Singapore launches quantum readiness tools, the UK's new cyber laws - and other cybersecurity news - The World Economic Forum

Top cybersecurity news: Singapore's quantum readiness tools; UAE adopts National Encryption Policy; UK's new cybersecurity laws. Image: Mike Enerio/Unsplash Akshay Joshi Head of the Centre for Cybersecurity, Member of the Executive Committee, World Economic Forum Share: This article is part of: Centre for Cybersecurity This regular round-up brings you key cybersecurity stories from the past month. Top cybersecurity news: Singapore's quantum readiness tools; UAE adopts National Encryption Policy; UK's new cybersecurity laws. The World Economic Forum’s Centre for Cybersecurity provides an independent and impartial platform to reinforce the importance of cybersecurity as a strategic imperative and drive global public-private action to address systemic cybersecurity challenges. 1. Singapore launches quantum readiness tools Singapore's Cyber Security Agency has launched two critical resources to help organizations prepare for quantum computing threats: a Quantum-Safe Handbook and Quantum Readiness Index. Developed in collaboration with GovTech Singapore, Infocomm Media Development Authority and technology companies, these initiatives aim to guide critical infrastructure owners and government agencies through the complex transition to quantum-safe cryptography.​ The handbook addresses the quantum threat – the risk that sufficiently powerful quantum computers could undermine existing cryptographic systems safeguarding digital infrastructure, endangering secure communications, financial transactions and identity management. While the timeline for this threat remains uncertain, the migration to quantum-safe solutions is described as a complex "multi-year endeavour" requiring early planning and coordination. “ The exact timeline for 'Q-day' – when a quantum computer capable of breaking today’s cryptography becomes available –cannot be predicted with precision. ” — Singapore's Cyber Security Agency The Quantum Readiness Index serves as a self-assessment questionnaire, allowing organizations to evaluate their preparedness levels and prioritize migration actions. Both documents reflect principles found in the World Economic Forum's Quantum Readiness Toolkit: Building a Quantum-Secure Economy, published in 2023, which calls for a global, cross-border approach to cybersecurity and governing quantum risk, providing organizations with a framework to assess their quantum readiness and identify steps to enhance security measures.​ The documents are under public consultation until 31 December 2025.​ 2. UAE adopts National Encryption Policy The UAE has announced the approval of a National Encryption Policy and the issuance of an accompanying executive regulation, introducing a unified framework for securing sensitive data and outlining a phased shift toward post-quantum cryptography across government entities. The move comes as the country faces a rapidly evolving cyber threat landscape shaped by advances in artificial intelligence and quantum technologies. In parallel, the UAE Cybersecurity Council has expanded its focus on emerging risks through newly established taskforces, including an AI and Emerging Tech Taskforce led by H.E. Dr. Al Kuwaiti, which examines vulnerabilities linked to next-generation technologies. Taken together, these developments highlight the UAE’s efforts to adapt its cybersecurity posture amid increasing concern over systemic digital risks and the resilience of national infrastructure. Articles 'AI is a new oil': UAE cyber chief details key pillars of digital resilience Reports Global Cybersecurity Outlook 2026 3. UK introduces new cybersecurity laws The UK government has proposed new laws to protect essential services against cyber attacks. The Cybersecurity and Resilience Bill, introduced to Parliament on 12 November, shores up cyber defences for healthcare, energy, water and transport networks. The average cost of a significant cyberattack in the UK is now over £190,000 ($250,000), costing the UK economy around $19.4 billion or 0.5% of GDP each year. The new legislation comes after the UK's Office for National Statistics cited the cyber attack on Jaguar Land Rover as one reason UK GDP grew by just 0.1% in the third quarter, falling from the predicted 0.2%. The malicious event forced JLR's major plants to shut down for almost six weeks in September and October, with cyber-related costs alone reaching £196 million ($259 million). The company posted a £485 million ($640 million) loss in Q3 compared with a profit of £398 million ($525 million) for the same quarter in 2024. The UK's new legislation targets medium and large companies providing IT management, help desk support and cybersecurity services to organizations like the NHS, bringing them under regulation for the first time. Regulators will gain powers to designate critical suppliers meeting specific criteria, requiring them to comply with minimum security requirements and close supply chain gaps. In June 2025, the UK Government published the findings of its Cybersecurity Breaches Survey, which found only a third of all the businesses and charities surveyed had policies covering cybersecurity risks – and even fewer had a business continuity plan in place. Made with Flourish • Create a chart 4. News in brief: Top cybersecurity stories this month The European Union has formally designated 19 technology companies – including Amazon Web Services, Google Cloud and Microsoft – as "critical" third-party service providers to the financial sector under the Digital Operational Resilience Act. The designation reflects the financial industry's growing dependence on a small number of cloud and technology vendors for core operational services, aiming to minimize systemic risks posed by outages or cyber incidents. The US Congressional Budget Office (CBO) confirmed it was hacked by unspecified foreign actors, with officials concerned that hackers accessed internal emails, chat logs and communications between lawmakers' offices and CBO researchers. International law enforcement authorities coordinated by Europol and Eurojust dismantled major cybercrime infrastructure in the latest phase of Operation Endgame, conducted between 10-13 November from Europol's headquarters in The Hague. The operation resulted in the takedown of 1,025 servers, seizure of 20 domains and the arrest of the main suspect behind remote access trojan VenomRAT in Greece. Internet services and security company Cloudflare suffered a major service outage on 18 November, affecting major platforms including X, OpenAI and Anthropic. The outage was triggered by a configuration error in Cloudflare's Bot Management system, not a cyber attack, after a database permissions change caused a feature file to double in size, exceeding software limits on machines routing network traffic. Togo and Mozambique have signed a Memorandum of Understanding strengthening bilateral cybersecurity collaboration. Discover How the Forum helps leaders understand cyber risk and strengthen digital resilience Show more 5. More about cybersecurity on Forum Stories With mounting cyber threats due to AI, the need for skilled cybersecurity professionals has never been more pressing, write Melonia da Gama, Director of Training and Learning Programs, Fortinet and Natasa Perucica, Lead, Capacity Building, World Economic Forum and Companies are increasingly turning to AI to address the global shortage of cybersecurity workers. Cybersecurity training must also include soft skills vital for effective risk management. India faces a particularly acute talent shortfall, with demand for trained cybersecurity professionals far exceeding supply. Industry estimates suggest a shortage on the order of 1 to 1.5 million skilled professionals. The centre of the risk landscape sits with micro-, small- and medium-sized enterprises. Initiatives such as the Forum’s strategic cybersecurity talent framework are working to help individuals enter and thrive in the workforce. Leveraging AI for defensive automation could become a force multiplier, but only if governance frameworks balance automation with accountability, ensuring privacy protections remain robust. AI's market boom seems to be on course for a correction, exposing over reliance on a few highly visible firms, writes William Dixon, Associate Fellow, Royal United Services Institute. This concern is moving firms and governments to a greater focus on digital resilience and investments in diversified infrastructure. Long-term value for cybersecurity lies in investing in fundamentals over speculative AI tools. This will depend on developing resilient and adaptive cybersecurity strategies. Accept our marketing cookies to access this content. These cookies are currently disabled in your browser. Accept cookies License and Republishing World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use. The views expressed in this article are those of the author alone and not the World Economic Forum. Share: Contents 1. Singapore launches quantum readiness tools2. UAE adopts National Encryption Policy3. UK introduces new cybersecurity laws4. News in brief: Top cybersecurity stories this month5. More about cybersecurity on Forum Stories Forum Stories newsletter Bringing you weekly curated insights and analysis on the global issues that matter. Subscribe today More on Cybersecurity See all Cyber impact of conflict in the Middle East, and other cybersecurity news Akshay Joshi March 17, 2026 Is this how to prepare for an agentic AI driven future? David Haber March 6, 2026 AI is supercharging a global cyber fraud crisis. It could also solve it Jeremy Jurgens February 27, 2026 Why quantum security is a question leaders cannot ignore right now Anna Sarnek and Michael Brett February 20, 2026 The cyber threats to watch in 2026 – and other cybersecurity news Akshay Joshi February 18, 2026 4 steps Gulf countries are taking to protect people from financial crime Deya Innab February 16, 2026