors are developing advanced AI-driven security platforms and integrating identity management and compliance features, while startups are innovating in AI model safety and insider risk management. The conference also spotlighted the shift toward platformization —integrated, all-in-one security solutions — and the growing need to protect operational technology as industrial systems become more connected and exposed to cyber threats. Organizations must evolve from traditional perimeter defenses to holistic, embedded security approaches, treating cybersecurity as a core business priority to navigate an increasingly complex and AI-driven threat landscape.
Fortra's PhishLabs
Discover how Digital Risk Protection from PhishLabs can protect your organization’s critical digital assets and data from these online threats.