Cybersecurity today is not just shaped by geopolitics — it’s a front line where power is projected and contested. Strategic competition is escalating to levels unseen since the end of the Cold War, as nations vie for dominance over emerging technologies, infrastructure, and information flows. The private sector — particularly hyperscalers and global tech platforms — now holds much of the strategic data once monopolised by states, placing companies squarely in the crosshairs of geopolitical competition, and its spillover into conflict.
Nation-state actors are embedding themselves in digital infrastructure to surveil, disrupt and prepare for escalation. Targets now include not only governments, but municipalities, corporations, and the infrastructure that powers the global economy. Even those not directly attacked are swept up as collateral damage. Cloud adoption and the race to adopt agentic AI are multiplying attack surfaces. At the same time, AI is also lowering the barrier to entry for threat actors — accelerating the rise of cybercrime-as-a-service.
These dynamics are unfolding against a backdrop of deepening geopolitical instability. The post-World War II global order was built on alliances, multilateral institutions and shared norms. That system is being challenged as never before, weakening the foundations of international cooperation. As geopolitical dynamics shift, the consequences for cybersecurity are immediate and far-reaching. Cyber risk is no longer just a technical concern — it’s a reflection of geopolitical, commercial, technological, and criminal forces in motion. Each is reshaping the threat landscape and driving a strategic shift that demands a distinct response from CISOs today.
Four strategic shifts reshaping cyber – and what CISOs should do now
1. State actors’ digital pivot: From espionage to strategic pre-positioning
According to US and allied intelligence agencies and security services, cyber operations of malign state actors have shifted from espionage and IP theft to long-term strategic pre-positioning in global digital infrastructure. Through state-backed vendors, export of telecom and cloud systems, and increasing influence in standard-setting bodies, these state actors are embedding digital capabilities that could provide asymmetric advantage in future conflict scenarios. Sectors such as telecommunications, energy, transportation, and water have been identified as potential targets of pre-positioning activity. And because much of this infrastructure is owned or operated by the private sector, CISOs play a critical role in front-line defence.
Sectors such as telecommunications, energy, transportation, and water have been identified as potential targets of pre-positioning activity.
2. Hyperscalers: Shared cloud, shared risk
The hyperscale cloud model has enabled unprecedented agility, scale, security and innovation. But it has also created a new kind of concentration risk: a handful of providers now underpin critical operations across entire sectors. Their dominance in critical systems marks a shift from service providers to strategic digital actors, making them high-value targets in geopolitical cyber conflict. To reduce exposure and build resilience, organisations must lean in, treating hyperscalers as strategic partners. Collective defence isn’t optional — it’s foundational to safeguarding not just systems, but the entire ecosystem.
A handful of providers now underpin critical operations across entire sectors.
3. Cybercrime-as-a-service: Expertise commoditised
Cybercrime has evolved into a professionalised industry, with ransomware groups operating with speed, scale, and coordination. Cybercriminals’ specialisation into discrete roles has lowered the barrier to entry, enabling even low-skilled actors to launch sophisticated attacks. Meanwhile, AI continues to expand what’s available in the cybercrime marketplace. This accelerating threat landscape calls for a renewed focus on foundational defences, faster intelligence integration and cross-sector coordination to build true cyber resilience.
Cybercriminals’ specialisation into discrete roles has lowered the barrier to entry, enabling even low-skilled actors to launch sophisticated attacks.
4. Agentic AI: Assistants and attackers
Agentic AI introduces a new phase in cybersecurity risk. Beyond automating tasks, these systems can make decisions, take actions, and pursue goals – expanding the potential for unintended behaviours or adversarial manipulation. Threat actors are exploring ways to exploit or hijack autonomous agents. Simultaneously, enterprises are accelerating AI adoption across functions, raising new considerations around governance, oversight, and operational safeguards. CISOs should stay ahead of this shift by integrating security by design and monitoring every phase of agent deployment.
Agentic AI can make decisions, take actions, and pursue goals – expanding the potential for unintended behaviours or adversarial manipulation.
What matters next isn’t just what CISOs do – but how they lead.
CISO leadership across the enterprise and ecosystem
Together, these strategic shifts are not just reshaping the threat landscape – they’re reshaping the role of the CISO itself. As geopolitics and cybercrime evolve, CISOs should increasingly operate not only as a defender of systems, but as strategic partners across the enterprise. Cybersecurity now intersects with political risk, supply chain integrity, operational resilience, and regulatory change.
Yet, many of these domains still operate in silos, despite facing shared threats. Breaking those silos is no longer optional.
That convergence extends further – cyber threats now overlap with fraud, insider risk, and physical security. These risk areas, once handled separately, are increasingly interlinked through shared adversaries and attack surfaces. Security teams should align around a shared threat model, and CISOs are well positioned to lead that integration.
But internal coordination is only part of the equation. Confirming management and the board are well informed and prepared is just as critical. For many CISOs, one of the most persistent challenges isn’t the technical response. It’s enabling clear upward communication. Management and the boards should be brought into the conversation before a crisis, not during. They need clarity on what the threat profile means, what decisions they’ll be responsible for, and when disclosure is required. That foundation should be laid long before a crisis hits.
Tabletop exercises are one of the most effective ways to build that preparedness. They can help teams across the organisation build muscle memory to act decisively under pressure. At the executive level, story-driven simulations let leadership rehearse risk, responsibility, and response, surfacing gaps no other method reveals until a real crisis hits.
At the board level, members should be briefed on outcomes of internal simulations, which often spotlight areas of board interest, such as ransomware payment decisions, disclosure triggers and potential trading halts. Some organisations opt not to involve the board directly in tabletop exercises to preserve the separation between operational and fiduciary rules. In those cases, lessons from tabletop exercises should flow directly into governance-level briefings and decision frameworks to confirm alignment without blurring roles.
Externally, collaboration is just as essential – especially with peers, suppliers, and public sector partners. In an era of systemic risk, interdependence and shared exposure, no organisation benefits from going it alone.
The next era of cyber leadership belongs to those who can connect threats, align teams, and lead cyber resilience across the boardroom, the business, and the ecosystem.
About the authors
Global cybersecurity and privacy
We help you reduce risk and increase resilience so you can keep your business moving forward
Global Cybersecurity Summit
PwC's 2nd annual virtual Global Cybersecurity Summit
