📑
According to a study conducted by CESIN in 2025 (French Club of Information Security and Digital Experts), nearly 70% of CISOs have revised their approach to cybersecurity in light of the geopolitical context of the past 5 years.
However, 85% also indicate that they lack the methodological and technological tools to analyze risks; and only 26% report having introduced geopolitical considerations into their security and project approaches.
In short, CISOs are well aware of the risk but are not yet able to address it effectively.
CISOs as threat intelligence actors, beyond the technical role
The risk is perceived by both small businesses and large corporations. Tensions and wars in Eastern Europe and the Middle East, attacks from Russian or North Korean organizations, dependence on American vendors at a time when companies may be forced to do without GAFAM, as well as dependence on IT components from China: the risk is perceived but not controlled.
Furthermore, cyber threats can target an information system directly, or indirectly through supply chain attacks as Odile Duthil, President of Clusif (French Cybersecurity Experts Club), points out: “Even small and medium-sized businesses are now affected, as they are service providers for larger targeted organizations.”
This context forces CISOs to go beyond their technical scope. They must now maintain continuous monitoring not only of cyber threats, but also of the global geopolitical context to gain a relevant view of risks and their origins, and to refocus their attention on certain types of alerts. It is also about equipping themselves for optimal cyber resilience in the event of an attack, while fostering strategic autonomy aimed at limiting dependence on actors who could compromise an information system if they were to stop providing their services.
Strategic autonomy and performance to address the state of cyber threats
A study conducted by HarfangLab in 2026 revealed that geopolitical unrest remains a major concern for business leaders across Europe, as 31% say they are significantly or very significantly worried about the impact current global events could have on their operations.
With growing concern about dependency and geopolitical risk, most organizations place greater importance on technological sovereignty: 59% of business leaders say sovereignty considerations have become more important in their decision-making over the past 1-2 years. But while the concept may be on executives’ radars, it is not yet playing a meaningful role in how most organizations choose and manage technology providers.
Even though 41% of European business leaders acknowledge the risks associated with relying on global cybersecurity providers to protect their workspace, that awareness does not appear to be translating into widespread action: only 9% leaders are actively prioritizing European providers to reduce risk and almost a quarter significantly reducing dependence on non-European providers. Familiarity continues to outweigh control, but there is a growing number of initiatives aimed at developing the European cybersecurity ecosystem, offering solutions that address current challenges, and providing decision-making tools.
On the other hand, as control is key when it comes to building a cybersecurity strategy, on-premises cybersecurity is gaining renewed attention. Far from being an outdated model, it represents a deliberate choice made by organizations that cannot afford to leave control of their most sensitive data in the hands of a third party. For regulated industries such as defense, government, finance, energy, or critical national infrastructure, on-premises deployment is sometimes not even a choice; it is a legal or regulatory obligation. But beyond compliance, it is also a response to a deeper concern: the need to know exactly where your data lives, who can access it, and under what conditions.
That said, on-premises requires in-house IT resources, a mature infrastructure, and the willingness to take on the operational responsibility of deploying and maintaining a solution. Organizations without those capabilities, or without specific data sovereignty constraints, will often find that a cloud-based solution better fits their needs.
What matters most is that choosing a cybersecurity platform, whether in the cloud or on-premises, should never mean accepting a lower standard of protection. And an on-prem platform should deliver the exact same detection capabilities, features, and performance as its cloud version. Control, in other words, does not have to come at the cost of security. With the right solution, organisations can have both – and this is precisely where HarfangLab stands apart!
3 expert tips on cyber risks linked to the geopolitical context
Prioritize a high-performance cyber platform that guarantees your strategic autonomy
Evaluating detection and remediation performance is essential for securing your workspace, and you can challenge these criteria as part of a POC. You can also rely on certifications that attest to the robustness of the identified solution. Finally, you can verify its level of sovereignty to ensure your strategic autonomy. To this end, the European Commission has put in place a framework to evaluate the level of sovereignty of a given solution.
Leverage artificial intelligence for optimal protection
AI is not only a risk. iIt is equally capable of enhancing detection capabilities, particularly for unknown threats (malware unknown to virus databases, malicious scripts, and suspicious behaviors), and to accelerate investigative work.
It is a valuable ally for cybersecurity analysts, enabling better efficiency and accuracy in detecting and analyzing security events, investigating more quickly, better qualifying them, and even remediating a security incident when necessary.
Platformization and unified protection vs. proliferation and fragmentation of solutions and threats
Just as attacks are multiplying, so too are tools. And CISOs need to rationalize spending and the management of workspace protection solutions. Cybersecurity, technical, and business challenges are at the heart of priorities, and it is here that agendas converge for CISOs, CIOs, and CEOs. Only a unified platform can meet the needs for visibility and operational efficiency to guarantee the best possible protection for endpoints – from vulnerability and attack surface management, to remediation tools for advanced threats, to automatic blocking of more basic threats.
Beyond tools, how do you monitor effectively?
Our tips for cybersecurity monitoring
Here are a few resources recommended by our experts:
- To follow the news:
- To follow alerts:
- https://seclists.org/ for tracking alerts on specific software
- CISA in the US
- At the European level
- https://www.enisa.europa.eu/alertservice
- https://learn.microsoft.com/en-us/security-updates/
- Networks with technical/cyber communities for concrete examples of attacker techniques, e.g. on Reddit:
- r/netsec for high-level information
- r/cybersecurity for questions from people in charge of security in different organizations
- Security vendors’ blogs – such as the HarfangLab Cyber Threat Research team blog
Finally, intelligence services are an increasingly useful source of information and monitoring, particularly for critical infrastructures and sensitive sectors.
Are you considering equipping or switching solutions to meet all these challenges?
Discover how HarfangLab addresses your strategic autonomy needs
with a unified, high-performance, AI-powered platform: