Skip to content
Knowledge base Updated: February 5, 2026

Cyber warfare and business: how does online geopolitics threaten your business?

When countries wage war in cyberspace, private companies often become accidental victims on the front lines. Digital weapons designed to paralyze one country's critical infrastructure can spread around the world in a matter of hours, causing billions of dollars in damage to the commercial sector. Cy

Marcin Godula Marcin Godula

The modern battlefield is no longer limited to land, sea and air. A fifth, invisible domain of conflict has become cyberspace. States are increasingly using code as a weapon to achieve geopolitical goals - to sabotage, spy and destabilize their opponents. In this new era of warfare, the lines between military and civilian objectives are blurring at an alarming rate. Private companies, even those not operating in strategic sectors, can unexpectedly find themselves on the front lines, becoming accidental victims of digital missiles that have gone out of control.

Attacks such as NotPetya and Stuxnet have proven that digital weapons designed to precisely hit one specific target can easily turn into a global pandemic, causing billions of dollars in damage to companies around the world. For boards and security directors, this means that a whole new dimension of risk must be taken into account. It is no longer enough to protect against profit-motivated cybercriminals. It is necessary to understand how geopolitical tensions thousands of miles away can affect the continuity of our business. This article looks at how cyber warfare affects the commercial sector and how to build resilience in a world where your business could become a collateral victim of a conflict in which it has no part.

Shortcuts

What is cyberwarfare and how does it differ from traditional cybercrime?

Cyber warfare is the use of cyber attacks by one nation-state to disrupt the computer systems or networks of another state for military or political gain. A key element of the definition is the state actor and geopolitical motivation. Unlike traditional cybercrime, whose primary goal is almost always direct financial gain (theft of money, credit card data, ransomware), the goal of cyberwarfare is to undermine an adversary, sabotage, espionage or demonstration of force.

This difference is fundamental and determines the scale, sophistication and potential impact of the attack. Cyber criminals, while sometimes threatening, have limited resources at their disposal. State actors, such as intelligence agencies or specialized military units, have almost unlimited budgets, top experts and access to the most powerful tools, including zero-day exploits. Their goal is not to encrypt a small company’s server, but to cripple the power grid, disrupt the financial system or steal plans for state-of-the-art weaponry.

There are no clearly defined rules of battle in cyberwarfare, and the concept of a “battlefield” is extremely fluid. An attack can be launched from the other side of the world, and its attribution (assignment to a specific country) is extremely difficult, which encourages escalation of activities carried out below the threshold of open conflict. It is in this “gray zone” that private companies most often become victims.

📚 Read the complete guide: OT/ICS Security: Bezpieczeństwo systemów OT/ICS - różnice z IT, zagrożenia, praktyki

What are the main objectives of states in conducting operations in cyberspace?

Military and intelligence operations in cyberspace serve the same age-old goals that states have pursued through traditional methods - gaining an advantage over the enemy. They can be divided into several main categories.

Critical infrastructure sabotage: This is the most destructive form of attack, with the goal of physically damaging or disabling critical systems for state operations. Targets include power grids, pipelines, water supply systems, telecommunications networks, rail and air transportation, and financial systems. Paralyzing these sectors can cause social and economic chaos, significantly weakening a state’s defense capabilities.

Espionage: This is the most common form of state activity online. It involves the long-term, silent infiltration of government, military and corporate systems to steal sensitive information. It can be political espionage (stealing diplomatic notes), military espionage (stealing weapons plans) or economic espionage (obtaining trade secrets and technology from leading companies).

Disinformation and psychological operations: The aim of these operations is to sow chaos, undermine trust in state institutions and manipulate public opinion in the enemy’s country. This can include taking control of news portals, conducting massive disinformation campaigns on social media or falsifying election results.

Why do private companies become victims in conflicts between states?

In an ideal world, conflicts between states should only involve military and government targets. But in cyberspace, these boundaries are extremely blurred, with the private sector becoming a target or victim for two main reasons.

First, much of the critical infrastructure is in private hands. Power grids, telecommunications systems, banks and even transportation systems are often managed by private companies. For a state aggressor who wants to launch a sabotage attack, these companies become direct strategic targets. An attack on a private power plant is a de facto attack on the energy security of the entire state.

Second, and far more often, companies become accidental victims (collateral damage). This happens when a digital weapon, designed to attack a specific target in an adversary’s country, gets out of control. Many tools used in cyberwarfare, especially those of a “worm” (worm-like) nature, have the ability to spread on their own. Once released into the global network, such weapons can infect hundreds of thousands of computers around the world, making no distinction between military and civilian targets, or between systems in an enemy country and those in neutral countries. Global corporations, because of their vast and interconnected infrastructure, are particularly susceptible to becoming such accidental victims.

What did the Stuxnet attack teach us about sabotage of industrial (OT) systems?

Stuxnet, discovered in 2010, is believed to be the first-ever digital weapon capable of causing physical damage to the material world. Its target was Iran’s nuclear program, specifically the uranium enrichment centrifuges at the Natanz facility. The attack forever changed the perception of Industrial Control Systems (ICS/OT) security and showed how sophisticated geopolitical operations can be online.

Stuxnet was a masterpiece of engineering. It exploited as many as four different zero-day vulnerabilities to get into industrial networks isolated from the Internet, spreading via infected USB sticks. Its most advanced element, however, targeted Siemens Programmable Logic Controller (PLC) controllers, which controlled the operation of centrifuges. Stuxnet was able to reprogram these controllers, causing the centrifuges to change their speed uncontrollably, leading to physical damage.

The most insidious element of the attack was the simultaneous manipulation of monitoring systems. While the centrifuges were being destroyed, Stuxnet sent false, pre-recorded telemetry data to the operator panels, which showed that everything was working normally. This lulled the engineers’ vigilance and allowed a prolonged, destructive operation. The lesson from Stuxnet is clear: cyber attacks can transcend the virtual world and become a tool of kinetic sabotage, and protecting OT systems requires a very different approach than securing traditional IT networks.

Why is the NotPetya attack a perfect example of civilian losses in cyberwarfare?

The June 2017 NotPetya attack is perhaps the most important and frightening example of how a digital weapon targeting one country can cause global chaos and billions of dollars in losses. While it initially looked like a ransomware attack, it quickly became clear that it was a destructive wiper - malware whose sole purpose is to permanently delete data and cripple systems. The ransom payment mechanism was merely a dummy to hide the real sabotage purpose of the attack.

The attack began in Ukraine, and its vector was a compromised update of popular accounting software (a supply chain attack). Its goal was to cripple the Ukrainian economy and state institutions. However, NotPetya’s creators equipped it with an extremely aggressive self-replication mechanism, using the powerful EternalBlue exploit (the same one that powered the WannaCry ransomware attack a month earlier). As a result, NotPetya made its way out of Ukraine within hours.

Global corporations that had branches or business partners in Ukraine became unintended victims. Danish logistics giant A.P. Moller-Maersk lost 49,000 laptops and had to halt operations at ports around the world, costing it more than $300 million. US pharmaceutical company Merck suffered losses of more than $800 million. NotPetya showed that in the age of globalization, an attack on one distant country can have immediate and catastrophic consequences for any multinational company, regardless of its location or industry.

Does cyber insurance (cyber insurance) cover damage resulting from cyber warfare?

In the aftermath of the NotPetya attack, many of the affected companies turned to their insurers for compensation from their cyberattack policies. However, they were met with an unpleasant surprise. The insurers, citing a standard “acts of war” disclaimer in their policies, refused to pay benefits. They argued that since the US, UK and other governments had officially attributed the NotPetya attack to Russian military intelligence, it was a de facto act of hostility between states, and therefore an event not covered by standard insurance.

The case has sparked years of legal wrangling and created a huge controversy in the insurance market. The problem lies in the ambiguity of the definition of an “act of war” in the context of cyberspace. Does an attack carried out by an APT group, even if it is state-sponsored but takes place outside an officially declared state of war, qualify under this exemption? Courts in various countries have issued contradictory rulings, which creates great legal uncertainty for companies.

For CFOs and risk managers, this is a critical lesson. When buying a cyber-attack policy, it is extremely important to scrutinize the war and terrorism exclusion provisions. It’s worth negotiating with your insurer for the most precise definitions and, if possible, look for policies that offer coverage for damage resulting from state attacks (so-called “cyber terrorism coverage”). However, be aware that full coverage for geopolitical risks is difficult to obtain today and very expensive.

What steps should a company take to assess its exposure to geopolitical risk?

Assessing geopolitical risk requires a company to look beyond its own infrastructure and analyze the entire ecosystem in which it operates. It’s a strategic exercise that should involve not only the IT and security departments, but also the operations, legal and management departments.

The first step is to map geographic dependencies. Ask yourself: where are our key customers, suppliers and partners located? Do we have operations or offices in regions of heightened geopolitical tension? Do our key software or cloud service providers have development centers or infrastructure in such regions? Understanding how a conflict in one part of the world could affect our supply chain or customer base is fundamental.

The second step is to identify dependencies on critical infrastructure. Does our business depend on an uninterrupted supply of power, telecommunications services or transportation in a particular region? How would an attack on the local power grid affect our factory or data center? This analysis allows us to identify single points of failure (single points of failure) and plan mitigating actions, such as diversifying suppliers or setting up backup operations centers.

Pillar of ResilienceKey Strategic QuestionsExample ActivitiesRisk VisibilityWhere are our key partners and infrastructure? Which geopolitical tensions are likely to affect us? Supply chain mapping, geographic analysis of assets, subscription to analytical services (threat intelligence).Technical ResistanceAre our IT and OT networks separated? Do we have shatterproof backups? Does the DR plan address sabotage scenarios? Implementation of network segmentation, implementation of immutable (immutable) backups, regular and realistic testing of Disaster Recovery plans.Organizational ReadinessDoes our incident response plan include state-sponsored attacks? Do we have crisis communication procedures in place? Conduct simulation exercises (table-top) based on geopolitical scenarios, prepare communication plans.

How can nFlo help build resilience to geopolitical threats?

At nFlo, we understand that resilience to geopolitical threats is not a matter of a single product, but the result of a strategic approach and a robust architecture. Our services focus on building fundamental defensive capabilities that allow an organization to survive even in the face of the most destructive, state-sponsored attacks.

One of our key areas of specialization is industrial systems security (OT Security). We help companies in the manufacturing and critical infrastructure sectors conduct OT security audits, identifying gaps and vulnerabilities in control systems. We design and implement architectures based on rigorous network segmentation, creating so-called demilitarized zones (DMZs) between IT and OT networks. Such separation is absolutely crucial to prevent attackers from jumping from an infected laptop in the office to systems controlling production processes.

We place great emphasis on business continuity and disaster recovery (BCP/DR) planning. Our services don’t end with helping you implement a backup system. We work with clients to create and test comprehensive recovery plans that take into account the most extreme scenarios, such as intentional sabotage and data destruction by a wiper. We conduct realistic tests and exercises that verify that an organization can realistically rebuild its operations from scratch in a crisis situation.

As part of our vCISO and strategic consulting services, we help managements conduct a geopolitical risk analysis and integrate the results into the company’s overall risk management strategy. We act as a partner to help understand the complexity of these risks and translate them into concrete, measurable technical and organizational actions.

Learn key terms related to this article in our cybersecurity glossary:

Learn More

Explore related articles in our knowledge base:

Explore Our Services

Need cybersecurity support? Check out:

Tags:

Cybersecurity OT/ICS

Share:

Talk to an expert

Have questions about this topic? Get in touch with our specialist.

Product Manager
Grzegorz Gnych

Grzegorz Gnych

Sales Representative

+48 664 003 003grzegorz.gnych@nflo.pl
Response within 24 hours
Free consultation
Individual approach

Providing your phone number will speed up contact.

Want to Reduce IT Risk and Costs?

Book a free consultation - we respond within 24h

Response in 24h Free quote No obligations
Book a Call +48 22 487 86 36

Or download free guide:

Download NIS2 Checklist