Why global tensions are a cybersecurity problem for every business

With global tensions climbing, cyber attacks linked to nation-states and their allies are becoming more common, sophisticated, and destructive. For organizations, cybersecurity can’t be treated as separate from world events anymore, they’re closely connected.

Conflict between countries is spilling into cyberspace. Whether it’s during military escalations, trade disputes, or diplomatic standoffs, governments are using cyber operations to exert pressure, gather intelligence, or disrupt systems. These attacks often hit private businesses, not just governments or critical infrastructure.

One growing concern is the blurred line between cybercrime and state-sponsored hacking. Criminal groups sometimes work directly with governments, or at least operate with their blessing. This makes attribution harder and retaliation riskier.

A PwC report outlines how board members and CEOs are paying closer attention. Executives are asking new questions about risk exposure. For example, does the company rely on suppliers in politically unstable regions? Are there assets located in jurisdictions with rising tensions? These are now cybersecurity questions, not just supply chain ones.

Industrial cyber threats are growing more strategic

Energy, manufacturing, and healthcare remain top targets. But the range of sectors at risk is expanding. According to Dragos’ 2025 OT/ICS Cybersecurity report, cyber threats to operational technology (OT) are becoming more strategic. Adversaries are learning the inner workings of industrial environments and probing for weak spots.

This is not limited to power grids or water plants. Any system that blends physical and digital components is vulnerable. In a geopolitical crisis, these systems can become high-value targets for sabotage or disruption.

Andrew Ginter, VP of Industrial Security at Waterfall Security, urges OT sites to take a hard look at their evolving risk landscape, especially as they adopt Internet-connected industrial services and AI-driven efficiencies. “These technologies save a lot of money,” he says, “but they also open the door to remote-control attack opportunities that OT environments simply weren’t designed to handle.”

The consequences of such attacks are increasingly severe. “We’re seeing bricked controllers causing prolonged outages, damaged heavy equipment leading to even longer downtimes, and compromised safety systems—none of which are acceptable,” Ginter warns.

However, Ginter also points out a paradox that many OT operators face: the cybersecurity measures meant to protect systems can sometimes do more harm than good. “What confuses response is that a strong cybersecurity ‘cure’ for these risks can be worse than the ‘disease,'” he says. “Most OT sites shut down unexpectedly every couple of years due to minor emergencies. But when security gets in the way of fast response, it can cost millions in lost production and breach-of-contract penalties.”

Rather than relying solely on traditional cybersecurity, Ginter recommends a different approach: Cyber-Informed Engineering (CIE) and unidirectional network engineering. “CIE involves small but smart changes to physical processes that take safety consequences entirely off the table,” he explains. “And unidirectional gateways eliminate pivoting paths from the Internet, taking APT attacks entirely off the table.”

Ginter believes this approach strikes the right balance. “By putting ‘unbreachable’ backstops in place for our most critical OT systems, we can enjoy the efficiencies of Internet and cloud-based services while incurring only acceptable risks—and we can do it without paying the extreme costs of extreme cybersecurity.”

Cyber diplomacy is evolving, slowly

Governments are trying to keep up. The European External Action Service (EEAS) has emphasized the need for cyber diplomacy, especially as authoritarian regimes become more aggressive online. But while there is progress on setting global norms, enforcement remains weak. Most agreements are non-binding, and many states continue to develop offensive cyber tools.

According to the World Economic Forum’s Global Cybersecurity Outlook 2025, organizations now operate in a “complex cyberspace” where threats are unpredictable and rules are unclear. Businesses must take the lead in defending themselves, rather than waiting for international agreements to kick in.

Build external alliances before you need them

Start with visibility. You can’t protect what you don’t know you have. Create a full map of your digital assets, including cloud services, remote endpoints, and OT environments. Don’t just rely on standard IT inventories. Use active scanning, asset discovery tools, and input from across the business.

Next, assess geopolitical exposure. This goes beyond traditional risk assessments. Identify where your data is stored, where your vendors operate, and which jurisdictions you depend on for key services. Monitor geopolitical news that could impact those regions.

Then, run realistic threat scenarios. If a major conflict breaks out, how would it affect your operations? Would sanctions block access to suppliers? Could a cyber attack knock out critical systems? Use tabletop exercises to test readiness. Don’t just involve IT, bring in legal, compliance, communications, and business units.

Build relationships outside your company. Join industry threat-sharing groups. Establish contacts with local law enforcement and cybersecurity agencies. In times of crisis, having a direct line can make a big difference.

Also, be prepared to act fast. The European Central Bank has warned that cyber incidents linked to geopolitics often happen with little or no warning. Set up clear incident response plans, with roles and escalation paths well defined. Practice them regularly.

Supply chains and third-party risk

Your partners’ weaknesses are your problem, too. The S&P Global Geopolitical Risk Insights report emphasizes how attackers often go after smaller firms with less protection to reach bigger targets. This is especially common during periods of political instability.

Perform due diligence on third parties, especially those in high-risk regions. Ask about their security controls. Don’t assume they follow best practices. If needed, adjust your contracts to require specific cybersecurity measures.

Also consider data residency. Where your data lives can matter a lot in a crisis. Some governments may try to access or block data stored within their borders. Know your legal exposure and factor that into your cloud strategy.

Threat actors are adapting

Threat groups don’t stay static. Google Cloud’s 2024 analysis shows how attackers are shifting tactics. Some are blending disinformation campaigns with cyber attacks. Others are focusing on data theft that serves both economic and political goals.

BlackBerry’s Ismael Valenzuela warns that political instability is now a key trigger for cyber activity. It’s not just major wars, maller conflicts, elections, and diplomatic feuds can all spark targeted operations. This unpredictability demands constant vigilance.

As global polarization intensifies, cybersecurity threats have become increasingly hybridized, complicating the landscape for threat attribution and defense. Michael DeBolt, Chief Intelligence Officer at Intel 471, explains: “Increasing polarization worldwide has seen the expansion of the state-backed threat actor role, with many established groups taking on financially motivated responsibilities alongside their other strategic goals.”

This evolution is notably visible in threat actors tied to countries such as China, Iran, and North Korea. According to DeBolt, “Heightened geopolitical tensions have reflected this transition in groups originating from China, Iran, and North Korea over the last couple of years—although the latter is somewhat more well-known for its duplicitous activity that often blurs the line of more traditional e-crime threats.”

These state-backed groups increasingly blend espionage and destructive attacks with financially motivated cybercrime techniques, complicating attribution and creating significant practical challenges for organizations. DeBolt highlights the implications: “A primary practical issue organizations are facing is threat attribution, with a follow-on issue being maintaining an effective security posture against these hybrid threats.”

Real-world examples illustrate the complexity vividly. “State-backed threat groups leverage tools and malware traditionally associated with financially motivated threat actors as part of their destructive and/or espionage attacks,” DeBolt notes. The result is that standard defensive frameworks, designed to respond to clear indicators of compromise (IoCs), struggle under these circumstances. DeBolt adds, “The full scope of the group’s attack can render threat models designed to assist organizations in reacting to such indicators of compromise less effective.”

Moreover, organizations face additional complexities in post-incident analyses. DeBolt concludes, “After-action review processes of such attacks also become more complex due to the ambiguity of the attribution.” This ambiguity further underscores the necessity for evolving cybersecurity strategies capable of adapting to increasingly blurred lines between state-sponsored and financially driven cyber threats.

A new security mindset

Geopolitics is now a cybersecurity issue. Businesses must move beyond the basics and consider the broader context. It’s not just about patching software or stopping phishing emails. It’s about understanding global risk, adapting quickly, and building resilience in a volatile world.

Cybersecurity teams should regularly brief leadership on geopolitical developments. Boards should ask questions that link global events to digital risk. And the whole organization must understand that cyber defense is not just an IT function, it’s a strategic priority.

Staying out of politics won’t keep you safe. Even neutral companies can become collateral damage. The best defense is awareness, agility, and preparation.