Digital transformation is one of the reasons for the geopolitical instability worldwide. In today’s turbulent times, this has found new ground in cyberspace, where it is more complex than ever. This increasing complexity, with the rapid adoption of technology and the growing cyber capabilities of state and non-state actors worldwide, is compelling them to rethink their national security approaches.
The escalating geopolitical conflicts largely fuel this unsettled situation. Almost 60% of the organisations surveyed say geopolitical tensions have directly impacted their cybersecurity strategy. The goal of a cyberattack is to inflict economic damage, disrupt critical infrastructure, and cause chaos in global systems. This volatile situation requires a shift back to strong “old-fashioned risk management” that starts by identifying problems from a business-impact perspective and then addressing residual risk.
The perception of the order of cyber risks is shifting due to geopolitical uncertainty. As far as executives are concerned, one of the most frequent issues in geopolitical affairs is cyber espionage or theft of valuable data and/or intellectual property (IP). It is a top concern for one in three CEOs, and is shared by 45% of cyber leaders. Disruptions to operations and business processes are the other top concern. The sophistication of attacks is compounded by the fact that threats from nation-states are now seeping into the cybercriminal realm, as cybercrime groups adopt state tools and methods, and state actors adopt cybercrime tools and methods. It is a mixture of high-level skills and business interests that result in lower cost, low-skill on a large scale, and a disruptive attack.
A growing number of attacks on critical communications infrastructure, from large-scale cyber espionage attacks on telecommunications infrastructure to attacks on satellite and undersea cables, are increasingly reaching the geopolitical level. An attack against these systems, whether in energy, water, or biosecurity, does not just affect the system’s function but also the safety of human life itself. Systemic points of failure arise from the critical infrastructure’s dependence on other critical infrastructure. The cables are key to the transfer of information around the globe and economic exchange, and therefore can be vulnerable to disruption and monitoring, for instance, when geopolitical tensions rise. Electrical transmission lines are attractive targets due to the considerable energy they carry, their ease of attack, and their prevalence in the modern world.
These attacks are made more complex by the rapid technological development. For instance, Generative AI (GenAI) is boosting adversarial skill. AI’s convenience is being misused by cybercriminals, who use it to automate and personalize their deceptive messages, leading to a substantial increase in successful phishing and social engineering attacks 42% of organisations experienced such attacks in the last 12 months. With these AI-powered campaigns, threat actors can reach more individuals in more countries at lower cost, thereby enhancing the reach and impact of well-known attack methods, such as business email compromise (BEC).
The increasing complexity of the cyber environment is a major challenge to addressing global cyber inequality and the widening gap between developed and emerging economies. The overall health of the interdependent ecosystem often depends on its weakest links, and under-resourced areas could endanger the security of the digital world. 46% of respondents in other parts of Latin America, Africa, the Middle East, Asia, and the Pacific reported feeling “not at all” prepared to respond to such large-scale events affecting critical infrastructure. In the rest of Latin America, Africa, the Middle East, Asia, and the Pacific, 46% of respondents reported feeling “not at all” confident of their country’s ability to respond to major critical infrastructure incidents. Within Asia, 20% say that their country is not ready. An attack in a less-prepared area may unleash chaos and have a large-scale impact on economic stability and national resilience.
Capacity-building efforts are a critical component in working with this challenge. For example, in India, the cooperative banking system faces a resource challenge that CERT India has addressed. In this program, bank officers participate in cyber drills, and the four pillars of resiliency (anticipate, withstand, recover, evolve) are emphasized with a significant increase in resiliency post-training. In their own right, blueprints are being developed for adoption in India for cyber capacity-building projects being developed in other developing markets. This was a localized focus on developing critical skills and talents, and in 2025, the global cyber skills gap was found to have increased by 8% from 2024, whilst many organisations were found to be lacking in talent.
These challenges, ranging from geopolitical to high tech and artificial intelligence-powered cybercrime, must be met with a national strategy, but not one; a collective one. Improving cooperation between public and private sector actors is crucial to preserving the benefits of digitalisation for all in a borderless cyberspace. Organizations must comply with all international regulations. Resilience needs to be understood as a strategic leadership challenge, with a strong economic argument and a clear understanding of the cost of inaction. Defenders need to take an ecosystem approach for collective defense, as cybercrime is becoming more sophisticated and borderless. Cybersecurity leadership is imperative in this regard, particularly in emerging economies, where cyber inequity is becoming one of the biggest challenges, and a necessary investment must be made to build cyber resilience amid new cyber threats spreading across the globe.
Cyber resilience is more than an armor; it is a tangle of interwoven elements. One thread, whether it’s a critical supplier, a co-operative bank, or a neighboring country, that weakens, is in danger of threatening the entire tapestry of regional stability. It’s time for a comprehensive and collaborative response.
