Periods of escalating geopolitical conflict extend beyond political developments; they serve as critical risk indicators for organisations in both the private and public sectors. During these times, executive leaders and operational teams must reevaluate and strengthen their cybersecurity strategies to effectively respond to the shifting threat landscape.
Geopolitical Tensions and Cyber Risk: A Global and Strategic Challenge
When geopolitical tensions are on the rise, cyber risks to civilian enterprises and public agencies often increase in parallel. Recent developments involving the United States, Israel and Iran illustrate this pattern. Following military strikes or sanctions escalation, organisations frequently report spikes in malicious cyber activity ranging from credential harvesting campaigns to distributed denial-of-service attacks and network reconnaissance.
Cybersecurity is also becoming a core governance issue inside companies. According to the Association of Corporate Counsel’s State of Cybersecurity Report (1), 84% of companies now give their chief legal officer a key role in the organisation’s cybersecurity strategy, reflecting how cyber risk increasingly intersects with legal, regulatory and operational decision-making.
Cybersecurity as a Core Governance Issue
For executive leaders and boards, the implication is immediate: Geopolitical conflicts do not remain confined to physical battlefields. Instead, they extend across cyberspace to affect faraway civilian enterprises and public institutions. While tensions involving Iran illustrate this dynamic, the underlying logic is not country-specific. Other nation-state actors, including Russia and China, have demonstrated similar cyber patterns in connection with geopolitical escalation. The question is not whether conflict will generate cyber risk, but whether an organisation’s defences are calibrated to withstand it.
While these developments may originate in specific regional conflicts, the underlying dynamic is global. European organisations have also faced spillover cyber activity linked to geopolitical tensions, including operations associated with the war in Ukraine and broader strategic competition among nation-states. Authorities such as the European Union Agency for Cybersecurity (2) have warned that geopolitical instability is likely to drive increased cyber operations by state-linked actors.
The threat has previously, and continues to, materialise on European soil. In the last month, the Cork facility of medical technology company Stryker was impacted by a cyberattack targeting the firm’s global operations. Handala, an Iran-linked hacking group, claimed responsibility for the attack. In 2022, Iran conducted a destructive cyberattack against the government of Albania (3) that significantly disrupted public services and led to the severing of diplomatic relations. That attack is widely viewed as a response to Albania’s hosting of an Iranian dissident group.
Implications for Organisations and Governance
Cyber activity linked to geopolitical tensions is rarely a random disruption. Instead, it increasingly functions as a strategic tool that allows states to exert pressure, retaliate or gather intelligence without escalating into conventional military confrontation. These operations can include credential theft, ransomware campaigns, supply-chain compromises and destructive malware.
Organisations operating in government and critical infrastructure sectors, including energy, telecommunications and financial services, face particularly elevated exposure during periods of geopolitical escalation. Supply-chain partners and research institutions may also become targets, either for strategic intelligence gathering or as indirect entry points into larger networks. In some cases, attackers infiltrate networks months or even years in advance, activating malicious code only when geopolitical tensions intensify. In the Albanian case, the attackers maintained access to government systems for approximately fourteen months prior to executing the attack. Beyond Iran, Russia and China have also been linked to long-term cyber operations targeting government and institutional networks, including those in the EU.
Nation-state cyber operations are not random acts of disruption. They are strategic tools used to project power, deter adversaries, preserve regime stability, and respond to perceived external aggression. This strategic logic explains why enterprise leaders should anticipate and prepare for retaliation during periods of global escalation. Understanding the geopolitical context behind cyber-attacks enables enterprise stakeholders to become more effective risk predictors.
Aligning Cybersecurity with Geopolitical Risk Management
Companies must align their cybersecurity planning more closely with geopolitical risk assessments. Organisations should ensure they have adequate monitoring systems in place, maintain clear incident-response procedures, and strengthen identity protections such as multi-factor authentication. At the enterprise level, these measures should be integrated into risk management processes that enable executive leadership and boards to maintain visibility into evolving threats and to exercise proportionate oversight.
European regulatory frameworks such as the NIS2 Directive are also raising expectations for board-level oversight of cybersecurity preparedness, further elevating cyber resilience as a governance priority for corporate leadership.
The intersection of geopolitics and cyber risk transforms traditional security concerns into complex strategic challenges. Organisations that proactively integrate geopolitical insights with robust cybersecurity governance will not only enhance their resilience but also position themselves to anticipate and mitigate threats before they escalate.
—
1 https://www.acc.com/resource-library/2025-state-cybersecurity-report-house-perspective
2 https://www.enisa.europa.eu/topics/cyber-threats/threat-landscape
3 https://www.bbc.com/news/world-europe-62821757
Further reading
“We have a gold and copper mine in France, no need to go to Mars” – Interview with Éric Marcoux
The challenges of the convergence of Data, AI, Cloud, Blockchain, IoT and Cybersecurity
“Yes to the AI Act, but with moderation” – Thierry Berthier (interview)
This post is also available in: FR DE