Power of Data - Q3 2025

Power of Data

“Cybersecurity

Amanda Finch, CEO, Chartered Institute of Information Security Page

Why data protection demands global action: UN’s cybercrime treaty explained

Cybersecurity investments prevent financial losses, yet global security remains fragmented. The UN’s new cybercrime treaty enhances international cooperation, tackling threats, protecting vulnerable groups and strengthening digital resilience worldwide.

Traditional investments focus on financial growth and efficiency while cybersecurity investments aim to prevent financial losses, disruptions and reputational damage. This leads to the concept of Return on Security Investment (ROSI), where the value lies in loss prevention rather than profit.

Underinvestment in security creates industry-wide disparities, with vulnerabilities potentially impacting the entire digital ecosystem.

Organisations vulnerable to cyber threats

As cyber threats grow in sophistication and frequency, fragmented security measures leave organisations and nations vulnerable. A global, coordinated response is no longer optional but an imperative. Only through an international cybersecurity treaty can we establish the collective defence necessary to protect digital infrastructure and ensure global resilience.

A landmark step: the UN Convention against cybercrime

In December 2024, the UN General Assembly, adopted by consensus the Convention Against Cybercrime, marking the first global treaty of its kind. This landmark agreement strengthens international cooperation in countering cyber threats.

With nearly 70% of the world’s population online, cybercriminals leverage malware, ransomware and hacking to compromise digital systems, many times targeting individuals, businesses and governments.

While trying to meet these risks, the Convention promotes fast electronic evidence exchange, cross-border investigation and international legal cooperation. It will enhance the tracking, investigation and prosecution capabilities of law enforcement through a 24/7 network with cooperation in mutual legal assistance, asset recovery and extradition.

Strengthening protections for vulnerable groups

The recent Convention marks a monumental step forward in safeguarding the wellbeing of children in the digital age. By addressing the pervasive issue of online exploitation, this global agreement establishes a robust framework for governments to tackle the various threats facing minors in cyberspace.

Not only does the treaty reinforce legal measures to combat harmful activities targeting children online, but it also underscores the importance of providing comprehensive support to victims. From offering recovery services and compensation to swiftly removing illicit content, the emphasis is on ensuring that those impacted by cybercrime receive the necessary assistance to navigate through challenging times.

With this Convention, nations now have a structured mechanism to combat cybercrime. Businesses operating in the global digital economy must align their security strategies with these international efforts to strengthen cyber resilience.

Cybersecurity threats, incidents and how to deal with them

In today’s digitally dependent world, cybersecurity is no longer just an IT issue — it’s everyone’s responsibility.

With local authorities increasingly reliant on online services, the threat of data breaches, fraud and disruption is ever-present. From phishing scams to system vulnerabilities, practical advice can help public sector staff stay alert, reduce risk and build resilience.

Cybersecurity: practical guidance for public sector staff

Cybersecurity is a daily concern for local authorities, as public services rely on digital platforms. The risk of data breaches, fraud and service disruption is growing — making awareness, preparedness and resilience essential across every role in the public sector.

Cyber threats range from phishing and ransomware to internal user errors or malicious activity. These incidents can compromise sensitive data, disrupt operations and damage staff morale. Legacy applications, weak passwords, hybrid IT systems and third-party supply chains increase risk. Inconsistent approaches to cybersecurity across authorities leave gaps in protection. Cyber-attacks continue to increase, led by criminals seeking to steal data for financial gain.

A 360-degree cybersecurity approach

All staff must understand their responsibilities when handling personal information. Practical steps include using passkeys and strong passwords, encrypting data in transit and at rest, securing remote access and following clear data handling policies. Regular training helps build

a ‘cyber aware’ culture that improves resilience. A ‘Think before you click’ culture is a simple, effective step.

Senior leaders, HR, finance, procurement and social care professionals need to go further. Organisations need to maintain information asset registers, have up-to-date network diagrams and conduct information risk assessments as part of a robust information assurance process. Organisations need to exercise their cyber response plans and learn from them.

Communication is key

Agreeing and documenting the organisation’s critical systems and the order in which they are recovered is essential. Organisations need effective communications during an incident, both internally with their own staff and externally with stakeholders and suppliers. Staff welfare during an incident is also very important.

Free resources to help you

Socitm promotes transformation through collaboration. The Cyber@Socitm website is a good example. Through joining a regional WARP (Warning, Advice and Reporting Point), the Socitm Cyber Technical Advisory Group (CTAG) brings together local and central public services to discuss and learn about cyber collaboration. Ultimately, strong governance, shared knowledge, collaboration and proactive staff training help local public services stay safe, resilient and trusted in the digital age.

AI-driven trends are reshaping network infrastructure demands

As AI workloads grow in scale and complexity, resilient, highperformance network connectivity to, within and between data centres is more essential than ever.

Currently, the hype surrounding artificial intelligence (AI) is off the scale. Some commentators have called it the business disruptor of our generation, noting that AI has the potential to be even bigger than the internet. That might sound outlandish to some, but Manish Gulyani, CMO for Network Infrastructure at Nokia, thinks the hype is justified.

Demands for AI in every industry

“We believe the impact of AI is going to be huge in all parts of the economy and society,” says Gulyani. “From healthcare to manufacturing, the expectation is that its massive compute power will simplify or shorten time to innovation in every industry, across a broad range of applications.”

No wonder AI advances are driving major investment cycles from everyone, from hyperscalers and cloud service providers to enterprises and governments — all seeking greater agility, efficiency, profitability and competitiveness.

Limitations of existing networks in an AI world

There is a big, technical elephant in the room to deal with, however. AI workloads are far more computeintensive than workloads created by traditional computing applications and usually involve the exchange of vast data volumes. Furthermore, these volumes require rapid processing to shorten model training times and deliver the best user experiences. “Current networks deployed today are not designed for that combined capacity, that level of performance from a latency perspective and loss perspective, and that level of reliability,” says Gulyani.

Running AI workloads on existing network infrastructure can cause engines to slow and training to use up more time and power. To properly unleash the business value of AI, networks must offer high performance, low latency, high reliability and rapid responsiveness.

Backbone of distributed computing

Data centres are the backbone of the AI era, enabling everything from cloud computing to data storage. To connect users to data centres and to connect data centres with each other, the network matters even more. Gulyani explains that this is driving a market need for vendors who can offer powerful inter and intra-data centre network connectivity solutions, from the switching fabrics inside data centres to IP and optical interconnection between data centres. Because, at its heart, AI is a distributed computing problem at immense scale, especially as increasing numbers of industries, governments and organisations build or adopt AI infrastructure. “The more distributed workloads and data centres become,

the more the network has a role to play,” says Gulyani.

Providing connectivity to, within and between data centres

At a micro level, this includes the graphics processing units (GPUs) that work together inside a data centre to attack and digest large datasets to accelerate the training of AI models. “Networking is needed to connect the racks of GPU servers within the data centre,” says Gulyani. “However, because GPUs are very hungry processors and a lot of them are required, cloud builders and datacentre operators face space and power constraints within single locations. So, they’re building multiple data centres within campus environments.” Therefore, with data centre proliferation happening worldwide, Nokia offers a three-pronged solution — data centre switching, IP routing and optical networking — to provide connectivity between and across data centres with reliability, scalability, performance and security.

Networking is needed to connect the racks of GPU servers within the data centre.

Protecting networks from attacks Security must never be underestimated, warns Gulyani. “Distribution creates a security challenge,” he says. “When data leaves a data centre, it creates an exposure point for bad actors to attack. Which is why we’re positioning quantum safe solutions and Denial of Service (DoS) prevention solutions to protect the network surface from attacks today and in the future.” Because networks are out of sight, they’re also largely out of mind. Gulyani says: “We only notice the network when it’s not responding. If the internet goes down, industry and society almost stop. Imagine a world where all applications are AI-based and the network goes down because it can’t cope. What happens then?” We need security to be built into the network, rather than being an afterthought.

Data centres scale sustainably and securely with optical networking

Rob Shore, Head of Portfolio Marketing, Optical Networks at Nokia, says that the rise of AI presents unique — but solvable — data centre connectivity challenges for hyperscalers, cloud providers and enterprises.

concern that quantum computing could crack standard encryption methods. This has given rise to innovations in transmission security called quantum safe networking — new capabilities that increase encryption complexity, secure encryption keys and safeguard data.

Which hurdles still block true ‘zero-touch’ automation in optical networks?

Despite certain advances in the area of agility, today’s optical networks remain largely reactive. To further reduce human effort, networks must become more predictive. This is where AI’s predictive capabilities play a critical role, enabling networks to prepare for shifting data patterns rather than simply attempting to react once they happen.

With greater predictability, operators can reduce the need to overbuild network infrastructure to accommodate peak traffic and shifting traffic patterns, resulting in a more efficient and costeffective network.

What are the challenges of moving high volumes of data within data centres?

What is behind the extraordinary growth of data centres?

AI is the primary driver. AI requires far more processing and distributed communications — about 10 times more than traditional internet traffic. At the same time, today’s data centres consume so much electricity that individual local power grids often struggle.

Consequently, operators are selecting locations to build new data centres largely based on where power is available. These data centres must then be interconnected with high-speed, low-latency networks to effectively communicate with each other.

How can operators scale these inter-data centre networks sustainably?

Over the last 30 years, optical technology has largely centred on powerful lasers that maximised the amount of information that can be transmitted over a single fibre cable. However, if operators adopt a multi-fibre strategy to interconnect these data centres and spread the data across multiple fibre optic cables, they can use lower-cost, lower-power optics and still keep up with bandwidth demands.

While these optics provide roughly 30% less capacity per fibre, they leverage the latest technology to minimise cost and power per bit of transmission, resulting in a more cost-effective and efficient method of keeping up with the relentless growth in AI traffic.

What’s the best way to ensure security and compliance as data sovereignty rules tighten?

Standard encryption methodologies have been used for many years to protect data as it travels through fibre optic cables. However, there is

As AI workloads surge, the volume of data moving between server racks and storage elements within data centres is growing exponentially. Moreover, power consumption of compute elements is rising at an unprecedented rate. One of the biggest challenges is how to scale intra and inter-rack connectivity capacity to meet these demands while minimising the amount of power required.

What’s the answer to that problem?

Innovation will continue to be key. For high-speed transmission applications, optical solutions require both front-end optical components that generate and modulate the light and backend processors to help in converting data from analogue to digital and enabling error-free transmissions at these high data rates.

Today’s optical solutions package the optics and the processors together into a single product. This approach is called a ‘retimed’ optical solution. One key innovation that Nokia is helping to pioneer is to leverage the processor that already exists on the servers or network interface cards to process the optical signals, eliminating the need for a separate dedicated processor on the optics module. This approach is called ‘linear pluggable optics’ and can reduce the power requirements for high-speed transmission solutions — 1.6Tb/s and greater — by as much as 70%.

How can optical options be implemented?

There are two capabilities critical to enabling solution providers to deliver the breadth of optical solutions necessary to cost-effectively address numerous applications associated with data centre connectivity: (1) sufficient scale to both keep up with the massive demands and keep costs down; and (2) a high level of vertical integration, which is required to drive pioneering innovation.

Prepare for the quantum threat: why data protection must start now

Quantum computing is on more organisations’ radars, but many still see it as a future issue. The real threat, however, is already emerging.

WRITTEN BY

Adversaries are actively harvesting encrypted data now, with plans to decrypt it once quantum technology reaches scale. It’s a tactic known as ‘harvest now, decrypt later,’ and it poses a significant risk to sensitive data across all sectors — not just governments or critical infrastructure.

A gap in awareness and readiness

Despite this, ISC2’s 2024 Workforce Study showed that only 36% of cybersecurity professionals believe quantum computing will negatively impact organisational security. That signals a worrying gap in readiness and investment, especially as NIST has now formalised postquantum cryptography (PQC) standards and the UK’s NCSC has targeted 2035 as a transition deadline.

Many organisations still see the shift to quantum-safe cryptography as a niche or long-term concern, only for governments or tech giants. In reality, every organisation handling sensitive data must begin mapping its cryptographic dependencies and building crypto-agility — the ability to pivot to new encryption standards as they evolve. This is especially urgent in areas like IoT and embedded devices, where upgrades can be complex and time-consuming.

This isn’t happening in isolation. As AI continues to generate real-world security threats, from deepfakes to automated attacks, quantum introduces a parallel risk, undermining the fundamental building blocks of digital trust. The challenge isn’t choosing which to prioritise; it’s recognising that both require immediate attention.

Building crypto-agility and quantum resilience

What should organisations do? First, assess where and how encryption is used across your infrastructure. Second, prioritise systems that will be hardest to update, especially IoT and embedded devices. Third, invest in your people. Upskilling cybersecurity teams and nurturing the next generation of talent is essential to long-term quantum resilience.

Our ISC2 Quantum Transition Task Force is developing strategic guidance to help cybersecurity professionals and organisations prepare for this shift. That includes practical insights into achieving crypto-agility and protecting long-term data confidentiality.

If we wait for quantum to become mainstream, we’ll already be behind. The groundwork must begin now to avoid greater consequences later.

UK data reforms continue to test cybersecurity professionals

The UK Data Bill and EU regulations like DORA and NIS2 are reshaping cybersecurity, compliance and operational risk for UK security professionals and businesses.

In June, the UK Data (Use and Access) Bill received Royal Ascent and officially passed into law. It’s a wide-ranging legislation, essentially updating many existing UK data regulations, including the UK General Data Protection Regulation (UK GDPR), The Data Protection Act of 2018 and The Privacy and Electronic Communications Regulations (PECR).

Tighter regulation amid increasing AI use

Aimed at boosting innovation, some rules — particularly around cookies and digital tracking — have been relaxed, while others have remained. For example, UK

citizens still have the right to be informed, to access, correct or delete personal data, and strict rules on international data transfers still apply. Some laws have also been tightened, including how people request their personal data. With AI becoming so prominent over the last few years, rules over automated decision-making, such as disclosure, rights of citizens to challenge and requesting a human review of automation, have also been hardened.

Cyber laws to improve compliance

Although the Bill is evolutionary rather than revolutionary, it still represents a shift in the regulatory

landscape for security professionals. UK companies are operating against a backdrop of tightening legislation, many driven by the EU, with the Digital Operational Resilience Act (DORA) and NIS2 recently coming into effect. The UK Data (Use and Access) Bill is seen by many as yet another law to comply with, including subtle nuances that need to be understood fully to remain compliant.

Data security as a business function

As the regulatory landscape evolves, so must security professionals, ensuring they are constantly developing skills that help them and their companies remain secure and compliant. New regulations shouldn’t be seen as a hindrance, but an opportunity. Cybersecurity teams that grasp new legislation can use compliance as a lever to secure investment in security initiatives. To make a convincing case, however, professionals need to develop a strong understanding of how regulations translate into operational impacts, changes to risk profiles, cost models and sourcing strategies. Stakeholder management and communication will be vital in this pursuit, which can only happen if cybersecurity becomes a recognised business function, rather than just a sub-sect of IT.