As global tensions continue to rise, the frequency and severity of cyber attacks attributed to nation-states and their allies are escalating. These attacks are no longer isolated incidents but are interconnected with geopolitical events happening around the world. Organizations are realizing that cybersecurity cannot be treated as a separate entity from global affairs; they are intricately linked.
Cyber conflicts between countries are increasingly spilling over into the digital realm. Whether it’s in the midst of military confrontations, trade disputes, or diplomatic confrontations, governments are utilizing cyber operations to apply pressure, gather intelligence, or disrupt systems. Interestingly, these cyber attacks often target private businesses alongside government entities and critical infrastructure.
One of the emerging challenges in this landscape is the merging of cybercrime with state-sponsored hacking. Criminal organizations are sometimes collaborating directly with governments or operating under their tacit approval. This blurring of lines makes attributing attacks more challenging and the prospect of retaliation riskier for affected parties.
A recent report by PwC highlights how board members and CEOs are increasingly focusing on cybersecurity in light of geopolitical tensions. Executives are now asking new questions about the organization’s risk exposure, such as reliance on suppliers in politically volatile regions and the presence of assets in jurisdictions experiencing heightened tensions. These questions are now considered vital cybersecurity concerns rather than purely supply chain issues.
Industrial sectors like energy, manufacturing, and healthcare have historically been prime targets for cyber threats. However, the scope of industries vulnerable to such attacks is expanding. According to Dragos’ 2025 OT/ICS Cybersecurity report, threats to operational technology (OT) are becoming more strategic as adversaries delve deeper into understanding industrial environments and identifying vulnerabilities.
Andrew Ginter, VP of Industrial Security at Waterfall Security, warns about the evolving risk landscape for OT sites, especially as they integrate Internet-connected industrial services and AI-driven efficiencies. Ginter emphasizes the need for a balance between cybersecurity measures and operational efficiency, suggesting the adoption of Cyber-Informed Engineering (CIE) and unidirectional network engineering to mitigate risks effectively.
In response to the evolving cyber threats intertwined with geopolitical tensions, governments are gradually adapting their cyber diplomacy strategies. The European External Action Service (EEAS) has stressed the importance of cyber diplomacy, particularly as authoritarian regimes ramp up their online aggression. While progress is being made in setting global norms, enforcement mechanisms remain weak, with most agreements being non-binding.
Amidst this challenging environment, organizations are advised to build external alliances before the need arises. Establishing visibility into digital assets, assessing geopolitical exposure, running threat scenarios, and fostering relationships outside the company are essential steps to enhance cybersecurity readiness. Additionally, organizations must address third-party risk by conducting due diligence on partners, adjusting contracts to include cybersecurity measures, and considering data residency implications.
Threat actors in the cyber realm are continually adapting to the changing landscape. They are incorporating disinformation campaigns and data theft tactics to serve both economic and political objectives. The fusion of espionage and destructive cyber attacks with financially motivated techniques by state-backed groups poses significant challenges for organizations in terms of threat attribution and defense.
In conclusion, the evolving hybrid nature of cybersecurity threats intertwined with global geopolitical tensions underscores the critical need for organizations to adopt a new security mindset. Cybersecurity is no longer just about technical defenses but requires a holistic understanding of global risks, swift adaptability, and resilience in the face of an unpredictable and volatile world. Boards must be briefed on geopolitical developments, and the entire organization needs to recognize cybersecurity as a strategic imperative to navigate these complex challenges effectively. Ignoring the link between global politics and cybersecurity is no longer a viable option, as even neutral entities can inadvertently become targets in this evolving landscape. Awareness, agility, and proactive preparation are key to maintaining a robust defense in this increasingly complex and interconnected cybersecurity environment.