Securing the future: navigating cybersecurity and regulatory challenges

The impact of geopolitical and macroeconomic factors on your cybersecurity risk profile

Geopolitical volatility and macroeconomic uncertainty are reshaping the global landscape, influencing cybersecurity risks and regulatory environments. Key drivers include:

• Geopolitical tensions: conflicts and trade wars have disrupted supply chains and increased regulatory barriers, prompting responses from (EU) regulators.
• Technological advancements: innovations such as Quantum Computing and Artificial Intelligence create new opportunities but also expose organisations to new threats.
• Local and global crises: events like the war in Ukraine, attacks in the Red Sea, and economic decoupling between major powers demand proactive scenario planning.

Organisations, particularly those in manufacturing and dealing with global supply chains, must assess how these factors impact their business operations, supply chains, and overall risk profiles. The latter becomes especially apparent when zooming in on the evolving global threat landscape, which in 2024 and early 2025 has been marked by emboldened threat actors driven by geopolitical tensions. The PwC Report “Cyber Threats 2024: a year in retrospect”, highlights the expansion of the cyber-criminal market in 2024, fuelled by a growing abundance of open-source codebases and the increasing maturity of consolidated players who continuously refine their Tactics, Techniques and Procedures. Relevant threat trends include: 

• Cyber intrusions: threat actors targeting trade secrets and proprietary technologies for financial gain or sabotage purposes.
• Supply chain exploitation: threat actors disrupting operations in critical industries such as manufacturing and defence.

To counter these evolving threats, it is crucial to adopt robust measures for detection, response, and mitigation. Manufacturers should prioritise managing the following risk areas to support organisational resilience and long-term success: 

• Third-party risk management: securing supply chains from external threats.
• Data and IP protection: safeguarding sensitive information and intellectual property.
• Business continuity and resilience: ensuring operations remain unaffected by catastrophic events.
• Regulatory compliance: aligning compliance practices with global and regional requirements.

Leveraging regulatory requirements to build integrated resilience

Recent years have seen significant regulatory activity, particularly in the EU, aimed at supporting organisations through the definition of various regulatory requirements. These requirements, driven by the increasing importance of data and catalysed by geopolitical tensions and transatlantic digital power dynamics, focus on enhancing digital compliance and cybersecurity standards to safeguard organisations from emerging threats. Relevant examples of existing Acts include GDPR (2021), DORA (2023) and NIS2 (2024), with more on the horizon, such as the AI Act (2026) and Cyber Resilience Act (2027). Unfortunately, the extensive scope of these initiatives can at times be daunting for organisations, especially from the perspective of consistently and coherently managing the variety of requirements. 

The PwC Global Compliance Survey (2025) emphasises that “the compliance ecosystem is more complex and connected than ever before, driven by transformation, cross-industry reinvention and new business models”. An integrated governance, risk, and compliance (iGRC) framework can alleviate this burden and simultaneously improve decision-making and transparency, offering organisations a competitive edge. 

Our Cybersecurity Risk & Transformation experts have supported many clients in clarifying regulatory requirements while simplifying compliance by developing comprehensive, efficient and future-proof IGRC frameworks that:

• Consolidate your Risk and Compliance requirements into a single, pragmatic framework.
• Reduce redundant controls by mapping out overlapping objectives.
• Enhance scalability and adaptability to new regulatory changes.
• Provide insight into your risk posture, major risks to be managed, and your compliance status.

Simplifying resilience: next steps

The current geopolitical and regulatory volatility underscore the importance of proactive strategies and scenario planning to navigate cybersecurity challenges and regulatory shifts. By strengthening your defences, embracing integrated compliance frameworks, and addressing emerging risks, you can build resilience by safeguarding operations and achieving sustainable growth in the increasingly complex landscape.