--- title: "Cybersecurity Report January 2026 | Aegister" description: Cybersecurity monthly report for January 2026 covering Italy, EU, and global threats. Key incidents, emerging trends, and actionable security insights. canonical: https://www.aegister.com/en/cms/insights/cybersecurity-monthly-report-january-2026/ url: /en/cms/insights/cybersecurity-monthly-report-january-2026/ lang: en --- ![](/static/images/header-contact.webp) # Cybersecurity Monthly Report – January 2026 (Italy, EU, Global) --- ![Cybersecurity Monthly Report – January 2026 (Italy, EU, Global)](/static/images/cms/cyber-monthly-report-jan-2026.webp) ## Cybersecurity Monthly Report – January 2026 (Italy, EU, Global) January 31, 2026 [NIS2](/en/cms/keyword/nis2/) [EU](/en/cms/keyword/eu/) [GRC](/en/cms/keyword/grc/) [incident response](/en/cms/keyword/incident-response/) +13 **January 2026** was a pivotal month for European cybersecurity, marked by a major **EU cybersecurity package** (Cybersecurity Act "revision" often referred to as *Cybersecurity Act 2* in commentary) and **targeted amendments to NIS2**. At the same time, regulators and supervisors continued to operationalize **DORA** (already applicable since January 2025) through practical supervisory expectations and reporting/measurement guidance. This report highlights what matters most for organizations operating in Italy and across the EU: regulatory direction, compliance simplification, supply-chain risk controls, and actionable priorities for security and governance teams. ## 1) EU cybersecurity package (20 January 2026): Cybersecurity Act revision + targeted NIS2 amendments On **20 January 2026**, the European Commission published a new cybersecurity package built around two legislative proposals: - **A proposal to revise the EU Cybersecurity Act** (the 2019 framework that underpins EU-wide cybersecurity certification). - **A proposal to amend NIS2** through targeted "simplification and alignment" measures, aiming to reduce complexity and improve cross-border supervision. From a governance and compliance standpoint, the package is best understood as an attempt to: - **Increase legal clarity** (especially for cross-border entities) and reduce fragmentation in enforcement. - **Use certification more effectively as a compliance tool**, lowering the burden for organizations subject to multiple EU cyber obligations. - **Strengthen supply-chain and "high-risk supplier" risk management**, including the ability to de-risk telecom networks in alignment with the EU 5G security toolbox approach. Official references: - [European Commission – Proposal (NIS2 targeted amendments: simplification & alignment)](https://digital-strategy.ec.europa.eu/en/library/proposal-directive-regards-simplification-measures-and-alignment-cybersecurity-act) - [Council of the EU – Package documentation (ST 5627/26)](https://data.consilium.europa.eu/doc/document/ST-5627-2026-INIT/en/pdf) - [ECSO – Statement on the Cybersecurity Act revision proposal](https://ecs-org.eu/ecso-statement-on-the-cybersecurity-act-revision-proposal/) - [HADEA – EU cybersecurity projects & reference to the January 2026 package](https://hadea.ec.europa.eu/news/spotlight-eu-cybersecurity-projects-shielding-eu-cyber-threats-2026-02-05_en) ## 2) What the NIS2 "simplification" direction signals for 2026 programs The Commission's NIS2 amendment proposal explicitly frames its intent as **increasing legal clarity**, **streamlining data collection** (including ransomware-related data), and **facilitating supervision of cross-border entities**, with a reinforced coordinating role for ENISA. In practice, this pushes organizations toward "audit-ready" evidence that can be reused across obligations, rather than parallel compliance tracks. Practical implications for organizations (Italy and EU-wide): - **Cross-border governance**: ensure you can clearly demonstrate jurisdiction, competent authority mapping, and accountability for group-wide controls. - **Reusable evidence**: align control catalogs (policies, logs, testing artifacts) so the same evidence supports NIS2, sectoral rules, and procurement requirements. - **Supply-chain controls**: enhance vendor/ICT service governance and be prepared for deeper scrutiny on "high-risk supplier" exposure. ## 3) DORA in 2026: supervision deepens, metrics and reporting maturity become differentiators While **DORA** became applicable in January 2025, January 2026 is characterized by a shift from "readiness projects" to **supervisory maturity**: financial entities are expected to show operationalized processes (not just documentation) for ICT risk management, incident handling, resilience testing, and ICT third-party oversight. Key supervisory signals and references: - [EIOPA – DORA overview (scope and expectations)](https://www.eiopa.europa.eu/digital-operational-resilience-act-dora_en) - [De Nederlandsche Bank – DORA supervision page (updated 29 Jan 2026)](https://www.dnb.nl/en/sector-information/open-book-supervision/laws-and-eu-regulations/dora/) - [EBA/ESA Joint Guidelines – Estimation of aggregated annual costs and losses from major ICT incidents](https://www.eba.europa.eu/activities/single-rulebook/regulatory-activities/operational-resilience/joint-guidelines-estimation-aggregated-annual-costs-and-losses-caused-major-ict-related-incidents) What this means for financial organizations in 2026: - **Incident economics** (cost/loss measurement) becomes part of the compliance conversation—improving the quality of impact estimation and reporting readiness. - **Third-party oversight** must be demonstrable: inventory completeness, criticality tiers, contractual controls, monitoring, and exit strategies should be routinely tested. - **Resilience testing** should be credible and risk-based (covering critical services, realistic threat models, and remediation verification). ## 4) Threat & vulnerability priorities: edge/perimeter remains the strategic battleground January 2026 continues the pattern seen across recent years: **edge systems** (VPN gateways, remote access, security appliances) remain high-value targets because they sit at the boundary of trust and are often exposed to the internet. Active exploitation alerts affecting widely deployed products repeatedly drive urgent patch/mitigation cycles. Representative reference (active exploitation alert): - [UK NCSC – Active exploitation alert (Ivanti vulnerability)](https://www.ncsc.gov.uk/news/active-exploitation-ivanti-vulnerability) - [Ivanti – Security update and remediation guidance](https://www.ivanti.com/blog/security-update-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways) Operational actions to prioritize: - **Internet-facing inventory**: continuously track exposed services (VPN, portals, DNS, remote management), including shadow IT. - **Risk-based patching**: accelerate remediation for vulnerabilities with exploitation signals; validate compensating controls where patching is constrained. - **Post-patch verification**: confirm effective mitigation and hunt for indicators of compromise around edge systems. ## 5) Sector signal: healthcare remains a top ransomware pressure point Healthcare-focused intelligence sharing communities continue to emphasize ransomware, supply-chain exposure, and AI-driven techniques as major drivers of risk. While every organization's threat model differs, the sector's experience remains a strong proxy for "high-impact" disruption scenarios—useful for resilience and crisis planning across critical services. - [Health-ISAC – Annual Threat Report (Health Sector) 2026](https://health-isac.org/annual-threat-report-health-sector-2026/) ## 6) Governance takeaways for January 2026: what boards and executives should ask for January 2026 reinforces a simple message: the EU is converging toward a cybersecurity model where **compliance is operational** and **supply-chain risk** is treated as a strategic vulnerability—not an afterthought. For boards and senior executives, the focus should be on the few "proof points" that regulators and incident reality will test: - **Evidence of operational resilience**: tested incident response, recovery objectives, and credible exercises. - **Vendor and cloud control**: demonstrable third-party governance, including exit strategies and monitoring. - **Exposure reduction**: measurable improvements in internet-facing attack surface management and edge patch velocity. - **Metrics that matter**: MTTD/MTTR, time-to-patch for exploited vulnerabilities, and incident cost/loss estimation maturity (DORA). ## Selected sources (external) - [European Commission – NIS2 targeted amendments proposal (20 Jan 2026)](https://digital-strategy.ec.europa.eu/en/library/proposal-directive-regards-simplification-measures-and-alignment-cybersecurity-act) - [Council of the EU – Cybersecurity package documentation (January 2026)](https://data.consilium.europa.eu/doc/document/ST-5627-2026-INIT/en/pdf) - [ECSO – Statement on Cybersecurity Act revision proposal](https://ecs-org.eu/ecso-statement-on-the-cybersecurity-act-revision-proposal/) - [HADEA – Reference to the January 2026 EU cybersecurity package](https://hadea.ec.europa.eu/news/spotlight-eu-cybersecurity-projects-shielding-eu-cyber-threats-2026-02-05_en) - [EIOPA – DORA overview](https://www.eiopa.europa.eu/digital-operational-resilience-act-dora_en) - [DNB – DORA supervision page (updated 29 Jan 2026)](https://www.dnb.nl/en/sector-information/open-book-supervision/laws-and-eu-regulations/dora/) - [EBA/ESAs – Guidelines on aggregated annual costs and losses from major ICT incidents](https://www.eba.europa.eu/activities/single-rulebook/regulatory-activities/operational-resilience/joint-guidelines-estimation-aggregated-annual-costs-and-losses-caused-major-ict-related-incidents) - [UK NCSC – Active exploitation alert (Ivanti)](https://www.ncsc.gov.uk/news/active-exploitation-ivanti-vulnerability) - [Ivanti – Security update](https://www.ivanti.com/blog/security-update-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways) - [Health-ISAC – Annual Threat Report (Health Sector) 2026](https://health-isac.org/annual-threat-report-health-sector-2026/) ## FAQ ### What is the main objective of this project? The project focuses on developing and operationalizing cybersecurity capabilities for target organizations in scope. ### Which funding framework supports the initiative? The article references PR FESR/Campania Startup funding context and related decree identifiers for the initiative. ### What timeline is stated for implementation? The timeline is defined in the project timeline section of this article. ## Official sources - [Official reference 1](https://www.regione.campania.it/) - [Official reference 2](https://commission.europa.eu/funding-tenders/find-funding/eu-funding-programmes/european-regional-development-fund-erdf_en) - [Official reference 3](https://commission.europa.eu/) - [Official reference 3](https://digital-strategy.ec.europa.eu/en/library/proposal-directive-regards-simplification-measures-and-alignment-cybersecurity-act) - [Official reference 3](https://data.consilium.europa.eu/doc/document/ST-5627-2026-INIT/en/pdf) Share this post ## Related News [![Cybersecurity Monthly Report – January 2025 (Italy, EU, Global)](/static/images/cms/cyber-monthly-report-jan-2025.webp)](/en/cms/insights/cybersecurity-monthly-report-january-2025/) [Cybersecurity Monthly Report – January 2025 (Italy, EU, Global)](/en/cms/insights/cybersecurity-monthly-report-january-2025/) [Aegister's January 2025 monthly cybersecurity report: DORA goes live, NIS2 registration milestones, key vulnerabilities (VPN/edge), ransomware policy signals, and operational actions for boards and security teams.](/en/cms/insights/cybersecurity-monthly-report-january-2025/) [NIS2](/en/cms/keyword/nis2/) [ACN](/en/cms/keyword/acn/) +14 [![EU Cybersecurity Act Revision – COM(2026) 11: What Changes and Why It Matters](/static/images/cms/eu-cybersecurity-act-revision-2026.webp)](/en/cms/insights/eu-cybersecurity-act-revision-2026/) [EU Cybersecurity Act Revision – COM(2026) 11: What Changes and Why It Matters](/en/cms/insights/eu-cybersecurity-act-revision-2026/) [The European Commission's January 2026 proposal to revise the EU Cybersecurity Act: supply-chain risk governance, simplified certification (ECCF), ENISA reinforcement, and practical implications for NIS2 and DORA compliance programs.](/en/cms/insights/eu-cybersecurity-act-revision-2026/) [NIS2](/en/cms/keyword/nis2/) [compliance](/en/cms/keyword/compliance/) +10 [![Cybersecurity Update – Week 22 of 2025](/static/images/cms/weekly-cyberupdate-22-2025.webp)](/en/cms/insights/cybersecurity-update-week-22-of-2025/) [Cybersecurity Update – Week 22 of 2025](/en/cms/insights/cybersecurity-update-week-22-of-2025/) [Aegister's weekly cybersecurity update for Week 22 of 2025, covering major threats, trends, regulatory changes (NIS2, DORA), GRC topics, and international initiatives.](/en/cms/insights/cybersecurity-update-week-22-of-2025/) [NIS2](/en/cms/keyword/nis2/) [ACN](/en/cms/keyword/acn/) +13 ### NIS 2 Compliance with Aegister Complete solutions for NIS 2 Directive compliance: expert consulting, implementation and ongoing support. [Discover](/en/solutions/compliance/nis2/)