REFLECT
Cyber threats in a geopolitically unstable world
Insights from the ERS London keynotes and panel
In an era defined by geopolitical turbulence and rapid technological change, understanding the evolving cyber threat landscape has never been more critical. At the recent London session of the European Resilience Summit (ERS), Gemma Ungoed-Thomas delivered a keynote that framed the strategic stakes for organizations navigating this complex environment. This perspective was complemented by a second keynote from Henry Collis, Director at the Centre for Information Resilience, who explored how political warfare is increasingly shaping the risk landscape for businesses.
TEXT: SANDER HULSMAN IMAGES: EUROPEAN RESILIENCE SUMMIT
Together, their insights set the stage for a panel discussion with cybersecurity and policy experts, including Alexander Schellong, Stephen Manley, and Sergei Medvedev, offering both strategic framing and practical perspectives on how organizations can respond to a rapidly evolving threat environment.
Gemma Ungoed-Thomas, Director State Threats, Cyber & Technology of the UK Cabinet Office, began by highlighting the dual pressures facing organizations today: the convergence of geopolitical instability and the acceleration of AI-enabled technology. “Cyber risk cannot be siloed into IT. Boards and executive teams must treat it as a strategic threat, on par with financial or operational risks,” she emphasized. In her view, cyber threats are no longer confined to technical systems; they are organizational and strategic in nature.
Political warfare enters the business domain
Henry Collis, Director at the Centre for Information Resilience, expanded on this shifting landscape by introducing the concept of political warfare as a defining force for organizations. He argued that modern conflict is no longer episodic or confined to military domains, but continuous and operating below the threshold of formal war.
According to Collis, political warfare blends cyber operations, intelligence activities, economic pressure, and information manipulation into a single strategic approach. Rather than isolated incidents, organizations are facing a model of persistent engagement in which disruption, influence, and coercion are applied simultaneously and often indirectly.
He emphasized that cyber capabilities are central to this evolution, enabling espionage, disruption, and influence at scale. From ransomware attacks to disinformation campaigns, the same tools can serve multiple strategic objectives. In this context, businesses are no longer peripheral actors but increasingly part of the operational environment in which geopolitical competition unfolds.
Dual role of AI: threat and defense
She elaborated on how AI and agentic systems are reshaping both the threat landscape and organizational responses. “AI is not only a tool for attackers; it can help organizations anticipate attacks, model threat scenarios, and communicate risk in ways leadership can understand,” Ungoed-Thomas noted. This duality, AI as both a threat multiplier and a defensive instrument, was a recurring theme throughout her keynote.
Why are we a target, what objective does targeting us serve, and how do we fit into a broader state strategy?
Importantly, Ungoed-Thomas also stressed the organizational dimension: the human element often defines success or failure in cyber resilience. She illustrated this with examples of simulated cyber incidents used by companies to test real-time decision-making, cross-department collaboration, and recovery planning. “Embedding resilience into organizational culture is essential. Teams must practice recovery exercises, ensure cross-departmental collaboration, and align cybersecurity initiatives with strategic objectives,” she said.
Businesses are now strategic targets
A key message from Collis’ keynote was that organizations are increasingly targeted not by coincidence, but by design. Businesses control critical infrastructure, hold valuable data and intellectual property, and influence markets and public perception, making them strategically relevant in geopolitical competition.
Collis urged leaders to rethink how they interpret cyber threats by asking fundamental questions: why are we a target, what objective does targeting us serve, and how do we fit into a broader state strategy? An organization may be a direct target, but it can also function as a stepping stone, a pivot point, or part of a wider campaign.
This perspective marks a shift away from viewing cyber incidents as isolated events toward understanding them as components of coordinated, multi-layered strategies involving state and non-state actors.
Panel insights: ground-level realities
The panel discussion that followed offered a complementary perspective, showing the practical implications of these strategic imperatives.
Alexander Schellong, Managing Director Cybersecurity at Schwartz Digits from Germany, highlighted the growing intersection of digital and physical threats. “The convergent nature of cyber and physical risks is making leadership more complex than ever,” he said. He also underscored the rapid adoption of AI. “Organizations are still figuring out governance and rules for AI, particularly in SMEs, where fewer than 15 percent have budgets or plans to address digital sovereignty issues this year.”
Stephen Manley, CTO of Druva from the US, emphasized the practicalities of resilience and recovery. “Every week we help five to seven customers recover from cyber attacks. The worst cases are those who haven’t learned from previous incidents. The attack is inevitable; the question is, are you prepared to respond and recover?” His advice mirrored Ungoed-Thomas’s strategic framing: cross-department collaboration, understanding recovery procedures, and ensuring leadership engagement are critical to surviving attacks.
Sergei Medvedev, professor at Charles University and journalist for Radio Free Europe/Radio Liberty, added a geopolitical and systemic perspective. He emphasized the importance of platform sovereignty and independence. “Freedom often contradicts national sovereignty,” he said. Using examples from AI platform governance and Telegram’s encrypted messaging, he illustrated how control over technology platforms can determine strategic advantage in both media and military contexts.
It’s an endless rat race. Collaboration across civil and government sectors is the only path forward
Good guys, bad guys, and the role of collaboration
Audience questions during the Q&A highlighted the tension between attackers’ advantages and defenders’ challenges. One participant asked, “How do the good guys win?” The responses reinforced themes from both the keynote and panel.
Alexander Schellong noted, “The good guys win in some cases, they lose in others. It’s an endless rat race. Collaboration across civil and government sectors is the only path forward.”
Stephen Manley added that effective communication is key: “Technical teams must translate cyber risks into the language of business, law, and insurance. AI can help frame these risks in ways leadership can act upon.”
Gemma Ungoed-Thomas concluded that these examples underscore a broader imperative: resilience is a strategic choice. Organizations must commit resources, set policies, and build cultures capable of navigating a rapidly evolving threat landscape. “Boards and executives must recognize cyber risk as a strategic business risk, not just a technical issue. Leadership is the key differentiator,” she said.
Lessons for leaders
The session highlighted several actionable insights for organizational leaders:
- Treat cyber risk as strategic
Cybersecurity decisions must be integrated into overall organizational strategy. Threats are no longer purely technical—they affect operations, finance, reputation, and human safety. - Invest in people and culture
Training, simulations, and cross-department exercises ensure that teams are prepared to respond to attacks and recover quickly. - Leverage AI thoughtfully
While AI introduces new threats, it can also enhance resilience by modeling scenarios, translating risks for decision-makers, and detecting emerging threats. - Collaborate across sectors
Public-private partnerships and international cooperation are essential. Information sharing, joint exercises, and policy alignment improve overall security posture. - Diversify resources and platforms
Independence from single platforms or governments, as Sergei illustrated, can protect organizations from political or technological vulnerabilities.
The imperative of strategic leadership
Ultimately, the session illustrated that technology alone is insufficient. Leadership, organizational alignment, and strategic foresight are the true determinants of resilience. Gemma Ungoed-Thomas framed this in her keynote: “Resilience is not just about technology. It’s about governance, culture, and the ability to make strategic choices under pressure. Organizations that understand this, and invest accordingly, will be the ones who survive and thrive.”
The panel discussion, rich with examples from industry and academia, reinforced this message, providing practical illustrations of Ungoed-Thomas’s strategic points. By combining foresight with operational readiness, organizations can better navigate the intersection of AI, cyber threats, and geopolitical volatility.
From insight to action
The ERS London session left one clear message: cyber resilience is a strategic imperative that demands leadership engagement, cross-sector collaboration, and an understanding of both technological and human factors. The keynotes by Gemma Ungoed-Thomas and Henry Collis provided a comprehensive framework, while the panel illustrated the ground-level realities, creating a holistic view of the modern threat landscape.
Collis’s contribution reinforced that cyber threats cannot be viewed in isolation, but must be understood as part of a broader model of political warfare in which businesses play an increasingly central role.
As Alexander Schellong aptly summarized, “It’s a continued path we must follow. Collaboration is no longer optional, it’s essential.” The insights from the session serve as a clear call to action for leaders worldwide: treat cyber resilience as a core strategic objective, not an afterthought. 