We have changed our trading / operating policiesGeopolitical tensions have inﬂuenced our cybersecurity strategyGeopolitical tensions have not inﬂuenced our cybersecurity strategy We have stopped doing business / conducting operations in certain countriesWe have changed / are changing vendorsWe have modiﬁed our insurance policies41% 59%The influence of geopolitical tensions on cybersecurity strategy FIGURE 10 Of increasing concern is the spillover from nation- state threats into the cybercriminal domain, whereby nation-state actors increasingly rely on tools and tradecraft from the cybercriminal world and vice versa.40 In interviews conducted for this report, cyber executives agreed that geopolitical tensions are reshaping the cybersecurity landscape. One CISO emphasized that state-sponsored attackers are increasingly targeting not just governments but are also aiming to disrupt economies, undermine critical infrastructure and create chaos within global systems. Today, organizations face direct attacks but also risk becoming collateral damage, as adversaries exploit vulnerabilities in supply chains and shared services. In this environment, understanding geopolitical dynamics has become crucial for effective long-term risk management. CISOs recognize this volatile situation and confirm there are no standard playbooks for dealing with geopolitical risk. Rather, the situation calls for a return to old-fashioned risk management, by looking at problems from a business-impact perspective first, before managing and eventually accepting any residual risk. Close alignment between the security function and the business is therefore essential to address today’s complexity stemming from geopolitical risk. Cybersecuring the Paris Olympic Games was a priority for the French government and took two years of preparation, which included large-scale audits, penetration testing and cyber-crisis management exercises. In the end, despite there being a significant number of cyberattacks – more than any previous Olympic Games – few were successful, and none were able to disrupt the Games or key pieces of infrastructure. However, though the model we implemented for the Olympic Games worked well and could be reused for similar use cases, there are two takeaways. First, this model was designed mainly to focus on certain essential entities and cannot be scaled up for all of society. Second, geopolitical tensions are rising, and so will the number and complexity of cyberattacks. Henceforth, it will be essential to keep pushing for more cyber prevention and strive towards collective cyber resilience. Though regulations and government are part of the solution, they cannot solve all cybersecurity issues. Everyone has a role to play to overcome these challenges, and it is therefore necessary to collectively identify new ways to leverage awareness and increase engagement across society. Vincent Strubel Director General, National Cybersecurity Agency of FranceCASE STUDY 2 Cybersecuring the Paris Olympic Games Global Cybersecurity Outlook 2025 26