Why Execs and CISOs Must Treat Cyber Threats as Statecraft

https://www.infosecurity-magazine.com/news/execs-cisos-must-treat-cyber/

Publish Date: 2026-06-15 02:32:02

Source Domain: www.infosecurity-magazine.com

Summary:
Bharat Thakrar, a board director at ISACA’s London Chapter, asserted during a keynote at Infosecurity Europe 2026 that cybersecurity, artificial intelligence, and geopolitics have become inextricable. He highlighted that cybersecurity should not be viewed merely as an IT issue, cautioning against blind trust and emphasizing the need for comprehensive geopolitical awareness. Thakrar used major breaches, such as the 2014 Sony Pictures Entertainment hack and the 2022 Viasat attack, to emphasize that commercial entities can become targets for geopolitical reasons. He urged companies to recognize covert schemes by foreign IT workers and to strengthen HR vetting and access controls. To operationalize geopolitical threats, Thakrar introduced the Cyber Geopolitical Preparedness and Response (CGPR) framework, which focuses on assessing exposure, evaluating readiness, planning responses, and continuous monitoring. He advocated for regular geopolitical stress-tests and the readiness to undergo a DEFCON 1 or 2 scenario, stressing integration of both cyber and physical security measures.

Key Points:

Cybersecurity, AI, and geopolitics are now inextricably linked.
Incomplete security context and underestimating geopolitical threats can be catastrophic.
Companies should recognize themselves as geopolitical actors and update HR vetting and access controls.
Practical steps include creating a Cyber Geopolitical Preparedness and Response (CGPR) framework.
Executives must transition from viewing cybersecurity merely as an IT problem to treating it as part of statecraft.