Cybersecurity failures are no longer just IT problems. They are legal, financial, and leadership failures. In this episode of Security Squawk, we break down how a ransomware attack on Ireland's Office of the Ombudsman delayed justice for citizens and what that incident reveals about preparedness, accountability, and real-world consequences of cyber risk. We start with the Ireland cyberattack that forced a key public watchdog agency to halt case processing for months. This was not a minor disruption. Systems were taken offline, legal action was required to prevent potential data leaks, and people relying on the system became collateral damage. The story highlights a hard truth. When cybersecurity fails, mission failure follows. Government or private sector, the outcome is the same. From there, we zoom out to the private sector where the warning signs are flashing red. New survey data shows cybersecurity litigation risk is rising faster than any other legal exposure for U.S. businesses. Corporate legal teams expect cyber and data privacy disputes to intensify, yet fewer of them feel prepared compared to last year. That gap tells us everything we need to know. Companies understand the risk is growing, but they are not investing or aligning fast enough to reduce it. We also examine the dangerous confidence gap in middle market firms. Nearly one in five experienced a cyber incident, yet almost all executives still believe their security posture is strong. Confidence without controls is not resilience. It is exposure. This disconnect raises serious questions about leadership accountability and how security decisions are being made at the executive level. The episode also dives into research showing that many top U.S. companies still fail basic cybersecurity hygiene. Reused passwords, outdated software, poor configuration, and unpatched systems remain common in 2025. These are not advanced threats. These are fundamentals. When organizations cannot execute the basics, the issue is not technical skill. It is culture, discipline, and leadership priority. We discuss the ongoing wave of data breaches affecting insurance, healthcare, and business services organizations, exposing millions of records. These incidents are proof that many companies remain reactive instead of proactive. Third-party risk, weak internal controls, and poor governance continue to amplify the damage. Finally, we tackle a growing blind spot. AI security governance. As businesses rapidly adopt AI tools, many still lack formal rules, oversight, or risk frameworks. Without governance, innovation turns into liability. Attackers move faster than policy, and organizations are left exposed. This episode is a wake-up call for business leaders, MSPs, IT professionals, and security decision-makers. Cybersecurity is no longer about compliance checklists or technology spend. It is about reducing real risk, protecting trust, and leading responsibly. If you want to understand why cyberattacks now lead to lawsuits, why confidence is not the same as security, and why leadership decisions matter more than ever, this episode delivers the insight you need. Subscribe, follow, and share Security Squawk. And if you want to support the show, you can always buy me a coffee at buymeacoffee.com/securitysquawk.

Today on Security Squawk we are breaking down three different incidents that all point to the same underlying issue. Basic security failures with real consequences. An Oregon state agency exposes personal information tied to environmental complaints. Nissan suffers a ransomware incident that leaks nearly 900 gigabytes of internal data. And an Illinois government agency exposes sensitive information connected to more than 700,000 individuals. Randy Bryan, Reginald Andre, and Bryan Hornung walk through what actually happened, why these incidents keep repeating across industries, and what they mean for businesses that assume they are too small or too quiet to be targeted. If government agencies and global manufacturers are struggling with access control, monitoring, and accountability, the real question is what that means for your organization. Join us live to understand the risks and what to do next. Join Randy Bryan, Reginald Andre, and Bryan Hornung live and be part of the conversation.

University of Phoenix confirms a massive data breach affecting almost 3.5 million current and former students, staff, and partners after attackers exploited a zero-day in Oracle E-Business Suite. We break down the implications for identity theft risk and breach response. Next, Andre explains why most existing medical devices would fail the FDA's new cybersecurity standards and how healthcare organizations can manage legacy device risk in critical environments. Finally, Bryan breaks down a cloud breach spree that hit 50 global organizations because multi-factor authentication wasn't enforced. Learn why MFA is no longer optional and how basic security failures lead to major breaches. Tune in for expert insights, practical advice, and what every IT leader needs to know today.