Geopolitics, AI and Cyber Resilience

Abstract

The cybersecurity landscape of 2026 is increasingly shaped by the convergence of geopolitical instability, artificial intelligence (AI), systemic digital interdependence, and the growing exposure of critical infrastructure. Drawing upon the Swisscom Cybersecurity Threat Radar 2026 and supported by contemporary peer-reviewed scholarship, this paper examines how cyber threats have evolved from isolated technical incidents into multidimensional strategic risks affecting national security, economic stability, organisational governance, and societal resilience. The analysis explores five interconnected themes: geopolitical fragmentation and cyber conflict, AI-driven cyber threats, software supply chain vulnerabilities, operational technology (OT) and critical infrastructure security, and cyber resilience as a strategic imperative.

The paper argues that cyberspace has become deeply embedded within geopolitical competition, where state-sponsored actors increasingly utilise cyber operations for espionage, coercion, disruption, and influence projection. Simultaneously, AI technologies are transforming both offensive and defensive cybersecurity capabilities by enabling automated attacks, deepfake-enabled social engineering, advanced threat intelligence, and adaptive cyber defence systems. The increasing concentration of cloud infrastructure and globally interconnected software supply chains further amplifies systemic vulnerabilities, creating cascading risks that extend across organisational and national boundaries.

Particular attention is given to the growing convergence of IT and OT environments within critical infrastructure sectors. As industrial control systems become increasingly connected through digital transformation initiatives, cyberattacks may generate direct physical consequences including infrastructure disruption, operational failure, and threats to human safety. These developments demonstrate the expanding cyber-physical dimension of modern cyber risk.

The paper ultimately contends that traditional prevention-oriented cybersecurity models are increasingly insufficient within highly interconnected and volatile digital ecosystems. Instead, organisations and governments must adopt resilience-oriented cybersecurity strategies integrating technological safeguards, geopolitical awareness, governance coordination, operational continuity planning, workforce preparedness, and adaptive recovery capabilities. Cyber resilience therefore emerges not merely as a technical requirement but as a strategic organisational and societal capability essential for maintaining stability, trust, and continuity within contemporary digital society.

1. Introduction

Cybersecurity has increasingly evolved beyond its traditional role as a specialised technical function and is now recognised as a critical issue of strategic governance, economic stability, and national security. The expansion of digital infrastructure, accelerated technological innovation, and growing geopolitical tensions have transformed cyberspace into a contested domain where political, economic, and security interests intersect (Conti, Dehghantanha and Dargahi, 2018). As governments, corporations, and critical infrastructure systems become more digitally interconnected, cyber threats have grown in both sophistication and systemic impact.

The rapid pace of digital transformation has significantly expanded organisational exposure to cyber risk. Technologies such as cloud computing, artificial intelligence (AI), the Internet of Things (IoT), and globally integrated software supply chains have improved operational efficiency while simultaneously creating new vulnerabilities and attack surfaces (Buczak and Guven, 2016). Consequently, cyber incidents are no longer limited to isolated cases of data theft or financial fraud; they increasingly threaten the continuity of essential services, supply chain integrity, and institutional trust.

Contemporary scholarship highlights the extent to which cybersecurity is now intertwined with geopolitical competition and statecraft. Conti, Dehghantanha and Dargahi (2018) argue that cyberspace has become strategically embedded within international political and economic systems, enabling states and non-state actors to pursue espionage, coercion, disruption, and influence operations through cyber means. This development has contributed to the emergence of hybrid forms of conflict in which cyber operations complement conventional political and military strategies (Rid, 2020). Attacks targeting critical infrastructure, telecommunications systems, healthcare networks, and governmental institutions increasingly demonstrate the strategic value of cyber capabilities within modern geopolitical competition.

The interconnected nature of global digital ecosystems has further amplified the potential consequences of cyber incidents. The World Economic Forum (2026) observes that cyberattacks increasingly generate cascading effects across interconnected infrastructures, supply chains, and cloud service environments. Such systemic interdependence means that vulnerabilities within a single software provider or digital platform may affect thousands of organisations simultaneously. This phenomenon has been particularly evident in recent supply chain compromises, which illustrate how modern cyber risk extends beyond individual organisations to encompass entire economic and technological ecosystems (Boyens et al., 2022).

Artificial intelligence represents another transformative factor reshaping the cybersecurity landscape. AI-driven technologies are increasingly utilised by both attackers and defenders, thereby intensifying the complexity of cyber conflict. On the offensive side, AI enables the automation of phishing campaigns, vulnerability discovery, malware adaptation, and deepfake-enabled social engineering attacks (Brundage et al., 2018). Conversely, defensive cybersecurity systems increasingly rely on machine learning and advanced analytics to improve anomaly detection, automate incident response, and strengthen cyber threat intelligence capabilities (Buczak and Guven, 2016). This dual-use nature of AI creates a strategic dilemma whereby technologies designed to improve security may simultaneously enhance offensive cyber capabilities.

In response to these developments, cybersecurity strategies are gradually shifting from prevention-oriented models toward resilience-based approaches. Traditional security frameworks premised upon the assumption that threats can be fully prevented are increasingly insufficient within highly interconnected and dynamic digital environments. Instead, organisations are being encouraged to prioritise cyber resilience through adaptive governance structures, incident preparedness, operational continuity planning, and cross-sector collaboration (Linkov and Kott, 2019). The Swisscom Cybersecurity Threat Radar 2026 similarly argues that resilience, sovereignty, and strategic preparedness will become central requirements for organisations operating in increasingly unstable digital ecosystems (Swisscom, 2026).

This paper critically examines the relationship between geopolitics, disruptive technologies, and cybersecurity resilience within the emerging cyber threat landscape of 2026. Drawing upon the findings of the Swisscom Cybersecurity Threat Radar 2026 alongside peer-reviewed academic literature, the paper evaluates the principal drivers of contemporary cyber risk and explores their implications for organisational security governance. It argues that effective cybersecurity management now requires an integrated approach that combines technological innovation, geopolitical awareness, institutional resilience, and strategic coordination across public and private sectors.

2. Geopolitical Fragmentation and Cyber Conflict

Cybersecurity threats are increasingly shaped by geopolitical instability and strategic competition between states. In the contemporary digital environment, cyber operations have become integral instruments of national power, utilised alongside diplomatic, economic, and military tools to pursue strategic objectives. As cyberspace becomes progressively embedded within global political and economic systems, cyber conflict has evolved beyond conventional cybercrime into a complex domain of geopolitical contestation (Rid, 2020). State-sponsored cyber operations, cyber espionage, influence campaigns, and attacks on critical infrastructure are now central features of international competition, reflecting the growing strategic significance of cyberspace within global security architecture.

The Swisscom Cybersecurity Threat Radar 2026 identifies geopolitical fragmentation as one of the principal drivers of the evolving cyber threat landscape. The report argues that rising geopolitical tensions significantly increase the likelihood of cyber escalation, particularly through attacks targeting critical infrastructure, telecommunications networks, cloud service providers, and software supply chains (Swisscom, 2026). Such developments demonstrate how cyber threats increasingly mirror broader geopolitical rivalries, with digital infrastructure becoming both a strategic asset and a potential point of vulnerability.

This assessment is reinforced by contemporary policy analysis and academic scholarship. The World Economic Forum (2026) argues that cyberspace is now “deeply intertwined with geopolitics,” creating conditions in which localised cyber incidents may rapidly generate transnational economic and political consequences. The interconnected structure of global digital ecosystems means that cyberattacks targeting a single state, organisation, or technology provider can produce cascading disruptions across multiple sectors and jurisdictions. Conti, Dehghantanha and Dargahi (2018) similarly contend that cyber conflict transcends national boundaries because modern communication systems, cloud infrastructures, and software dependencies operate through highly interconnected global networks. As a result, cyber incidents increasingly possess systemic implications extending beyond the immediate target.

A key distinction between geopolitical cyber operations and conventional cybercrime lies in the strategic intent underlying such activities. Traditional cybercrime is generally motivated by financial gain, whereas state-sponsored cyber operations often pursue broader objectives including intelligence gathering, political coercion, strategic disruption, and influence projection (Lindsay, 2013). Cyber capabilities therefore provide states with relatively low-cost and deniable mechanisms through which they may pursue geopolitical interests while remaining below the threshold of conventional armed conflict.

Contemporary cyber conflict also increasingly reflects the characteristics of hybrid warfare. Hybrid warfare refers to the integration of military, informational, economic, and cyber instruments to achieve strategic advantage while complicating attribution and response (Murray and Mansoor, 2012). Within this context, cyber operations are frequently combined with disinformation campaigns, psychological operations, and influence activities aimed at undermining institutional trust, public confidence, and political stability. The use of misinformation and digitally amplified propaganda has become particularly significant within electoral processes, international crises, and interstate conflict environments (Rid, 2020).

The convergence of physical and digital domains has further intensified the complexity of geopolitical cyber risk. Critical infrastructure systems—including energy grids, healthcare services, transportation networks, financial systems, and telecommunications infrastructure—are increasingly dependent upon interconnected digital technologies. Consequently, cyberattacks may produce tangible physical and societal consequences extending beyond data compromise or operational disruption. The growing integration of cloud infrastructures and global supply chains also means that civilian organisations frequently become indirect targets within broader geopolitical disputes due to their technological dependencies or strategic relevance (Boyens et al., 2022).

Supply chain compromise has emerged as a particularly significant geopolitical risk. Modern organisations rely extensively upon third-party software vendors, cloud providers, and international technology ecosystems. This interdependence creates opportunities for adversaries to exploit trusted relationships within software and infrastructure supply chains. Incidents such as the SolarWinds compromise demonstrated how state-linked actors may infiltrate numerous governmental and private-sector organisations through a single software provider, thereby magnifying the strategic impact of cyber operations (Boyens et al., 2022). Such attacks illustrate the systemic nature of modern cyber risk and the difficulties associated with securing globally interconnected digital ecosystems.

These developments challenge traditional approaches to organisational cybersecurity governance. Conventional cybersecurity frameworks often focus primarily on technical vulnerabilities, compliance requirements, and operational risk management. However, the geopoliticalisation of cyberspace requires organisations to adopt broader strategic perspectives incorporating geopolitical intelligence, regulatory developments, digital sovereignty considerations, and supply chain resilience. Cybersecurity governance must therefore extend beyond technical protection toward comprehensive risk management strategies capable of addressing political, economic, and systemic dimensions of cyber threat exposure (Linkov and Kott, 2019).

Furthermore, growing concerns surrounding digital sovereignty reflect the increasing politicisation of digital infrastructure and data governance. States and organisations are becoming increasingly concerned about dependency upon foreign-controlled cloud platforms, software providers, and telecommunications infrastructure. Questions surrounding jurisdictional control, data localisation, technological dependence, and strategic autonomy are therefore becoming central considerations within cybersecurity policy and organisational governance (Pohle and Thiel, 2020).

Ultimately, geopolitical fragmentation has transformed cybersecurity into a strategic issue situated at the intersection of technology, international relations, and economic security. Cyber conflict is no longer confined to isolated technical attacks but has become embedded within broader geopolitical competition and hybrid forms of conflict. Consequently, organisations operating within digitally interconnected environments must increasingly adopt resilience-oriented and geopolitically informed cybersecurity strategies capable of responding to an evolving and highly uncertain threat landscape.

3. Artificial Intelligence as a Cybersecurity Risk Multiplier

Artificial intelligence (AI) has emerged as one of the most transformative and disruptive developments within contemporary cybersecurity. While AI technologies provide substantial opportunities to strengthen cyber defence capabilities, they simultaneously enhance the sophistication, scale, and accessibility of cyberattacks. The Swisscom Threat Radar 2026 characterises AI as a “risk multiplier” because it accelerates both offensive and defensive cyber operations, fundamentally altering the strategic dynamics of cyberspace (Swisscom, 2026). Consequently, AI has become a central factor shaping the modern cyber threat landscape and broader debates surrounding cyber resilience, governance, and national security.

The integration of AI into cyber operations has significantly reduced the technical barriers traditionally associated with sophisticated cyberattacks. Historically, advanced cyber operations required highly specialised expertise, extensive manual coordination, and considerable financial resources. However, developments in machine learning, large language models, and generative AI systems increasingly enable attackers to automate many stages of the cyber kill chain, including reconnaissance, vulnerability discovery, phishing personalisation, malware development, and social engineering (Brundage et al., 2018). This democratisation of cyber capability increases the likelihood that less technically skilled actors may conduct attacks previously associated primarily with advanced persistent threat (APT) groups or state-sponsored organisations.

Recent scholarship identifies several categories of AI-enabled cyber threats that are rapidly evolving in complexity and impact. Erukude, Marella and Veluru (2026) identify four principal categories of AI-driven cyber risk: synthetic media attacks, adversarial AI manipulation, AI-powered malware, and automated social engineering. Synthetic media attacks involve the use of generative AI systems to create realistic but fabricated audio, video, and image content designed to deceive individuals or organisations. Adversarial AI attacks involve manipulating machine learning systems by introducing malicious inputs intended to compromise AI decision-making processes. AI-powered malware refers to malicious software capable of adapting autonomously to defensive environments, while automated social engineering utilises AI-generated communications to increase the effectiveness and scalability of phishing and deception campaigns.

Among these emerging threats, deepfake technology represents one of the most concerning developments. Deepfakes utilise deep learning algorithms to generate highly convincing synthetic representations of individuals’ voices, facial expressions, or behaviours. Such technologies undermine trust in digital communications by making it increasingly difficult to distinguish authentic content from fabricated material (Kietzmann et al., 2020). Deepfake-enabled attacks create substantial risks across financial, political, and organisational contexts. Cybercriminals have already utilised AI-generated voice impersonation in corporate fraud schemes to deceive employees into transferring funds or disclosing sensitive information. Similarly, state and non-state actors may employ synthetic media within disinformation campaigns intended to manipulate public opinion, destabilise political institutions, or undermine electoral legitimacy.

The emergence of generative AI also significantly enhances the effectiveness of phishing campaigns and social engineering attacks. Traditional phishing operations often relied upon generic messaging that could be identified through poor grammar, suspicious formatting, or inconsistent communication patterns. Contemporary generative AI systems can now produce highly personalised and linguistically sophisticated phishing content tailored to specific individuals, organisations, or cultural contexts (Hazell, 2023). By analysing publicly available information, AI systems can autonomously generate realistic communications that imitate legitimate organisational language and behavioural patterns, thereby increasing the likelihood of successful deception. This development substantially amplifies the scalability and effectiveness of social engineering attacks while simultaneously reducing the resources required to conduct them.

AI additionally transforms malware development and cyber offensive automation. Machine learning systems may autonomously identify vulnerabilities, adapt malicious code to evade detection, and optimise attack strategies in real time (Brundage et al., 2018). AI-enhanced malware increasingly demonstrates the capacity to modify behavioural signatures dynamically in response to cybersecurity controls, thereby complicating traditional detection approaches reliant upon known attack patterns or signatures. Furthermore, AI enables automated vulnerability scanning across large-scale digital infrastructures, accelerating the speed at which attackers can identify and exploit security weaknesses. Consequently, AI-driven cyber operations increase both the operational tempo and scalability of cyber conflict.

Another emerging concern involves adversarial machine learning, whereby attackers deliberately manipulate AI systems through malicious data inputs or model poisoning techniques. As organisations increasingly rely upon AI-driven cybersecurity tools for threat detection, anomaly analysis, and automated response mechanisms, these systems themselves become targets for exploitation (Biggio and Roli, 2018). Adversarial attacks may deceive machine learning models into misclassifying malicious activity as legitimate behaviour or generating inaccurate threat assessments. Such vulnerabilities highlight the paradoxical reality that AI-driven security systems may simultaneously strengthen and weaken organisational cyber resilience depending upon their design, governance, and operational integrity.

Despite these risks, AI also offers substantial defensive advantages within cybersecurity operations. The growing complexity, speed, and scale of cyber threats exceed the analytical capacity of purely human-centred security operations. Consequently, organisations increasingly utilise AI and machine learning technologies to enhance threat detection, automate incident response, and improve cyber threat intelligence capabilities (Buczak and Guven, 2016). AI-driven security systems can analyse vast volumes of network traffic, identify anomalous behaviours, and detect indicators of compromise with significantly greater speed than traditional manual approaches. Machine learning algorithms are particularly valuable within environments characterised by large-scale data generation, including cloud infrastructures, financial systems, and industrial control networks.

Cyber threat intelligence has become especially dependent upon AI-enhanced analytics. Conti, Dehghantanha and Dargahi (2018) argue that modern cyber threat intelligence increasingly relies upon advanced machine learning and data mining techniques to process the enormous quantity of threat data generated within contemporary digital ecosystems. AI systems can identify behavioural patterns, correlate threat indicators across multiple environments, and support predictive analysis concerning emerging cyber risks. Similarly, Nunes et al. (2016) demonstrate how machine learning techniques can support proactive cybersecurity intelligence through the automated analysis of darknet and deepnet environments to identify emerging threats before they materialise into large-scale attacks.

AI also contributes to operational resilience by improving incident response and security orchestration. Security Operations Centres (SOCs) increasingly employ AI-driven automation to prioritise alerts, reduce false positives, and accelerate response times to cyber incidents (IBM Security, 2024). Such capabilities are particularly important given the growing shortage of skilled cybersecurity professionals and the increasing complexity of modern threat environments. Automated response systems may isolate compromised systems, block malicious traffic, or initiate containment procedures in real time, thereby reducing the potential impact of cyberattacks.

Nevertheless, the integration of AI into cybersecurity governance introduces significant ethical, legal, and regulatory challenges. AI systems frequently depend upon large-scale data collection and behavioural monitoring, raising concerns surrounding privacy, surveillance, transparency, and algorithmic accountability (Cath et al., 2018). Furthermore, the opacity of many machine learning models creates difficulties regarding explainability and oversight, particularly when AI systems autonomously influence critical security decisions. Questions concerning liability and accountability become increasingly complex when autonomous AI systems generate harmful outcomes or inaccurate threat assessments.

The dual-use nature of AI therefore creates a strategic paradox within cybersecurity governance. Organisations must increasingly adopt AI technologies to defend against rapidly evolving threats while simultaneously managing the new vulnerabilities and systemic risks that AI introduces. This dynamic contributes to an escalating technological arms race between attackers and defenders in which AI continuously reshapes offensive and defensive capabilities. The World Economic Forum (2026) warns that AI simultaneously strengthens cyber resilience while amplifying cyber risk, thereby intensifying uncertainty within global digital ecosystems.

Ultimately, artificial intelligence is reshaping cybersecurity at technological, organisational, and geopolitical levels. AI enhances the automation, scalability, and sophistication of cyber operations while simultaneously strengthening defensive intelligence and operational resilience. However, the increasing reliance upon AI-driven systems also introduces new forms of systemic vulnerability, adversarial manipulation, and governance complexity. Effective cybersecurity strategies must therefore integrate AI governance, resilience planning, ethical oversight, and adaptive threat intelligence capabilities to manage the rapidly evolving risks associated with AI-enabled cyber conflict.

4. Supply Chain Security and Digital Sovereignty

Software supply chain attacks have emerged as one of the most significant and strategically disruptive cybersecurity threats of the digital era. Rather than targeting organisations directly, attackers increasingly compromise trusted third-party software providers, cloud platforms, open-source dependencies, and managed service providers in order to infiltrate downstream customers at scale. The Swisscom Threat Radar 2026 emphasises that compromising a single supplier can provide adversaries with indirect access to thousands of organisations simultaneously, thereby magnifying both the operational and geopolitical impact of cyberattacks.

Contemporary organisations operate within highly interconnected digital ecosystems characterised by extensive reliance upon cloud computing, software-as-a-service (SaaS) platforms, application programming interfaces (APIs), and open-source software libraries. While such interconnectivity improves operational efficiency, scalability, and innovation, it also creates systemic vulnerabilities embedded within complex trust relationships (Boyens et al., 2022). Modern software development practices frequently depend upon externally sourced code components and continuous integration/continuous deployment (CI/CD) pipelines, many of which lack comprehensive security verification mechanisms. As a result, attackers increasingly exploit software dependencies and trusted update mechanisms to bypass conventional perimeter-based security controls (Zahan et al., 2023).

Unlike traditional cyberattacks, supply chain compromises are particularly difficult to detect because malicious activity originates from legitimate and trusted vendors. In many cases, compromised software updates are digitally signed and distributed through authorised channels, allowing malware to evade detection systems and security monitoring processes (Ellison et al., 2020). Consequently, supply chain attacks undermine one of the foundational assumptions of digital security: trust in authorised software providers and infrastructure partners.

The SolarWinds compromise remains one of the most significant examples of strategic software supply chain infiltration. Attackers inserted malicious code into software updates distributed by SolarWinds’ Orion platform, thereby compromising numerous government agencies, multinational corporations, and critical infrastructure organisations through a trusted software channel (Boyens et al., 2022). The incident demonstrated how adversaries could leverage supply chain dependencies to conduct large-scale espionage and persistent network infiltration while remaining undetected for extended periods. It also illustrated the systemic nature of cyber risk within globally interconnected digital infrastructures.

Academic research increasingly highlights the growing strategic significance of software supply chain security within contemporary cybersecurity governance. Zahan et al. (2023) argue that software supply chains have become critical attack surfaces due to the widespread adoption of open-source software and globally distributed development environments. Similarly, Piergiorgio et al. (2020) observe that modern software ecosystems are characterised by “transitive trust,” whereby vulnerabilities introduced into a single dependency may propagate throughout entire technological ecosystems. This interconnectedness significantly amplifies the potential scale and impact of cyber incidents.

The rapid expansion of cloud computing has significantly intensified organisational exposure to supply chain and systemic cyber risks. Contemporary digital infrastructures are increasingly dependent upon a relatively small number of hyperscale multinational cloud providers, creating concentrated forms of technological dependency comparable to systemic concentration risks observed within financial systems and critical infrastructure sectors (Pohle and Thiel, 2020). Although large cloud providers offer substantial advantages in terms of scalability, operational efficiency, resilience engineering, and advanced cybersecurity capabilities, excessive reliance on a limited number of providers may also generate critical single points of failure within globally interconnected digital ecosystems (Boyens et al., 2022). Research on systemic cyber risk demonstrates that disruptions affecting dominant cloud infrastructures can rapidly propagate across interconnected organisations, supply chains, and national economies due to the high degree of digital interdependence characterising modern information systems (Biener, Eling and Wirfs, 2015). Consequently, outages, cyberattacks, geopolitical disputes, regulatory fragmentation, or sanctions affecting major cloud providers may produce cascading operational and economic consequences across multiple industries and jurisdictions (World Economic Forum, 2026). These developments have contributed to growing concerns surrounding digital sovereignty, strategic autonomy, and cloud concentration risk within both cybersecurity governance and international policy discourse (Pohle and Thiel, 2020).

Closely linked to supply chain security is the concept of digital sovereignty. Digital sovereignty refers to the ability of states, organisations, and institutions to maintain strategic control over their digital infrastructure, data governance, technological dependencies, and cyber capabilities (Pohle and Thiel, 2020). The Swisscom report argues that organisations face growing pressure due to dependence on foreign-owned cloud infrastructures, software vendors, and data-processing environments. Such dependencies create concerns regarding jurisdictional control, regulatory compliance, surveillance exposure, and long-term technological autonomy.

Digital sovereignty has become increasingly important within the context of geopolitical fragmentation and strategic technological competition. Governments and organisations are becoming more concerned about the concentration of critical digital infrastructure within a limited number of foreign-controlled technology companies. Data localisation requirements, cross-border data transfer restrictions, and national cybersecurity regulations increasingly reflect attempts by states to strengthen control over strategically important digital assets (Couture and Toupin, 2019). Within the European context, initiatives surrounding digital autonomy and sovereign cloud infrastructure demonstrate broader concerns regarding dependence upon non-European technology providers and external legal jurisdictions.

The geopolitical dimensions of digital sovereignty are particularly evident in relation to cloud governance and extraterritorial legal authority. Foreign legislation may compel cloud providers to disclose data stored across international jurisdictions, thereby creating tensions between national sovereignty, privacy regulations, and global digital commerce (Pohle and Thiel, 2020). Consequently, organisations operating internationally must increasingly evaluate cybersecurity not only as a technical issue but also as a matter of strategic governance, regulatory exposure, and geopolitical risk management.

In response to these developments, organisations are adopting more comprehensive approaches to software supply chain security and digital resilience. Such strategies include supplier diversification, zero-trust architectures, software bill of materials (SBOM) implementation, cryptographic verification of software components, continuous third-party risk assessment, and enhanced incident response planning (Boyens et al., 2022). Zero-trust security models are particularly relevant because they reduce implicit trust relationships within digital ecosystems by requiring continuous authentication and verification across networks, users, and applications.

Furthermore, cybersecurity governance increasingly requires collaboration between governments, private-sector organisations, cloud providers, and international regulatory bodies. Because supply chain vulnerabilities frequently transcend organisational and national boundaries, effective mitigation depends upon coordinated threat intelligence sharing, harmonised security standards, and international cooperation mechanisms (World Economic Forum, 2026). As digital ecosystems become progressively interconnected, resilience-oriented approaches to supply chain governance will become essential for maintaining operational continuity and reducing systemic cyber risk.

Ultimately, software supply chain security and digital sovereignty represent interconnected dimensions of contemporary cybersecurity strategy. Supply chain attacks exploit the trust relationships underpinning global digital ecosystems, while digital sovereignty concerns reflect broader geopolitical struggles surrounding technological dependence and strategic autonomy. Together, these developments demonstrate how cybersecurity has evolved beyond isolated technical protection toward a broader challenge involving governance, resilience, geopolitics, and systemic risk management.

5. Operational Technology and Critical Infrastructure Risks

Operational Technology (OT) systems have emerged as one of the most strategically significant and vulnerable domains within contemporary cybersecurity. OT environments encompass industrial control systems (ICS), supervisory control and data acquisition (SCADA) systems, manufacturing plants, energy grids, water utilities, transportation networks, healthcare infrastructure, and telecommunications systems. Historically, these environments operated in isolated and proprietary architectures with limited connectivity to external networks. However, accelerated digital transformation, industrial automation, cloud integration, and Industrial Internet of Things (IIoT) adoption have increasingly connected OT systems with conventional Information Technology (IT) environments, thereby expanding the cyberattack surface (Krausmann et al., 2011).

The convergence of IT and OT systems fundamentally alters the nature of cyber risk because cyberattacks against industrial environments may produce direct physical consequences. Unlike traditional IT breaches that primarily compromise confidentiality or data integrity, attacks against OT systems may disrupt industrial processes, damage physical equipment, interrupt essential services, or threaten human safety (Humayed et al., 2017). The Swisscom Threat Radar 2026 identifies OT security as an emerging executive-level concern due to the growing dependence of critical infrastructure sectors upon digitally interconnected operational systems (Swisscom, 2026). As societies become increasingly dependent on digital infrastructure, cyber resilience within OT environments becomes closely linked to economic stability, national security, and public safety.

Critical infrastructure sectors represent particularly attractive targets for sophisticated threat actors, including state-sponsored groups and advanced persistent threat (APT) actors. Cyberattacks targeting electricity generation, oil and gas infrastructure, transportation systems, healthcare facilities, and telecommunications networks may create significant political, economic, and societal disruption (Cherdantseva et al., 2016). State-sponsored cyber operations increasingly utilise critical infrastructure disruption as a mechanism of strategic coercion within broader geopolitical competition. Such attacks may undermine public trust, disrupt governmental functions, and generate cascading economic consequences across interconnected sectors (Rid, 2020).

The strategic importance of OT cybersecurity has been reinforced by several high-profile cyber incidents targeting industrial environments. The Stuxnet attack demonstrated the capacity of malware to manipulate industrial control systems and physically damage critical infrastructure through cyber means (Langner, 2011). More recently, ransomware attacks targeting healthcare systems, pipeline operators, and manufacturing facilities have illustrated how disruptions within OT-dependent sectors can rapidly escalate into broader societal crises. Research by Knowles et al. (2015) argues that the increasing integration of cyber-physical systems creates “systemic vulnerabilities” in which digital compromise may trigger complex operational and safety failures across interconnected infrastructures.

OT environments present unique cybersecurity challenges that differ substantially from traditional IT systems. Many industrial systems were designed primarily for reliability, availability, and operational continuity rather than cybersecurity. Consequently, legacy OT infrastructures frequently rely on outdated operating systems, insecure communication protocols, and proprietary technologies that are difficult to update or replace (Humayed et al., 2017). In many industrial contexts, systems remain operational for decades, creating long-term exposure to known vulnerabilities. Additionally, patch management and software updates are often constrained by operational requirements because downtime may interrupt essential services or industrial production processes.

Another significant challenge involves the differing priorities between IT and OT security management. Traditional IT cybersecurity generally prioritises confidentiality, whereas OT environments prioritise availability and safety (Cherdantseva et al., 2016). Standard cybersecurity controls such as frequent patching, system rebooting, aggressive network scanning, or endpoint monitoring may interfere with operational processes or introduce unacceptable safety risks within industrial environments. As a result, many organisations struggle to balance cybersecurity requirements against operational continuity and safety obligations.

The growing adoption of IIoT devices and cloud-connected industrial systems further increases OT exposure to cyber threats. Digital transformation initiatives frequently introduce remote access capabilities, wireless communication technologies, and interconnected sensor networks into previously isolated industrial systems. While such innovations improve efficiency, predictive maintenance, and operational visibility, they simultaneously expand opportunities for adversaries to exploit insecure interfaces, third-party software dependencies, or poorly segmented networks (Boyes et al., 2018). The convergence of IT, OT, and cloud infrastructures therefore increases the complexity of securing industrial ecosystems.

Human and organisational factors also contribute significantly to OT cybersecurity risk. Industrial organisations often face shortages of personnel possessing expertise across both cybersecurity and industrial engineering disciplines. Additionally, fragmented governance structures may separate IT security teams from operational engineering teams, thereby creating coordination challenges and inconsistent security policies (Knowles et al., 2015). Effective OT security therefore requires interdisciplinary collaboration integrating cybersecurity governance, engineering expertise, risk management, and operational resilience planning.

In response to these evolving risks, organisations are increasingly adopting integrated IT-OT cybersecurity strategies. Contemporary best practice emphasises network segmentation, zero-trust architectures, continuous monitoring, industrial intrusion detection systems, secure remote access controls, and cyber-physical incident response planning (Humayed et al., 2017). International frameworks such as the NIST Cybersecurity Framework and IEC 62443 standards further encourage risk-based approaches to securing industrial automation and control systems. Linkov and Kott (2019) argue that resilience-oriented cybersecurity models are particularly important within critical infrastructure sectors because complete prevention of cyber incidents is unrealistic within highly interconnected operational environments.

Ultimately, OT cybersecurity represents a central challenge within the broader evolution of cyber risk. The convergence of operational systems with digital networks has transformed critical infrastructure into a contested cyber domain where technical vulnerabilities intersect with geopolitical competition, economic security, and public safety concerns. Consequently, organisations responsible for critical infrastructure must increasingly adopt comprehensive resilience-oriented security strategies integrating governance, technological safeguards, workforce capabilities, and operational continuity planning in order to manage the growing risks associated with cyber-physical interdependence.

6. Cyber Resilience as a Strategic Imperative

Traditional cybersecurity strategies have historically focused primarily on prevention-oriented models designed to block or minimise unauthorised access to information systems. However, the increasing sophistication, frequency, and inevitability of cyberattacks have demonstrated the limitations of purely preventive approaches. In highly interconnected digital ecosystems, organisations can no longer assume that cyber incidents can be completely avoided. Consequently, cybersecurity strategy is increasingly shifting toward resilience-oriented frameworks that prioritise an organisation’s capacity to anticipate, withstand, respond to, recover from, and adapt to cyber disruptions (Linkov and Kott, 2019).

The Swisscom Threat Radar 2026 identifies cyber resilience as a critical strategic priority for organisations operating within unstable geopolitical and technological environments (Swisscom, 2026). Rather than focusing exclusively on defensive technologies, the report emphasises broader organisational capabilities including incident preparedness, governance integration, operational continuity planning, dependency management, and adaptive recovery mechanisms. Similarly, the World Economic Forum (2026) argues that organisations must strengthen cyber resilience through unified visibility across digital infrastructures, simplified security architectures, collaborative governance models, and enhanced supply chain oversight. These developments reflect a broader recognition that cybersecurity is no longer solely a technical function but a strategic governance challenge closely connected to business continuity and organisational sustainability.

Cyber resilience extends beyond traditional cybersecurity by integrating technical, organisational, operational, and strategic dimensions of risk management. Linkov et al. (2013) define resilience as the capacity of systems to prepare for, absorb, recover from, and adapt to adverse events. Within cybersecurity contexts, resilience therefore involves maintaining essential functions during cyber incidents while minimising operational disruption and enabling rapid recovery. This approach recognises that digital systems are increasingly interconnected, dynamic, and exposed to systemic risks that cannot be entirely eliminated through preventive controls alone.

One of the principal drivers behind the growing importance of cyber resilience is the increasing complexity and interdependence of digital ecosystems. Modern organisations rely extensively upon cloud infrastructures, third-party software vendors, globally distributed supply chains, remote work technologies, and AI-enabled systems. While these technologies improve efficiency and innovation, they simultaneously increase systemic vulnerability because disruptions within one component of a digital ecosystem may rapidly cascade across interconnected networks (World Economic Forum, 2026). Consequently, resilience strategies increasingly focus not only on internal cybersecurity controls but also on managing external dependencies and supply chain exposure.

Effective cyber resilience requires continuous cyber threat intelligence and situational awareness capabilities. Nunes et al. (2016) demonstrate the strategic importance of proactive threat intelligence in identifying emerging risks before large-scale cyber incidents occur. Contemporary cyber threat intelligence increasingly relies upon machine learning, behavioural analytics, and data mining techniques to identify indicators of compromise across both surface web and darknet environments. AI-driven analytics enable organisations to process large volumes of threat data, identify anomalous activity, and improve early warning capabilities within rapidly evolving threat landscapes (Buczak and Guven, 2016). As cyberattacks become increasingly automated and adaptive, resilience increasingly depends upon the capacity to detect, interpret, and respond to threats in near real time.

Governance and organisational culture also represent central components of cyber resilience. Effective resilience requires cybersecurity to be integrated within enterprise risk management and executive decision-making processes rather than treated as an isolated technical issue. Cross-functional governance structures involving executive leadership, legal teams, operational managers, IT personnel, and risk management functions are essential for coordinated incident response and strategic decision-making (Linkov and Kott, 2019). Research by Bhamidipati and Tinguely (2023) further emphasises that organisational resilience depends heavily upon leadership commitment, institutional adaptability, and the development of a security-conscious organisational culture.

Human factors remain among the most significant determinants of cyber resilience. Despite advances in technical security controls, social engineering, phishing, credential compromise, and insider threats continue to exploit human vulnerabilities. Consequently, workforce cybersecurity education and awareness programmes are increasingly recognised as essential resilience mechanisms. Training initiatives that improve employee awareness of cyber threats, incident reporting procedures, and secure digital practices help strengthen organisational preparedness and reduce the likelihood of successful attacks (Knowles et al., 2015).

Incident response preparedness constitutes another critical dimension of resilience-oriented cybersecurity. Since cyber incidents cannot always be prevented, organisations must develop capabilities to contain attacks, maintain operational continuity, and restore services rapidly following disruption. Effective incident response planning typically includes crisis communication protocols, business continuity strategies, disaster recovery frameworks, forensic investigation procedures, and regular simulation exercises (Linkov and Kott, 2019). Cyber resilience therefore requires organisations to move beyond static compliance-oriented security models toward adaptive and continuously tested operational preparedness.

Infrastructure redundancy and system diversification also play important roles within resilience strategies. Redundant systems, backup infrastructures, and segmented network architectures help limit the impact of cyber incidents and improve recovery capability. Similarly, reducing overreliance on single cloud providers, software vendors, or critical digital dependencies may reduce systemic exposure and improve organisational adaptability during disruptive events. Such approaches are increasingly important given the concentration of global digital infrastructure among a relatively small number of technology providers.

Cyber resilience additionally possesses significant geopolitical and societal dimensions. As cyberattacks increasingly target critical infrastructure, financial systems, healthcare services, and governmental institutions, resilience becomes closely connected to national security and societal stability. Public-private cooperation, information sharing, and international coordination are therefore increasingly viewed as essential mechanisms for strengthening collective cyber resilience (Conti, Dehghantanha and Dargahi, 2018). Governments and regulatory institutions are correspondingly placing greater emphasis upon resilience standards, incident reporting requirements, and critical infrastructure protection policies.

Ultimately, cyber resilience represents a strategic evolution in cybersecurity thinking. In an environment characterised by geopolitical instability, AI-enabled threats, systemic digital interdependence, and expanding attack surfaces, organisations must assume that cyber incidents are inevitable rather than exceptional. Consequently, long-term cybersecurity effectiveness depends not only upon preventive technologies but also upon organisational adaptability, governance maturity, operational continuity, workforce preparedness, and the capacity to recover rapidly from disruption. Cyber resilience therefore emerges as a foundational requirement for organisational sustainability within contemporary digital society.

7. Conclusion

The cybersecurity environment of 2026 reflects a profound transformation in the nature of digital risk. Cyber threats are no longer confined to isolated incidents of technical compromise or financially motivated cybercrime; rather, they have evolved into complex strategic challenges situated at the intersection of geopolitics, artificial intelligence, critical infrastructure, and systemic digital interdependence. The findings of the Swisscom Cybersecurity Threat Radar 2026, reinforced by contemporary academic scholarship, demonstrate that cybersecurity now constitutes a central issue of organisational governance, economic resilience, and national security.

This paper has shown that geopolitical fragmentation increasingly shapes the cyber threat landscape. State-sponsored cyber operations, hybrid warfare strategies, disinformation campaigns, and attacks targeting critical infrastructure illustrate how cyberspace has become an active domain of geopolitical competition. The strategic exploitation of software supply chains, cloud infrastructures, and telecommunications systems further demonstrates the systemic nature of contemporary cyber risk within globally interconnected digital ecosystems.

Artificial intelligence simultaneously intensifies both cybersecurity opportunities and vulnerabilities. AI-driven automation enables increasingly sophisticated phishing campaigns, deepfake-enabled social engineering, adaptive malware, and large-scale threat orchestration while also strengthening defensive capabilities through advanced analytics, anomaly detection, and automated incident response. This dual-use character of AI creates a strategic paradox in which technologies designed to enhance security may also significantly expand offensive cyber capabilities.

The growing convergence of IT and Operational Technology (OT) environments introduces additional complexity by extending cyber risk into the physical domain. Critical infrastructure sectors such as energy, healthcare, transportation, telecommunications, and manufacturing increasingly depend upon interconnected cyber-physical systems that were often not designed with cybersecurity considerations in mind. Consequently, cyberattacks may now generate severe operational, economic, and societal consequences including service disruption, infrastructure failure, and risks to human safety.

A central argument of this paper is that traditional prevention-centric cybersecurity approaches are increasingly inadequate within modern digital ecosystems characterised by systemic interdependence and persistent threat exposure. Organisations can no longer assume that cyberattacks are exceptional events that can be fully prevented through perimeter defence and technical controls alone. Instead, cybersecurity strategy must increasingly prioritise resilience-oriented governance models capable of anticipating, absorbing, responding to, and recovering from disruption.

Cyber resilience therefore emerges as a foundational strategic capability rather than merely a technical security objective. Effective resilience requires integrated governance structures, continuous threat intelligence, workforce preparedness, supply chain oversight, operational continuity planning, infrastructure redundancy, and cross-sector collaboration. It also requires organisations to recognise cybersecurity as a multidimensional challenge encompassing technological, organisational, geopolitical, and societal dimensions simultaneously.

Ultimately, the future of cybersecurity will depend not solely upon technological innovation but upon the ability of organisations, governments, and societies to adapt to an increasingly uncertain and interconnected threat environment. In this context, resilience, adaptability, and strategic coordination become essential prerequisites for sustaining trust, stability, and continuity within the digital age.

References

Biener, C., Eling, M. and Wirfs, J.H. (2015) ‘Insurability of Cyber Risk: An Empirical Analysis’, The Geneva Papers on Risk and Insurance – Issues and Practice, 40(1), pp. 131–158. https://doi.org/10.1057/gpp.2014.19

Biggio, B. and Roli, F. (2018) ‘Wild Patterns: Ten Years After the Rise of Adversarial Machine Learning’, Pattern Recognition, 84, pp. 317–331.

Boyens, J., Paulsen, C., Moorthy, R. and Bartol, N. (2022) Supply Chain Risk Management Practices for Federal Information Systems and Organizations. National Institute of Standards and Technology (NIST).

Boyes, H., Hallaq, B., Cunningham, J. and Watson, T. (2018) ‘The industrial internet of things (IIoT): An analysis framework’, Computers in Industry, 101, pp. 1–12.

Brundage, M., Avin, S., Clark, J., Toner, H., Eckersley, P. and Garfinkel, B. (2018) The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation. Oxford: Future of Humanity Institute.

Buczak, A.L. and Guven, E. (2016) ‘A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection’, IEEE Communications Surveys & Tutorials, 18(2), pp. 1153–1176.

Cath, C., Wachter, S., Mittelstadt, B., Taddeo, M. and Floridi, L. (2018) ‘Artificial Intelligence and the “Good Society”: The US, EU, and UK Approach’, Science and Engineering Ethics, 24(2), pp. 505–528.

Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H. and Stoddart, K. (2016) ‘A review of cyber security risk assessment methods for SCADA systems’, Computers & Security, 56, pp. 1–27.

Conti, M., Dehghantanha, A. and Dargahi, T. (2018) Cyber Threat Intelligence: Challenges and Opportunities. Available at: arXiv.

Couture, S. and Toupin, S. (2019) ‘What does the notion of “sovereignty” mean when referring to the digital?’, New Media & Society, 21(10), pp. 2305–2322.

Ellison, R.J., Woody, C., Mead, N.R. and Boyle, S. (2020) Evaluating and Mitigating Software Supply Chain Security Risks. Pittsburgh: Carnegie Mellon University Software Engineering Institute.

Erukude, S.T., Marella, V.C. and Veluru, S.R. (2026) AI-Driven Cybersecurity Threats: A Survey of Emerging Risks and Defensive Strategies. Available at: arXiv.

Hazell, J. (2023) ‘Large Language Models Can Be Used to Effectively Scale Spear Phishing Campaigns’, arXiv preprint arXiv:2305.06972.

Humayed, A., Lin, J., Li, F. and Luo, B. (2017) ‘Cyber-Physical Systems Security—A Survey’, IEEE Internet of Things Journal, 4(6), pp. 1802–1831.

IBM Security (2024) Cost of a Data Breach Report 2024. Armonk, NY: IBM Security.

Kietzmann, J., Lee, L.W., McCarthy, I.P. and Kietzmann, T.C. (2020) ‘Deepfakes: Trick or Treat?’, Business Horizons, 63(2), pp. 135–146.

Knowles, W., Prince, D., Hutchison, D., Disso, J.F.P. and Jones, K. (2015) ‘A survey of cyber security management in industrial control systems’, International Journal of Critical Infrastructure Protection, 9, pp. 52–80.

Krausmann, E., Cozzani, V., Salzano, E. and Renni, E. (2011) ‘Industrial accidents triggered by natural hazards: An emerging risk issue’, Natural Hazards and Earth System Sciences, 11(3), pp. 921–929.

Langner, R. (2011) ‘Stuxnet: Dissecting a Cyberwarfare Weapon’, IEEE Security & Privacy, 9(3), pp. 49–51.

Linkov, I., Eisenberg, D.A., Plourde, K., Seager, T.P., Allen, J. and Kott, A. (2013) ‘Resilience metrics for cyber systems’, Environment Systems and Decisions, 33(4), pp. 471–476.

Piergiorgio, I., Plate, H. and Massacci, F. (2020) ‘SoK: Taxonomy of Attacks on Open-Source Software Supply Chains’, Proceedings of the IEEE European Symposium on Security and Privacy Workshops, pp. 1–9.

Linkov, I. and Kott, A. (2019) ‘Fundamental Concepts of Cyber Resilience: Introduction and Overview’, in Cyber Resilience of Systems and Networks. Cham: Springer, pp. 1–25.

Nunes, E., Diab, A., Gunn, A., Marin, E., Mishra, V., Paliath, V., Robertson, J., Shakarian, J., Thart, A. and Shakarian, P. (2016) Darknet and Deepnet Mining for Proactive Cybersecurity Threat Intelligence. Available at: arXiv.

Rid, T. (2020) Active Measures: The Secret History of Disinformation and Political Warfare. New York: Farrar, Straus and Giroux.

Pohle, J. and Thiel, T. (2020) ‘Digital sovereignty’, Internet Policy Review, 9(4), pp. 1–19.

Swisscom (2026) Swisscom Threat Radar 2026

World Economic Forum (2026) World Economic Forum Cybersecurity Outlook 2026