The recent military attacks involving Iran in the Middle East are a stark reminder that cybersecurity leadership must continually incorporate geopolitical risk into their enterprise cyber risk posture and preparedness.

Every crisis that elevates to military engagements between cyber-active participants, changes the risk landscape of businesses, for people, operations, and data. This includes the company and its suppliers, partners, and customers.

Gauging the risk requires incorporation of factors that are vague at best, but understanding the enemy can provide a much clearer picture to help cybersecurity and executive leadership in making good decisions.

Like the current Russian-Ukrainian war, the participants in the Iran strikes are very active in the cyber world. The US, Israel, and Iran all have significant cyber offensive capabilities, that when used may have direct or indirect consequences on enterprises, critical infrastructures, and global trade.

Corporate organizations, including cybersecurity, should conduct an open risk assessment that is updated as the situation develops. The outcomes should highlight recommendations to mitigate unacceptable risks-of-loss.

The first concern should be for worker safety. There is an ethical and legal responsibility to make sure people are safe. It is just the right thing to do! So, understand if any worker, or their families, are at risk of harm and take appropriate steps in alignment with corporate and government direction.

The second is to understand the risks to operations. Cyber-attacks, potentially in combination with kinetic damage, may have an impact on operations. Direct attacks against corporate assets or critical infrastructures they depend upon, such as the electrical grid and communication networks, may cause interruption, damage, or instability of operations. Supply chain risks must also be included in assessments as such attacks occurring against 3rd party suppliers and vendors can have material impacts.

The last aspect is around data. Kinetic damage is a risk, but most specifically, cyber-attacks can have widespread impacts of destruction or corruption of business data. Again, the 3rd party risks are also very relevant.

During times of international instability and warfare, such as we are witnessing now, I recommend the following 5 steps for cybersecurity leaders to prepare and manage the evolving risks:

1. Understand risks and collaboratively develop recommendations — The first step is to develop a deep, shared understanding of the specific threats on the horizon. Start with clarity. Develop a grounded understanding of the current threat landscape and how it intersects with your organization’s business model, technology dependencies, and risk tolerance. This isn’t just a technical exercise; it requires sitting down with business partners to map digital risks to real-world operational impacts. By collaboratively developing recommendations, you ensure that when you present to the executive board, your security posture is perfectly aligned with enterprise priorities.
2. Be safe, lead with focus and calm — Operate cybersecurity functions with extra focus and attention, consider temporarily turning on more telemetry and logging, and explore accelerating patching of vulnerabilities and streamlining the SecOps incident escalation processes.
3. Be prepared for the worst — Resilience is built before the crisis, not during it. Take advantage of the opportunity to prepare:
   – Dust off incident response playbooks for Operations, crisis response, and recovery.
   – Verify contact information, roles, and responsibilities. Now is the time to find out someone critical is on vacation and to designate a backup.
   – Validate incident response and digital forensics vendor contracts.
   – Verify backups, recovery capabilities, and processes. Take a new data snapshot
   – Plan for 3 scenarios and consider this a great time for quick tabletop walk-throughs.
   1. Limited(degraded) operations or data availability — partial outages, system exploitations, or constrained service availability that require targeted responses and accelerated decisions to limit damage based upon the attackers’ likely intentions
   2. Ambiguity, fog-of-war uncertainty — situations where communication or telemetry are disrupted or impaired. Teams must deal with the fear of unknown. Work through how the uncertainty will be managed; do you wait, respond, engage failovers, and at what threshold should management be informed.
   3. Unavailable, damaged, or compromised assets — Significant destruction or compromise incidents that mandates activation of crisis response activities and coordinated recovery.

   For all these scenarios, stress-test your assumptions about dependencies. What happens if specific personnel are unreachable? If a key cloud provider experiences disruption? If a critical SaaS platform is unavailable?

   Resilience depends on understanding these constraints in advance.

4. Monitor the situation. Remain vigil and support sustainability by keeping teams calm, focused, healthy, and positive. Don’t overwork people unless an incident warrants it. Burnout is a real threat.
5. Update executive leadership. Maintain a channel for communicating relevant risk changes, impacts, posture preparedness, and set a cadence for future communication when appropriate. Executive leadership must be well informed and confident that the risks are being properly managed. Report-outs should be brief, meaningful, calm, and professional.

Preparation does not eliminate risk, but it dramatically improves how an organization experiences and manages it. When security leaders combine clarity, discipline, readiness, and measured communication, they position the enterprise to navigate uncertainty with strength rather than reaction.

Cybersecurity leadership plays an important role in crisis management for companies that rely on digital technology, vendors, online services, and global communications.

Incorporate geopolitical crisis events into the corporate cyber risk posture and showcase how the company can be prepared, even for extreme situations like international warfare.

*** This is a Security Bloggers Network syndicated blog from Information Security Strategy authored by Matthew Rosenquist. Read the original post at: https://infosecstrategy.blogspot.com/2026/03/5-actions-critical-for-cybersecurity.html