Most organizations now accept that geopolitical risk translates into cyber risks. Cyber incidents have ranked as the number one global business risk for multiple years, outpacing natural catastrophes, regulatory disruption, and macroeconomic volatility. What is less understood is when that connection becomes an operational problem — and for whom.
The WEF Global Cybersecurity Outlook 2026 report found that 64% of organizations expect geopolitical tensions to significantly influence their cybersecurity strategy, with over 90% of large organizations adjusting their cyber posture in response. Yet awareness rarely translates into resilience: 65% of large organizations identify third-party and supply chain vulnerabilities as their greatest challenge to cyber defense, but only 27% simulated cyber incidents of conducted exercises with their supply chain partners. This gap between knowing the geopolitical cyber risk exists and proactively managing the risk makes geo-cyber exposure easy to underestimate until it is too late.
Who Gets Targeted and Why
Geopolitical cyber risk is not uniform to all organizations: The risk exposure faced by a manufacturer with suppliers in conflict zones looks very different from what the one encountered by a financial institution navigating sanctions regimes. Threat actors operate both strategically and opportunistically, targeting victims across sectors, organization sizes, and geographic locations. The following case studies exemplify varying geocyber risk:
Organizations outside of these four sectors face risks as well. In March 2026, Iran-linked hackers from the Handala group–acting on behalf of Iran’s Ministry of Intelligence and Security–targeted a US-based medical technology company. The threat actors leveraged Stryker’s Microsoft Intune device management platform to factory-reset approximately 200,000 devices across 79 countries, bypassing endpoint security. The incident cost an estimated $6 billion in lost market capitalization, delayed surgeries, and disrupted manufacturing operations for two weeks. While security researchers found a vulnerable misconfigured device management environment in Stryker, Handala publicly cited Stryker’s business ties to Israel as its reason for targeting the company.
Defending Against the Geopolitical Cyber Risks
In a period of heightened conflict, organizations with either geopolitical exposure or vulnerable infrastructure become victims of state-linked cyberattacks.
Most organizations recognize the potential risk, but the complexity of the geopolitical footprint of relationships, dependencies, and jurisdictional exposures makes management and mitigation of geopolitical cyber risk difficult. Do your suppliers or contractors operate in jurisdictions involved in active conflicts or escalating sanctions? Does your data infrastructure rely on facilities in regions where physical disruption is a probable risk? The next evolution of cyber resilience requires integrating geopolitical insights and cyber threat intelligence to support strategic decision-making and cyber defense capabilities.
- Ensure that your organization is identifying high-risk environments and quantifying cyber risk exposure across jurisdictions by considering operating jurisdictions, nation state cyber capabilities, and global conflicts.
- Assess your organization’s capabilities and security posture in the face of a geo cyber threat by accounting for global footprint and third-party dependencies.
- Test your organization’s resilience and decision-making processes by simulating geopolitically driven cyber events.
For more information, please contact icr@nextpeak.net
—
Footnotes
