The world’s business leaders are worried. Donald Trump’s return to power and the growing hostility of China and Russia are upending 80 years of international rules-based order. In its place is emerging a more chaotic and volatile world, where conflict is commonplace and state actor aggression online continues to escalate.
This is a challenging time to be a CISO. The risk of state-backed cyber-attacks and those of nationalist hacktivists and opportunistic cybercriminals continues to rise.
As does the potential for collateral damage.
Corporate security leaders will need to adapt rapidly to these changing circumstances, or risk being exposed by a ruthless new era of geopolitical tension.
Rising Global Tensions Spill into Cyber
Geopolitics runs throughout the 2025 assessment from the World Economic Forum (WEF), which produces an annual report on global risks devised from interviews with thousands of business leaders and risk experts.
According to the paper, the risk “most likely to present a material crisis on a global scale in 2025” is a “state-based armed conflict.”
Another related risk, “geoeconomic confrontation,” is in third place.
Both make it onto the short-term risks list, which highlights the potential for something to go wrong in the next two years, alongside “cyber-espionage and warfare” and “misinformation and disinformation.”
This is not the first time WEF has highlighted cyber-related risks. In 2023, the WEF report warned that 86% of business leaders and 93% of CISOs believed that geopolitical instability was “moderately” or “very likely” to lead to a catastrophic cyber event in the coming two years.
Recently, WEF’s Global Cybersecurity Outlook 2025 revealed that nearly 60% of global organizations believe geopolitical tensions have impacted their cybersecurity strategy.
This is entirely understandable, given the growing digital aggression of nation state actors. The most recent annual review from the UK’s National Cyber Security Centre (NCSC) describes the most hostile to the West as follows:
China
China continues to be “highly sophisticated and capable” – targeting a wide range of organizations and sectors globally, not just with cyber-espionage but also attacks on critical infrastructure (CNI) networks. These could be laying the groundwork for “disruptive and destructive” attacks in the event of military conflict.
Russia
Russia is described as “capable, motivated and irresponsible,” and has been intensifying its attacks in support of military and diplomatic objectives related to its invasion of Ukraine. Its efforts run the full gamut, from espionage and destruction to disinformation campaigns.
North Korea
North Korea is unusual in prioritizing revenue generation from its cyber-attacks, which are primarily targeted at cryptocurrency companies. However, it is “prolific and capable” and also steals information from defense industries, governments and academia to boost its security and military capabilities.
Iran
Iran is perhaps the least sophisticated of the big four, although its state-sponsored operatives are known to engage in everything from destructive raids to intelligence gathering and propaganda campaigns.
Why Geopolitics Matters to Cybersecurity
The world is splitting into two spheres of influence, as Russia, Iran and North Korea fall in behind China and most of the West aligns with the US. As the old norms crumble and President Trump’s unpredictable second term unfolds, CISOs may find themselves at the center of a geopolitical storm.
Cyberspace continues to be a grey area for nation state conflict despite NATO attempts to establish it as a new domain for war in which Article 5 could be invoked.
Due to this ambiguity, cyber incursions have become an attractive way for nation states to achieve their geopolitical objectives without inviting retaliatory responses in the kinetic world.
According to WEF, CISOs are most concerned in this regard about:
- Operational disruption (45%)
- Cyber-espionage and sensitive IP loss (27%)
- Cyber-related financial losses (11%)
- Damage to brand and customer trust (12%)
For Robert Haist, CISO at TeamViewer, there are also regulatory implications for global security leaders.
“With the geopolitical tensions around the globe we see a lot of national policies coming up tightening cybersecurity regulation. In the EU we have NIS2 then we have transatlantic treaties regarding cybersecurity and AI,” he told Infosecurity.
“Finding a security program and addressing those things as a software producer and as a company that needs to be compliant with all those policies on the national and the EU level is probably the biggest topic for this year.”
Haist’s thoughts are echoed by Justin Kuruvilla, a former Pentagon technical director and current chief cybersecurity strategist at Risk Ledger.
“Regulatory divergence further complicates the landscape. Companies operating in multiple regions must navigate an evolving web of compliance requirements, sanctions and regional cybersecurity mandates,” he explains to Infosecurity. “CISOs must balance these challenges while ensuring their organisations can continue to operate seamlessly on a global scale.”
Government, defense and CNI firms have been in the crosshairs of state-sponsored attacks for many years.
However, as the Russia-Ukraine conflict has shown, no organization is truly safe, whether they’re in a conflict zone and/or provide strategically important services, or not.
Risks come not only state operatives but also hacktivist groups and cybercriminals sheltered by hostile nations – particularly those in the former USSR. There are also signs that nation states are overtly teaming up with cybercrime groups.
“The convergence of geopolitical tensions and cybercrime has created a grey area where financially motivated cybercriminals align with nation-state interests,” said Kuruvilla. “In some cases, these actors have targeted organizations based on ideological beliefs rather than solely financial incentives.”
How CISOs Can Respond to Geopolitical Instability
Gartner predicts that the interconnectivity between geopolitical changes and rapid AI-driven technological advances will demand that CISOs reassess their strategic planning.
“This will push cybersecurity leaders to look for talent and service options both nearshore and offshore. But they must remember not to overreact to events of geopolitical instability without clear evaluation of the impacts to the business,” Gartner analyst Deepti Gopal told Infosecurity.
“Start by assessing key risks and short-term options for anticipated scenarios, and actively look at multi-country engagement strategies. While resilience is top of mind, it is imperative to evaluate the potential impact to your business if a region supporting your value chain is put out of action.”
Kuruvilla argued that CISOs must adopt a Zero Trust mentality that “assumes breach” across the attack surface, especially the extended supply chain.
“Beyond ensuring that all suppliers comply with cybersecurity policies, it is essential to assess additional geopolitical risk factors – such as region of operation, business sector and ownership – that could increase the likelihood of a supplier being targeted by a cyber-attack,” he said.
“CISOs must enhance their view of the critical dependencies of their own third parties, and so on – extending to fourth, fifth and nth parties. Visibility into these suppliers to assess their cyber maturity is essential.”
Given that geopolitical incidents can escalate quickly, security leaders must also ensure their incident response plans are suitably designed, considering how geopolitical factors could amplify “concentration risk,” Kuruvilla claims.
“Collaborating with peers will further identify suppliers where an incident could have a systemic impact across an entire sector,” he says. “A clear understanding of the landscape in which suppliers operate allows organisations to prepare for previously unforeseen risks.”
Conclusion
These are nervy times for global CISOs, as nations flex their muscles in unpredictable ways.
The return of Donald Trump to power, coupled with the growing hostility of China and Russia, is disrupting the longstanding international rules-based order.
This shift demands that CISOs and business leaders rapidly adapt their cybersecurity strategies to protect against rising risks from nationalist hacktivists and opportunistic cybercriminals.
By taking a collaborative, intelligence-driven and resilience-based approach, there is a way to navigate these mounting risks.