Geopolitical instability as a trigger for leadership action



            As conflicts take on a digital dimension, there is growing concern among cyber and business leaders that
            “global geopolitical instability is moderately or very likely to lead to a catastrophic cyber event in the next
            two  years”.  This  is  particularly  worrisome  for  organizations  operating  critical  infrastructure,  such  as
            energy, healthcare and manufacturing – which are increasingly becoming a target for nation-state actors,
            hacktivists  and  other  attackers  motivated  by  political,  economic,  or  strategic  gains.  Multiple  sources
            indicate that at least 150 cyber incidents have taken place since geopolitical tensions have intensified.
            Such developments are influencing leadership action on cybersecurity with recent findings suggesting
            that global geopolitical instability has had a moderate or substantial impact on cyber strategy for 74% of
            business and cyber leaders.



            Regulation as a driver of cyber resilience



            In addition to the business sector, governments and regulators are also driving efforts to ensure that
            cybersecurity  is  strengthened  in  nations  and  regions  by  updating  regulations  and  proposing  new
            standards, in particular for critical infrastructure. Recently, the European Commission proposed a Cyber
            Resilience Act to address the inadequate level of cybersecurity inherent in many products, or inadequate
            security updates to such products and software. The act complements existing legislation such as the
            NIS2.0 Framework which was recently approved by the European Parliament and European Council and
            aims to bolster the EU’s cybersecurity capabilities and resilience by expanding its coverage to include
            more sectors.

            In light of growing cyber risks, the US government has also sought to improve the cybersecurity of key
            industries. In May 2021, following the Colonial Pipeline attack, President Biden signed an executive order
            outlining a number of measures to modernize cybersecurity. Among other things, it led to the signing into
            law of the Cyber Incident Reporting for Critical Infrastructure Act of 2022, whereby critical infrastructure
            organizations  need  to  report  cyber  incidents  and  ransomware  payments  to  the  Cybersecurity
            Infrastructure Security Agency (CISA).

            In response, CISA published a set of  technical rules to protect critical infrastructure information and
            launched a strategic plan for 2023-2025 to collectively reduce risk and build resilience to cyber and
            physical threats to the nation’s infrastructure.

            Nations in the Asia-Pacific region have also been active in updating cybersecurity strategic plans to
            address  threats  to  the  industrial  environment  and  operational  technologies.  Singapore,  for  example,
            updated its Cybersecurity Strategy in 2021 to feature resilient infrastructure as a key pillar; Japan in 2021
            included new approaches to advance digital transformation and cybersecurity; and Australia launched







                                                                                                              83