According to an information assurance firm geopolitical tensions are driving stricter cybersecurity rules and supply chain oversight to protect critical infrastructure.

Drawing from its industry insights as an information assurance firm,  NCC Group has assembled some qualitative insights on how cyber policy is being shaped by geopolitical factors.

For example, in response to the surge in cyberattacks targeting operational technology (OT), policymakers are extending cyber rules to industrial organizations and implementing new, more stringent regulatory controls.

Also, the 2024 US presidential election was a prime example of the global impact of geopolitical factors. According to the UK firm’s Head of Government Affairs, Kat Sommer: “As the dust from the 2024 election cycle settles, geopolitical turbulence is impacting global approaches to cybersecurity and cyber policy. Pivotal discussions around global trade are causing ripple effects on international relations, while governments look inwards to reinforce their national cyber defenses. Concerns about foreign access and control over critical infrastructure and data have resulted in a greater focus on domestic ownership and repatriating key supply chains. Together with enhanced oversight of critical infrastructure, these moves mark a notable shift to much more interventionist and protectionist regulatory regimes.”

In this context, three pertinent questions that the world needs to consider are:

  1. Will cybersecurity rules continue to get stricter while other types of regulations (to reduce bureaucracy or encourage growth) are being reduced around the world?
  2. To what extent is global cooperation on AI safety being impacted by geopolitical and regulatory differences?
  3. To what extent are businesses being held accountable for the actions of their suppliers across all levels of the supply chain?

Sommer noted that in these uncertain times, managing cybersecurity risks is essential to organizations’ sustainable and profitable operations — regardless of mandatory requirements set by governments. “Failure to invest in proactive cyber resilience programs not only puts future compliance at risk, given that many cyber rules, such as in the EU, are still in train, but will also hinder organizations’ resilience in the long term,” Sommer said.