Cybersecurity has never been a more pressing concern for organizations across the United States, from local water authorities to the high-stakes world of private equity. On February 12, 2026, a flurry of developments underscored just how rapidly the cyber landscape is evolving and the lengths to which institutions are going to defend themselves against increasingly sophisticated threats.
In Monroe County, New York, the local Water Authority received a significant boost in its fight against cyber threats. According to recent reporting from the Democrat & Chronicle, nearly $1.1 million in federal funding was earmarked for cybersecurity upgrades at the Monroe County Water Authority as part of the federal appropriations bill signed into law last month. The initiative, secured by Senators Chuck Schumer and Kirsten Gillibrand alongside Representative Joe Morelle, aims to bolster the region’s capacity to protect its drinking water infrastructure from evolving digital risks.
The Monroe County Water Authority plans to allocate the funds toward a suite of security enhancements: securing data storage servers, upgrading critical infrastructure, implementing new backup systems, and deploying advanced threat detection software. These measures are designed to safeguard the integrity of drinking water operations, which have become an attractive target for cybercriminals seeking to disrupt essential services.
Senator Schumer stressed the significance of the investment, stating that the funding plays a vital role in “ensuring Rochester-Finger Lakes residents have access to clean drinking water.” Representative Morelle echoed this sentiment, emphasizing, “This is exactly how the federal government is supposed to function, by providing direct support to companies, organizations, and local communities.” Their statements reflect a growing recognition in Washington that cybersecurity is not just an IT issue—it’s a matter of public safety and trust.
Meanwhile, the private equity sector is grappling with its own cyber reckoning. On the same day, Kroll, a leading risk and financial advisory firm, released a sobering report warning that cyber incidents have become a “material transaction risk” for private equity (PE) firms—one that can cause significant value destruction across the deal lifecycle and is rising in frequency. The report, based on a survey of 325 PE firm executives, found that the average financial impact of a cyber incident was a staggering $2.1 million. But as Dave Burg, Kroll’s global group head of cyber and data resilience, pointed out, this figure is “just the tip of the iceberg.” The true cost often emerges later, in the form of regulatory investigations, delayed deal timelines, and governance gaps that can trigger the need for continuation vehicles.
Kroll’s analysis revealed a 53% probability that a PE firm would lose more than $500,000 in any given attack, and a 13% chance that losses could exceed $5 million. Nearly all respondents—94%—reported some form of financial impact due to cybersecurity risk. These impacts ranged from reduced valuations or exit prices following a cyber incident (in just over a quarter of cases), to increased ongoing compliance or cybersecurity training costs for nearly two-thirds of firms, and indirect remediation or consultancy bills for almost half.
The report highlighted that the portfolio hold period—when PE firms are actively managing their investments—has become a prime target for attackers. A striking 80% of PE firms experienced disruption due to cyberattacks during this period, with nearly a third of those incidents leading to outright business disruption or downtime. Additional fallout included unexpected remediation costs for 44% of firms, compliance- or regulatory-related litigation for 29%, and IT system integration headaches for 30%.
It’s not just the frequency of attacks that’s rising. Nearly 70% of PE firms said cyber incidents were increasing during the hold period, with attackers appearing to synchronize their strikes to moments of integration and transformation. Burg observed that this is “not a coincidence,” noting that adversaries are leveraging generative AI to amplify the impact and effectiveness of their actions.
The Kroll report also exposed a pronounced gap between large and mid-market PE firms in their cyber readiness. Larger firms (those with more than $25 billion in assets under management) were far more likely to have formal mandates for cybersecurity risk, conduct standardized due diligence, and use dedicated risk management platforms. Specifically, 55% of large firms governed cyber risk through formal mandates (versus 12% of smaller firms), and 81% included cybersecurity due diligence as standard (compared to just 29% of smaller firms). More than half of large firms had a dedicated cyber risk leader, compared to only 15% of their smaller counterparts.
Eric Hasty, managing director of cyber and data resilience at Kroll, cautioned that “cybersecurity incidents could have significant impacts on PE portfolios of all sizes.” He added that PE firms implementing a concise set of required cybersecurity controls, using dedicated platforms, conducting standardized due diligence, and establishing clear accountability were “far more effective at protecting value against cyber exposure in a cost-efficient way.”
Looking ahead to the rest of 2026, the outlook remains challenging. An overwhelming 96% of PE firms expect the importance of portfolio cybersecurity to increase over the next 12 months, while just over half anticipate that the financial impact of cyberattacks will grow and that incidents will become harder to manage. For insurers, brokers, and cyber risk advisers, this signals sustained demand for higher cyber insurance limits, more integrated advisory support, and tighter integration of cyber risk assessment into mergers, acquisitions, and portfolio management—especially among smaller and mid-market sponsors that have yet to catch up with the governance and tools of their larger peers.
As organizations scramble to fortify their defenses, education and hands-on experience are becoming invaluable. In Orlando, Florida, ThreatLocker—a global leader in Zero Trust cybersecurity—announced the featured speaker lineup and hands-on session highlights for its much-anticipated Zero Trust World (ZTW) 2026 event, scheduled for March 4-6. According to a release from Globe Newswire, the event is designed to give IT and security professionals practical, real-world experience implementing modern Zero Trust strategies and to help build a global Zero Trust community.
This year’s Zero Trust World will feature keynote and session presentations from high-profile figures such as Adam Savage (host of Tested and former co-host of MythBusters), Jason Silva (host of Brain Games on National Geographic), Linus Sebastian and Luke Lafreniere of Linus Tech Tips, and world-renowned hacker Jakoby. The program is packed with hands-on hacking labs, including guided dark web tours, demonstrations of Active Directory hacking, prompt engineering and AI-powered malware generation, “Rubber Ducky” USB attacks, Microsoft 365 security, SQL injection techniques, and a session titled “Zero Trust vs. Modern Attacks.”
One of the event’s highlights is the daily Cyber Hero certification exam, which allows qualified attendees to certify their skills in Zero Trust implementation and ThreatLocker tool usage. Passing the exam on-site comes with the added bonus of a registration fee refund, highlighting both the challenge and value of this credential. There’s also the live hacking competition, CTRL+ALT+PWN: Hack the PC. Win the PC., where participants attempt to compromise a custom-built, $5,000 PC—an exercise that brings a competitive edge to the learning environment.
“Zero Trust World is built for people who want to move beyond theory and actually understand how attacks happen and how to stop them,” said Danny Jenkins, CEO and co-founder of ThreatLocker. Sami Jenkins, COO and co-founder, added, “These labs and activities are intentionally immersive. They allow attendees to see firsthand how modern attacks work and, more importantly, how Zero Trust principles can be applied in real environments without disrupting the business.”
As cyber threats grow in sophistication and frequency, the message from Monroe County to Wall Street and beyond is clear: the stakes are higher than ever, and the need for robust, proactive cybersecurity strategies is non-negotiable. Whether through federal investment, industry-wide reforms, or hands-on education, organizations are racing to stay one step ahead of the attackers—and the race is only getting faster.