By Kris Lovejoy, Global Head of Strategy
Today, ongoing instability around the world has created an environment where threat actors of all kinds see opportunity to use chaos as cover.
Cyber conflict has become a steady backdrop to global turmoil: When global tensions rise, state-aligned actors, criminal organizations and hacktivists strike, aiming to spread fear and disrupt daily life.
Some 64% of organizations explicitly account for these geopolitically motivated attacks in their risk frameworks, recognizing that the distance between a global flashpoint and a corporate network has effectively collapsed.
AI has dramatically accelerated the pace of these attacks, compressing what used to take criminal organizations hours into minutes or even seconds – and allowing adversaries to apply a model of “continuous pressure.” Last year marked the first large-scale attacks carried out without human intervention. This year, 94% of security professionals identified AI as the most significant driver of change in cybersecurity.
At the same time, supply chain interdependencies pose a growing risk to large enterprises, and the era of post-quantum cryptography looms on the horizon, adding even more pressure to get ahead of potentially devastating attacks.
To manage these challenges, business and technology leaders need a 360-degree view of who might be targeting their organizations and why. In an age of instability, awareness of the increasingly volatile threat landscape — and readiness to adapt — is more important than ever.
The most critical oversight in modern defense is focusing solely on motivated attackers, like state-aligned groups. Geopolitical instability provides a perfect smokescreen for opportunistic adversaries who lack a direct political stake but thrive on the resulting chaos.
Table 1: Opportunistic threat actor categories
This includes cybercriminals who run phishing campaigns disguised as urgent wartime updates or donation appeals. It also includes ransomware groups that seek to benefit from crises, hacktivists who may launch high-visibility website defacements or distributed denial-of-service (DDoS) attacks in support of their chosen side, and false-flag operators who pretend to be a nation-state to mislead investigators.
North Korea represents the most advanced bridge between these categories. They famously embed operatives into companies as remote “employees,” quietly stealing money or information, often while the world is focused on bigger geopolitical events.
AI has fundamentally altered the speed of attacks.
This acceleration is becoming more pronounced with the emergence of agentic AI, which holds immense potential to make businesses — and cyber criminals — more efficient. Attackers are now weaponizing agentic AI to automatically scan networks, deploy attacks without human involvement, generate convincing phishing messages and create deepfakes that can fool biometric systems.
The most measurable impact of AI is the compression of "breakout time,” the time it takes for attackers to "break out" of their initial attack site and into lateral systems. In 2025, the average time fell to just 29 minutes; the fastest observed was a mere 27 seconds.
Table 2 | Source: 2026 Crowdstrike Threat Report
The implications for cyber defenders are profound. Resilience in an AI-centric world requires shifting from static detection to anticipatory defense. Security teams must leverage AI not just for triage, but as a proactive tool that can identify gaps before they are exploited. Because AI agents can interact with systems as humans do, cyber defenders also need to ensure the right oversight, permissions and security controls are in place to safely deploy AI at scale.
Because many large organizations now depend on a vast ecosystem of third-party vendors, managed service providers and cloud platforms, a single vulnerability can trigger cascading failure.
In short: securing your own environment isn’t enough. Businesses need to secure the technology they depend on, too.
Most software today relies on open-source components — an estimated 80-90% of modern applications — meaning that when those components aren’t properly managed or updated, vulnerabilities can become mass-scale problems. The recent breach of the FBI’s Digital Collection System Network illustrates this. Attackers used a "side door" through a vendor’s internet service provider to access sensitive data on court-authorized wiretaps.
Regulators have recognized that securing critical infrastructure is impossible without securing the “weakest link,” leading to a new era of enforcement and mandatory transparency. The Software Bill of Materials (SBOM) has emerged as a key tool for understanding what’s inside the software we rely on. The SBOM is a mechanism for radical transparency that requires organizations to operationalize continuous visibility, accountability and governance across software supply chains so they can assess exposure, respond to vulnerabilities and strengthen resilience.
The most significant shift for boards is prioritizing Secure-by-Design over “fix it later” problems after deployment. Governance-as-code is now built into development workflows, using automated checks instead of after-the-fact reviews.
Table 3: Global supply chain security standards (2026)
Acting strategically to build resilience
As geopolitical volatility remains the top factor influencing cyber risk mitigation, organizations must take key strategic steps to navigate uncertainty while managing for sovereignty expectations and digital borders.
- Transition from prevention to resilience: The era of focusing solely on perimeter defense is over. Resilience is now defined by recovery speed and operational continuity. This requires boards to ask not how many attacks were stopped, but how fast core business functions can recover. Organizations should operate with an "assumed compromise" mindset, designing systems that can maintain essential services even while under active attack.
- Treat identity as the new front line: Securing Identities has become critical to protecting against both nation-state actors and criminal syndicates. From the North Korean "remote worker" program to the use of deepfake CEOs, the abuse of trusted identities is a leading cause of breaches. Hardening identity security requires multi-factor authentication (MFA), the application of least-privilege principles and the continuous verification of both people and AI agents.
- Operationalize supply chain transparency: Supply chain risk now depends on the shielding the weakest link. Organizations must shift from static, annual vendor assessments to ongoing engagement with suppliers. This involves the active management of SBOMs where possible and the enforcement of minimum-security baselines in all third-party contracts. Procurement must be treated as a critical cybersecurity function that accounts for geopolitical risks and vendor sovereignty.
- Govern AI like a business-critical system: AI is a double-edged sword that offers both the promise of superior defense and the peril of more sophisticated attacks. Organizations must govern the data pipelines, prompts and agents that power their AI tools, ensuring that "AI washing" does not lead to a false sense of security. Governance and management of AI agents remain critical. This includes developing incident response playbooks specifically for AI-related failures and prompt-injection scenarios.
- Prepare for the quantum era: While AI and geopolitics are dominating current conversations, the threat of quantum computing looms on the 2030 horizon. Post-quantum cryptography (PQC) must be adopted now to prevent "harvest now, decrypt later" attacks targeting sensitive data. Organizations must identify and replace traditional asymmetric encryption methods, prioritizing "cryptographic agility" as a core component of their long-term resilience strategy.
As geopolitical tensions escalate and AI accelerates attackers’ capabilities, organizations must rethink what resilience looks like — in context of prosperity, security, and public trust. The front line of global conflict is no longer a distant location. It is connected to everything — from on premises data centers and the cloud to complex webs of supply chain partners. Businesses that can both see the 360-degree threat landscape and quickly adapt will be those that pull ahead in this era of continuous instability.
Cybersecurity is no longer an IT problem — it is a survival imperative.
