“Companies that ramped up too fast last year are the ones who are laying off,” said Ravi Srinivasan, chief executive of cybersecurity company Votiro, which was started in 2012 and hasn’t laid off staff. 

Although cybersecurity departments at companies across sectors have largely been spared the mass layoffs experienced by other areas, some companies that provide cybersecurity products or services have cut head counts in the face of economic uncertainty.

Thousands of staff have been laid off from security providers in recent months, often in sales and marketing roles, but also in areas such as engineering. Recently, cybersecurity vendor Bishop Fox laid off 13% of its workforce after the annual RSA Conference held in late April.

“We proactively made these changes in response to the global economic situation and opportunities we identified to make our business more efficient. While demand for our solutions remains solid and our business is stable, we can’t ignore the market uncertainty and investment trends in this very different global economy,” said Chief Executive Vinnie Liu.

Venture-capital funds also are more selective now in where they deploy their capital, said John Masserini, a senior research analyst at consulting company TAG Cyber.

“They’re tapping the brakes,” he said. 

VC funding for cybersecurity companies was $2.9 billion in the first quarter of 2023, compared with $5.3 billion during the same period last year, according to cyber recruiting company Pinpoint Search Group.

Chief information security officers, under pressure to justify their own budgets, are changing purchasing strategies. Younger companies without established relationships with security chiefs, or track records with potential customers, may find it harder to win business in the future as a result. John Visneski, CISO at

Amazon’s

MGM Studios, said he is now considering how vendor products will work with technology he has already deployed, rather than simply buying the most capable product for each area and working out integration later. 

Mr. Visneski said that as a result, he is probably “less likely” to take a chance on an early-stage vendor today than he may have been a few years ago.

Benjamin Fabre, chief executive of fraud-prevention company DataDome, said he has faced challenges to contract renewals from customers’ chief financial officers, who now review budgets with more intense scrutiny.

Young cyber companies are still able to access funding, but years of outsize rounds and focus on growth at all costs are starting to be corrected, analysts say. Some companies are finding that to raise the funds they need, they must accept lower valuations than they might have in the past. 

Cybereason, a Boston-based security company, raised $100 million in Series G financing in early April, led by

SoftBank.

Regulatory filings show that shares were sold at a discount of more than 90% to Cybereason’s previous round in mid-2021, in which it was valued at approximately $3.1 billion. 

The company’s chief executive, Lior Div, was replaced by SoftBank executive Eric Gan, with Mr. Div taking on an advisory role. Cybereason didn’t respond to a request for comment.

The overall size of the market also makes it difficult for newer companies to gain a foothold, analysts say. Mr. Masserini of TAG Cyber said his team tracks around 4,800 cybersecurity vendors, and in each segment such as email security, endpoint protection and firewalls, dozens of tech providers compete.

“It’s overly saturated,” he said. 

Write to James Rundle at james.rundle@wsj.com

SYDNEY—Fox Corp. Executive Chairman and Chief Executive Lachlan Murdoch ended a defamation lawsuit against an Australian media firm, just days after his company settled a separate high-profile dispute with Dominion Voting Systems in the U.S.

Mr. Murdoch launched legal proceedings against Private Media Pty Ltd. in August, alleging that he was defamed around two months earlier by an opinion article that ran on Crikey, an online news site owned by Private Media, because it linked his family to the Jan. 6 Capitol riots in the U.S. The article, written by Crikey’s political editor Bernard Keane about the congressional investigation into the riots, ran under the headline, “Trump is a confirmed unhinged traitor. And Murdoch is his unindicted co-conspirator.”

Private Media rejected the claim that the article had defamed Mr. Murdoch and the case was due to go to trial in federal court in Sydney in October. In its defense, lodged with the court last year, Private Media said the references to the Murdoch family were “self-evidently hyperbolic” and that it used creative license to pick up on a U.S. grand jury’s naming of then-President Richard Nixon in 1974 as an unindicted co-conspirator in the Watergate scandal.

“No one would read the words literally as suggesting that the Murdochs were guilty of criminal conspiracy or treason under U.S. law,” the defense filing said.

On Friday, Mr. Murdoch’s attorney, John Churchill, filed a notice with the federal court stating that the Fox chief executive was discontinuing the proceedings.

In a statement, Mr. Churchill said Mr. Murdoch was confident that he would have won the case at trial.

“However, he does not wish to further enable Crikey’s use of the court to litigate a case from another jurisdiction that has already been settled and facilitate a marketing campaign designed to attract subscribers and boost their profits,” he said, in an apparent reference to the Fox-Dominion settlement.

Crikey, in a statement on its website, called the decision a victory for public interest journalism and said it stood by the original article.

NORTH CHARLESTON, S.C.—Nikki Haley frequently questions the use of public money to help corporations as she campaigns for the Republican presidential nomination, but her tone was significantly different when it came to interests in South Carolina.

As a state legislator and candidate for governor, Ms. Haley supported a 2009 economic development package for Boeing Co. valued at as much as $900 million that helped land the company’s 787 Dreamliner production facility in this city. A few years later, as governor, she signed into law an additional $120 million for the aerospace company as part of an expansion.

After accepting a seat on Boeing’s board of directors following her time in the Trump administration, she became an opponent of the company’s potential request for government assistance as the possibility of her 2024 presidential bid loomed, abruptly quitting the board and publicly criticizing the idea of government aid.

It isn’t unusual for conservative politicians, whether governors trying to lure companies to their states or members of Congress looking to secure funding for special projects back home, to confront tensions between their support for limited government and parochial interests.

Still, as voters examine the emerging GOP field, Ms. Haley’s record on Boeing has led some to portray the former governor and United Nations ambassador as someone prone to reversals and tied to the corporate establishment.

Taylor Budowich, who leads a political-action committee backing former President Donald Trump’s bid to return to the White House, said in a statement after Ms. Haley entered the race that she resigned her U.N. post to “go rake in money on corporate boards” and that she is a “career politician whose only fulfilled commitment is to herself.”

Proposals focused on social issues were again the most popular this year, mentioned in 338 of the filings, down more than 9% from 373 last year. Environmental issues were at the heart of 162 proposals, up slightly from 2022’s comparable tally of 155. Included in the grand total were 48 so-called anti-ESG proposals focused on the risk of ESG-promoting policies, up from 27 in the same period last year. 

Historically proposals sought more transparency, better disclosure or asked for companies to set goals, said Peter Reali, managing director and member of the sustainable investments team at fund manager Nuveen LLC. Now, many are calling for a change in behavior or impact, he said.

While the votes on proposals aren’t binding, they can create pressure for companies to change, to take a position on hot-button issues and can also express a lack of investor confidence in board members. However, Heidi Welsh, director of the Sustainable Investments Institute, cautioned that “it’s far too soon to draw any conclusions about support levels since we only have seen about half a dozen votes.” 

There are 298 proposals for companies to take more action on social issues, slightly down from 332 in 2022. Again this year, around a third of those concerned politics, including requests to set up board oversight or to report on a company’s lobbying, election spending or trade associations. Last year, politically-focused proposals won an average of 32% support, with only five—including at Twitter Inc.,

Netflix Inc.

and insurer

Travelers Companies Inc.

—achieving majority support. 

There are also 20 pay equity proposals this year, down from 33 in 2022. These typically ask companies to audit or report on gender-and-racial pay differences. Abortion has also emerged as a flashpoint with 22 reproductive health proposals this year, up from four last year.

Environmental action was the second most popular area of shareholder focus. So far, there are 160 pro-environment proposals this year, up from 154 in 2022. Most environmental proposals ask companies to adopt or report on Paris-aligned climate targets, while a smaller number ask investors, insurers and banks to report on, limit or cease their financing of fossil fuels. 

Shareholders voted on a record number of pro-climate proposals last year, but their support was lukewarm for more ambitious goals such as ending fossil-fuel financing. 

Support has waned slightly since 2021 when proposals calling for emission-reduction targets garnered record backing. Investors have also been more hesitant to support proposals that specifically lay out how a company should meet a climate target, said Mr. Reali: “It’s one thing to ask companies to set goals and targets, it’s another thing to tell companies how to achieve those goals and targets.” 

Evidence of the rise of the anti-ESG movement in the U.S. can also be seen. The 48 anti-ESG filings to date mostly ask companies to report on the “risks” of corporate plans for improving diversity and inclusion in and outside the company. Only five concerned the environment.

Ms. Welsh expects more anti-ESG proposals this season. However, last year, most of these types of proposals received less than 5% support, the threshold necessary to refile it again in the coming year. This year’s first anti-ESG vote—asking

Apple Inc.

to report on the “risks” of its diversity and inclusion programs—received 1.4% support.

The proposal tally will change over the AGM season, running from January to September but with most meetings happening between April and June. Some proxy statements will include new proposals. Companies will avoid votes when shareholders withdraw some current proposals, usually after they reach an agreement with the company on an issue. Last year, 273 proposals were withdrawn before they could be voted on during the AGMs in the first half of 2022. The comparable figure this year is 120, so far. 

Write to Dieter Holger at dieter.holger@wsj.com

Nestlé SA promised it will work to boost the nutritional value of its snacks, drinks and food products, after most of its portfolio was rated as unhealthy.

Less than half of Nestlé’s main food-and-drink portfolio is considered healthy, according to the results of an international nutrient profiling system that the Swiss food company published for the first time. Nestlé started using it last year with the aim of boosting transparency about the nutritional value of its products. 

Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

The war in Ukraine, rising energy prices and supply-chain disruptions during the pandemic have put port authorities on high alert for a rising number of cyberattacks. Ports in cities such Rotterdam in the Netherlands and Antwerp in Belgium, Europe’s two largest ports by cargo volume, are hubs for energy infrastructure and other critical sectors. A cyberattack three weeks before Russia invaded Ukraine in February 2022 disrupted operations at energy storage and distribution companies and a large terminal operator in Antwerp and other Belgian and Dutch ports.

For port authorities that ensure cargo moves safely through harbors, the coming rules could simplify their jobs because it can be difficult to nudge port-based companies, such as storage providers for oil and goods, terminal operators or logistics firms, to voluntarily adopt cybersecurity protections, said Athanasios Drougkas, a security expert at Enisa, the European cybersecurity agency. “It will make their lives easier,” he said.

The rules will apply to critical infrastructure operators and companies in their supply chains, including technology service providers. A growing number of cyber threats have targeted critical infrastructure companies during the war in Ukraine, highlighting the vulnerability of supply chains. “We felt that there was a bull’s-eye on the company,” said Yannick Herrebaut, chief information security officer at Belgium’s Port of Antwerp-Bruges NV, referring to the port authority. 

Companies based at the Port of Antwerp-Bruges were hit with ransomware in February 2022 at the same time that cyberattacks disrupted German energy storage companies and firms at Dutch ports. The victims suspended some operations and tankers crowded outside the port of Antwerp-Bruges waiting to unload.

“It’s getting more and more important that you need to have control over this supply chain,” he said.

Over time, the coming European cybersecurity law for critical infrastructure will likely have a similar effect as the European Union’s broad privacy rules known as the General Data Protection Regulation, said Deepak Mehta, an ecosystem developer at the Maritime Campus Antwerp, which works on technology innovation with maritime companies including ports and shipowners. 

A prior version of the coming EU cyber law mandated fewer safeguards than does the finalized one and applied only to large companies in a handful of critical sectors. Starting next year, the expanded cyber rules will apply to a larger pool of companies, including many medium-size firms, and to sectors including waste management, space and technology providers that previously didn’t fall under the 2018 law. EU countries have until October 2024 to start implementing the requirements and ensuring national regulators enforce the rules.

Around five companies in the port of Rotterdam fall under the jurisdiction of the earlier law, said Marijn van Schoote, head of cybersecurity at the Port of Rotterdam. That number will jump to around 200 when the updated version is in effect, he said. 

The new law requires critical infrastructure companies to make sure they carry out cyber risk assessments, use technical protections such as encryption and measures to prevent and respond to cyberattacks, and due diligence for the cybersecurity protections that service providers have in place.  

“A lot of work has to be done in the upcoming years,” Mr. van Schoote said.

The expansion will push companies to improve cybersecurity measures they have neglected, said Rob Nijman, spokesman for FERM, a group that shares cybersecurity intelligence from government bodies among around 50 member companies at the Port of Rotterdam. “There’s of course opportunities for companies to get their stuff in order because they have to,” he said. 

The port of Rotterdam is assessing whether it could set up a security operations center modeled on a similar initiative at the port of Los Angeles, Mr. van Schoote said. His office will decide before the summer whether to go ahead. 

The Los Angeles port shares information about threats through a cyber defense center with around 20 members including companies and groups such as the port’s dockworkers. A separate security operations center at the port runs around the clock and stops about 40 million attempted cyberattacks a month, said

Gene Seroka,

the port’s executive director.

More than 200,000 companies use the Port of Los Angeles every year, with shipping lines, trucks and railways transporting cargo there. “It’s a really complex set of participants,” he said.

Write to Catherine Stupp at catherine.stupp@wsj.com

The ChatGPT AI bot has spurred speculation about how hackers might use it and similar tools to attack faster and more effectively, though the more damaging exploits so far have been in laboratories.

In its current form, the ChatGPT bot from OpenAI, an artificial-intelligence startup backed by billions of dollars from Microsoft Corp., is mainly trained to digest and generate text. For security chiefs, that means bot-written phishing emails might be more convincing than, for example, messages from a hacker whose first language isn’t English. 

Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Companies have appealed GDPR decisions since the expansive privacy law took effect in 2018 in an effort to fight reputational harm and large fines, which can reach up to 4% of a company’s global revenue, or 20 million euros, whichever is higher. Now companies see entire business models at stake. Meta Platforms Inc., for example, said it is appealing fines of €390 million, or $414 million, imposed in Ireland in January over the social-media company’s practices in targeting Instagram and Facebook users with ads.

“We’re starting to see the through line of companies starting to pick their battles and spend the time and effort on the appeals they think they can win and would have an effect on their business models,” said Edward Machin, a lawyer in the London office of law firm Ropes & Gray LLP.

Appeals of major GDPR decisions show a significant amount of “gray area” where privacy lawyers, regulators and courts disagree over what the law allows, said Flora Egea Torrón, a partner at Spanish law firm Legal Army S.L. and former data-protection officer at Banco Bilbao Vizcaya Argentaria SA.

BBVA

is a multinational financial-services company. 

“There’s so much room still to interpret GDPR, so that’s why [companies] have to fight against the decisions” from regulators, she said. 

A Spanish court overturned a 2020 fine of €5 million against BBVA related to multiple complaints of the bank processing personal data without consent. The court decision, issued in late December and made public this year, said Spain’s regulator made a broad argument about the bank’s data-protection policy without enough evidence. 

Ms. Torrón said she was aware of the appeal while she worked at BBVA but wasn’t involved as an outside counsel after joining Legal Army in February. The regulator said it is considering an appeal. BBVA declined to comment. 

An Italian court last month overturned a €26.5 million fine from 2021 against utility Enel Energia over unsolicited marketing calls—a ruling the company said “confirms the correctness” of its behavior. The Italian regulator declined to comment. 

Last month, a U.K. court largely sided with Ireland-based credit-rating company Experian in its appeal of a 2020 decision made by Britain’s privacy regulator that would have restricted how it processes data from public sources.

The court said Experian’s data collection can rely on legitimate interest, a legal term in the GDPR allowing companies to gather personal data without asking for explicit consent, for direct marketing. The court rejected the regulator’s argument that collecting personal data to create profiles for marketing purposes intrudes on privacy rights. The court said the regulator had “fundamentally misunderstood” the implications of how Experian used data, and that there were no negative effects for individuals. Britain’s privacy watchdog will apply for permission to appeal the ruling, a spokeswoman for the regulator said. 

The court didn’t completely exonerate Experian, agreeing with the regulator that the company didn’t properly notify around five million people about how it acquired their data from public records. Experian must issue those notifications within a year. 

Experian said in a statement that it was “very pleased with the outcome.”  

Amazon got a win when a court sided with it last month against the data protection regulator in the German state of Lower Saxony, which ruled in 2020 that the company’s use of hand scanners to monitor employee performance in a warehouse was illegal. There was no fine. The regulator said in a statement after the court overturned its decision that lawmakers need to create new protections. 

An Amazon spokesman said the company was “pleased” with the ruling. “Warehouse management systems are industry standard, and research shows that these systems have a positive effect on employees’ work experience,” he said.

These recent wins will likely embolden other companies to appeal GDPR violations, said Mr. Machin of Ropes & Gray.

“There’s a strategic element here as companies are learning, just as regulators are learning, what can work, what can’t work and what they think can be challenged,” he said.

Write to Catherine Stupp at catherine.stupp@wsj.com

Taylor Swift got her start in the music industry at the tender age of 16, with the release of her eponymous country album in 2006. In the years since, the 12-time Grammy winner has transformed herself into a pop superstar and built her brand into a global powerhouse, selling more than two million tickets for her upcoming “Eras Tour” in a single day and announcing plans to direct an upcoming feature film. Along the way, she has become a savvy businesswoman who has often used her clout to shake up the music industry. Most recently, her decision to rerecord her older albums, ensuring that revenue from those streams go to her, caused a flurry of new standards from her label Universal Music Group NV to make sure other artists didn’t follow suit.  

So it’s perhaps not surprising that, in the process of becoming a music-industry juggernaut, Ms. Swift has also amassed an empire in the real-estate world. Despite her relative youth, the 33-year-old has assembled a portfolio of homes worth at least $150 million. With a penchant for historic houses, Ms. Swift—using a variety of trusts and limited liability companies—has acquired significant properties in locations ranging from Nashville, Tenn., to Beverly Hills and Rhode Island. Since most of these properties were purchased years before the Covid-induced real-estate frenzy, their value has risen dramatically in the time they’ve been owned by the country-singer-turned-pop star. While Ms. Swift tends to hold her properties for the long term, she has also sold a few homes along the way, often for a substantial profit.

Aviation produces more than 2% of global energy-related carbon-dioxide emissions, according to the International Energy Agency, and that is on track to rise as more of the world’s population takes to the skies. It is one of the hardest industries to decarbonize because it requires very energy-dense fuels to travel long distances. 

Many airlines, corporate flyers and governments see sustainable aviation fuel—chemically similar jet fuel refined from biological waste rather than crude—as a way to reduce aviation’s contribution to global warming. It can cut emissions by up to 80% compared with conventional jet fuel, depending on the feedstock used. At least 30 airlines have promised to use SAF, usually for 10% of their fuel consumption, by 2030.

However, there are a number of challenges to widespread use. 

First, the sustainably derived fuel is typically two to four times as expensive as conventional jet fuel. Globally, jet fuel cost can be volatile but was around $2.76 a gallon as of March 3, according to the International Air Transport Association.

There is poor visibility of pricing because the market is small and supply agreements are confidential. Demand from airlines and their corporate customers is already strong, with any SAF going on the market quickly getting bought up, said Anastacia Davies, who leads data provider BloombergNEF’s global renewable fuels research.

Last year’s Inflation Reduction Act climate bill could help in tackling SAF costs. It established two separate tax credits for the fuel, starting in 2023 and 2025 and expiring at the end of 2024 and 2027, respectively. The short duration of the tax credits will likely limit their impact. United’s chief sustainability officer, Lauren Riley, said the airline is lobbying for longer-term credits. 

A second challenge to scaling SAF production is how much feedstock would be needed to replace conventional jet fuel. Airlines consumed about 80 million gallons of SAF last year, less than 1% of the more than 100 billion gallons needed to fly the world’s planes, according to the International Energy Agency.  

Production capacity for SAF is projected to rise to around 860 million gallons in 2023 and 1.51 billion gallons in 2024 under conservative estimates, according to BloombergNEF. Finnish refiner

Neste Oyj

is one of the biggest producers of SAF globally with an expected yearly capacity of around 515 million gallons by the end of this year. 

Today the fuel is largely produced from crops such as soybean, canola and rapeseed as well as used commercial cooking oils and waste animal fats. Other emerging feedstocks are municipal solid waste, algae, wood waste, alcohol and even green hydrogen. About 6 million metric tons of used cooking oil and 27 million metric tons of animal fats are traded globally every year, which would cover only around 5% of jet fuel consumption, according to BloombergNEF.

“You can’t just increase everybody’s consumption of french fries because we decide we need to double the amount of used cooking oil,” BloombergNEF’s Ms. Davies said.

Another complication is that the biological feedstocks used to produce SAF are also used to make other biofuels for hard-to-decarbonize industries such as the renewable diesel for long-haul trucking. United’s Ms. Riley said the competition for feedstock should decrease as other industries find cleaner alternatives, such as battery-powered trucks replacing those running on internal combustion engines. “Over time, I don’t think the feedstock dialogue is going to get any worse,” she said.

Aviation’s thirst for biofuel might also take away land from food production. To avoid that, many airlines say they buy SAF certified to be produced from waste or other nonfood feedstocks. Still, BloombergNEF’s Ms. Davies said airlines could indirectly increase land use if other industries don’t follow similarly strict policies.

She said one potential solution is farmers growing more cover crops—noncash crops that help improve soil health—that could increase feedstock for fuels. Another solution is synthetic fuel being developed by startups. Last year, Alaska Airlines Inc. and

Microsoft Corp.

signed an agreement to help Twelve Benefit Corp., a California startup, commercialize its electrochemical reactor that can split carbon dioxide into chemical compounds that can be turned into jet fuel. 

Battery- or hydrogen-powered planes are two other clean alternatives for airlines. However, ambitions for battery-powered flights are hampered by the significant weight of the batteries.

Hydrogen’s energy density makes it more promising as a jet fuel.

Airbus SE

is working to develop a hydrogen-powered plane to be in commercial operation by 2035. However, redesigning airplanes to run on hydrogen is a complex challenge and wouldn’t help decarbonize the existing inventory of airplanes with many years or even decades of useful life left. 

Write to Dieter Holger at dieter.holger@wsj.com