Organisations that operate across multiple jurisdictions should take the time to understand the regulatory requirements they would be subject to in the event of a data security incident, in light of the global cyber risk they face and recent moves by policy makers across the world to bolster data security requirements.