By Laurens Cerulus | @laurenscerulus | lcerulus@politico.eu | Contact us on Signal, WhatsApp | View in your browser _With thanks to Mark Scott, Mary Lee and Nicholas Vinocur._ TRUMP STOOD POLAND UP: U.S. President Donald Trump cancelled his trip to Poland, initially scheduled this weekend, and will send Vice President Mike Pence instead. A Polish official, under condition of anonymity, told Reuters Thursday that the two countries would sign a 5G security agreement, “a general declaration for the needs of security and future cooperation.” The Financial Times reported the deal “is based on the so-called Prague Proposals — a set of principles on 5G networks and cyber security.” We will keep an eye out for it. Read Jan Cienski’s story on the political implications of this last-minute cancellation. WELCOME TO CYBER INSIGHTS, POLITICO’s new cybersecurity and data protection newsletter launched this week. If you’re reading this newsletter online, or a friend forwarded it to you over e-mail, you can sign up here to receive the first complementary editions of Cyber Insights in your inbox daily. 5G SECURITY SECURITY CHECKS, THE SWEDISH WAY: A draft Swedish law to boost security requirements on telecom operators seeking to roll out 5G was sent to the Council on Legislation, which checks if it is compatible with existing laws. That should take a couple of weeks, and it’ll go to Parliament after, a government spokesperson told Cyber Insights. Let’s break down what the new mechanism would look like: SPECTRUM AUCTION IS THE PEG: The new rules are linked to spectrum auctions. Sweden is aiming to hold its 5G auction in December or shortly after — which is why the new rules would enter into effect December 1. INTELLIGENCE CAN OBJECT TO A BID: Before the country’s telecom regulator (called the Post and Telecom Agency) assigns the spectrum bands, the country’s domestic and military intelligence services can object to certain operators based on national security concerns. It’s not entirely clear what reasons they’d have to (publicly) give in order to block the allocation of spectrum. More from the Swedes here. CYBER DIPLOMACY MARK YOUR CALENDAR: The Finnish presidency of the EU Council wants to hold a cybersecurity event in Brussels on November 8, Cyber Insights learned, which would be the main event organized in Brussels around the topic. The focus of what would be a day-long conference is to streamline Europe’s position on international norms and responsible state behavior in cyberspace, largely to inspire and influence discussions at U.N. level taking place this fall. THREAT REPORT BIG HACK — GOOGLE DISCOVERS IPHONE MALWARE-SPREADING WEBSITES: A remarkable discovery by Google showed a series of websites has been spreading malware exploiting vulnerabilities on iPhones for years — indiscriminately. Google’s team of security analysts posted a blogpost explaining how “Earlier this year Google’s Threat Analysis Group (TAG) discovered a small collection of hacked websites. The hacked sites were being used in indiscriminate watering hole attacks against their visitors,” using a vulnerability in iPhone technology. GOOGLE’S TEAM WROTE that “simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant.” Vice’s Motherboard said it “may be one of the largest attacks against iPhone users ever.” COST OF DATA BREACHES: The annual price tag of data breaches worldwide will climb to over $5 trillion (€4.5 trillion) per year by 2024, according to a white paper from Juniper Research published this week. That amount includes the direct and indirect costs of breaches, including the replacement of hardware, hiring additional people and company devaluations caused by reputational damage. DATA PROTECTION FACEBOOK’S AUDIO CHAT — COUNTRIES REVEALED: When the social networking giant revealed this week that some of its EU users in 14 countries had their audio chats transcribed by third-party contractors without their permission, our newsletter Morning Tech had one question: Who are the lucky 14? After some digging, we can reveal, exclusively, that along with Germany (which has already said it would start an investigation) and Iceland (ditto), the other countries involved are, by number of users affected: the U.K., Belgium, Slovakia, Italy, Sweden, Cyprus, Lithuania, France, Ireland, Greece, Denmark, and Austria. When Morning Tech called national authorities to ask them if any local residents had been affected, many referred us, initially, to Ireland’s privacy regulator, mistakenly in the belief that Dublin had legal authority. Others were not sure if they had even been contacted because the European Data Protection Board, which helps to oversee cross-border issues, had not been involved because the case was outside of its jurisdiction. ELSEWHERE ON THE WEB — University College London researchers published a report into what’s at stake for data flows after Brexit. More here. — Ransomware hits hundreds of dentist offices in the US. ZDNet — Phishing campaign hides malware in resumes. Infosecurity — An alleged cybercrime by a U.S. astronaut from the International Space Station (ISS) poses some unique and difficult legal questions, the Council on Foreign Relations’ David P. Fidler writes — U.K. gets first millionaire ethical hacker. Computer Weekly — Has Huawei been using a screenshot from the video game Il-2 Sturmovik: Battle of Stalingrad in its communication campaigns? The Register thinks so