← Back to Blog
Regulation
March 17, 2026
10 min read
France ANSSI Reports Ransomware Drop Under NIS2, UK Companies House GDPR Breach Exposes Millions, Cyber-Attacks Surge 36%
NIS2 enforcement and Operation Endgame drive France's ransomware decline. UK's Companies House WebFiling flaw exposed 5 million directors' data in a major GDPR breach. UK cyber-attacks leap 36% year-over-year while Police Scotland draws a £66,000 ICO fine. CISA issues emergency directive for critical infrastructure.
Is your organization NIS2-compliant?
KENSAI scans your infrastructure against NIS2, DORA & GDPR requirements automatically.
Check Compliance →
128
Ransomware attacks in France 2025 (down from 141)
36%
YoY increase in UK cyber-attacks
5M
Directors exposed in Companies House breach
£66K
ICO fine for Police Scotland GDPR violation
1. France ANSSI: Ransomware Drops as NIS2 and Law Enforcement Bite
France's national cybersecurity agency ANSSI released its 2025 annual threat report on March 11, revealing a modest but meaningful decline in ransomware attacks — from 141 incidents in 2024 to 128 in 2025. While the raw numbers may seem incremental, ANSSI attributes the improvement directly to two forces: proactive cyber defense under NIS2 frameworks and large-scale law enforcement operations, particularly Operation Endgame.
What the Numbers Show
- Qilin was the most prevalent ransomware strain at 21%, followed by Akira (9%) and LockBit 3.0 (5%)
- Over a dozen new strains — including Nova, Warlock, and Sinobi — appeared for the first time in 2025
- SMBs remained the most targeted, but healthcare and education saw the biggest year-over-year increase
- Data exfiltration incidents rose significantly, though 58% of claimed leaks were false or recycled data
- DDoS attacks against French organizations dropped notably
NIS2 Connection
ANSSI's data provides the first concrete evidence that NIS2-driven preparedness measures are reducing attack success rates across EU member states. France's implementation of NIS2 transposition measures — mandatory incident reporting, supply chain security requirements, and board-level accountability — appears to be creating measurable friction for ransomware operators.
NIS2 Key insight: ANSSI Director General Vincent Strubel emphasized that the blurring lines between nation-state actors and cybercriminals is complicating attribution. Groups now share tooling and divide tasks, making it harder to distinguish APT operations from financially motivated attacks.
2. UK Companies House: WebFiling Flaw Exposes 5 Million Directors
The UK's Companies House — the government registry for all British companies — was forced to take its WebFiling dashboard offline on March 14 after security researcher Dan Neidle exposed a devastating vulnerability. The flaw was trivially exploitable: log in with your own credentials, attempt to file for another company, press back when prompted for authentication — and land on that company's dashboard instead of your own.
GDPR Implications
- 5 million directors' data potentially exposed: email addresses, dates of birth, home addresses
- The flaw also allowed modifying company registration details, enabling potential fraud, new bank accounts, and borrowing in another company's name
- No notification was sent to the affected company when changes were made
- The vulnerability had been present since at least October 2025 — nearly 5 months undetected
- Companies House must now investigate whether it had adequate GDPR-compliant audit logging and whether breach notification timelines were met
⚠️ Regulatory Exposure
Under UK GDPR (retained from EU law), Companies House faces potential ICO enforcement action. The failure to implement basic access controls on a system holding millions of personal records, combined with the months-long exposure window, suggests inadequate technical and organizational measures under Article 32. Small businesses with few internal checks are most vulnerable to follow-on fraud.
3. UK Cyber-Attacks Surge 36% — Four Times the Global Rate
Check Point's February 2026 Global Threat Intelligence report reveals a stark divergence: while global cyber-attacks grew 9.8% year-over-year, UK organizations saw a 36% spike — nearly four times the global rate. UK firms faced an average of 1,504 attacks per week, with education, energy, government, healthcare, and financial services bearing the brunt.
Why This Matters for Regulation
- NIS2 context: While the UK is no longer bound by EU NIS2, its domestic Network and Information Systems Regulations mirror many requirements. The attack surge validates the urgency of compliance-driven security investment
- Ransomware: 49 discrete ransomware groups operated in February alone. UK accounted for 3% of victims globally, behind the US (51%) and Canada (6%)
- Shadow AI risk: 88% of organizations using GenAI tools faced high-risk data exposure. One in 31 prompts leaked sensitive information. Average enterprises used 11 different GenAI tools — mostly unmanaged by IT
- DORA relevance: With financial services among the most attacked sectors, firms under the Digital Operational Resilience Act face heightened scrutiny on ICT risk management and incident reporting
4. Police Scotland: £66K ICO Fine for Egregious GDPR Failure
The UK Information Commissioner's Office fined Police Scotland £66,000 after the force shared the entire contents of a victim's phone — including medical records, intimate photos, and family contacts — with the colleague she had accused of rape. The data was extracted during an internal misconduct investigation and erroneously passed to the accused officer.
GDPR Violations Identified
- Failed to implement appropriate technical and organizational measures for data security
- Failed to minimize data to what was strictly necessary for the investigation
- Failed to ensure staff followed clear guidance and procedures for handling sensitive information
- Failed to report the breach to the ICO within the mandatory 72 hours
The victim has been diagnosed with PTSD. The case underscores that GDPR enforcement extends well beyond corporate data breaches — law enforcement agencies face identical obligations when processing personal data.
5. CISA Emergency Directive: Cisco SD-WAN and Critical Infrastructure
CISA issued Emergency Directive 26-03 ordering all federal agencies to urgently patch Cisco Catalyst SD-WAN infrastructure following active exploitation of CVE-2026-20127 (CVSS 10.0). The vulnerability allows unauthenticated attackers to gain administrative access to SD-WAN systems managing distributed government networks.
Regulation Angle
- The directive mandates forensic evidence collection, external log configuration, and compromise hunting — requirements that mirror NIS2 Article 23 incident response obligations
- Federal agencies must report remediation status by March 23, 2026
- While the directive targets US agencies, the same Cisco infrastructure is deployed across EU critical infrastructure entities now subject to NIS2 essential entity requirements
- Organizations under DORA using Cisco SD-WAN should treat this as a mandatory ICT risk assessment trigger
Regulation Status Dashboard — March 2026
| Regulation |
Status |
This Week's Impact |
| NIS2 |
Enforcement active across EU |
ANSSI data shows first evidence of ransomware reduction linked to NIS2 preparedness |
| GDPR |
Fully enforced (UK & EU) |
Companies House breach + Police Scotland fine demonstrate ongoing enforcement intensity |
| DORA |
Applied since Jan 17, 2025 |
Financial sector among most attacked in UK surge — ICT resilience testing urgency increases |
| EU AI Act |
Phased enforcement through 2027 |
Shadow AI risk data (88% of orgs exposed) underscores urgency of AI governance frameworks |
| CRA |
Transitional period until 2027 |
ENISA's SBOM and supply chain security consultation deadline approaching |
What Organizations Should Do This Week
- Patch Cisco SD-WAN immediately — CVE-2026-20127 is a CVSS 10.0 under active exploitation. NIS2 essential entities cannot wait for standard patch cycles
- Audit access controls on public-facing systems — The Companies House bug was trivially exploitable. Test your own customer portals for similar session management flaws
- Review data minimization practices — The Police Scotland case shows that extracting "everything because it's faster" violates GDPR Article 5(1)(c). Only collect what's necessary
- Inventory GenAI tool usage — With 88% of organizations leaking data through AI prompts, DORA and EU AI Act compliance requires governance of shadow AI
- Respond to ENISA's SBOM consultation — The call for feedback on supply chain security and package manager guidance closes soon. NIS2 and CRA compliance depend on software supply chain visibility
Stay Compliant with NIS2, DORA & GDPR
KENSAI continuously scans your infrastructure for regulatory compliance gaps. Automated vulnerability assessment, NIS2 readiness checks, and real-time alerts when new critical CVEs affect your systems.
Start Free Compliance Scan →
← Back to Blog