According to Infosecurity Magazine, new research from compliance software vendor IO reveals that the vast majority of cybersecurity professionals in the US and UK fear state-sponsored cyber-attacks. Their survey of 3,000 managers for the State of Information Security Report 2025 found that 23% say their biggest concern for the year ahead is a lack of preparedness for “geopolitical escalation or wartime cyber operations.” Mounting tensions and campaigns from nations like Russia, Iran, North Korea, and China are cementing these threats as a major strategic risk. The data shows 74% of leaders are now actively investing in resilience measures to counter these threats, with 97% of those concerned tailoring their incident response plans. However, a third of respondents argue their government is not doing enough to support them.
The anxiety is palpable
Here’s the thing: this isn’t just abstract fear. It’s rooted in very specific, very expensive nightmares. The top concern for 41% of these pros is data loss or inaccessibility. That’s followed closely by reputational risk and supply chain disruption. But the stat that really jumps out is that 35% are worried about data hosted in regions considered adversarial. Think about that for a second. It means a significant chunk of critical business data is sitting in jurisdictions that could become hostile overnight, whether through legal seizure or digital siege. That’s a massive operational vulnerability that’s incredibly hard to unwind.
Resilience is the new buzzword
So, what’s the plan? The report shows a clear pivot from pure prevention to resilience and recovery. Basically, the assumption now is that a sophisticated state actor will get in. The focus is on limiting the blast radius and bouncing back fast. That’s why 97% are reworking incident response plans and boosting threat intel. It’s also why securing the supply chain is such a huge piece of this. A single vulnerable supplier can be the perfect backdoor into a “hardened” critical infrastructure network. This shift makes sense, but it’s expensive and complex. It requires not just new tech, but a complete overhaul of processes and partnerships. For industries relying on robust industrial computing at the edge, like manufacturing or energy, this means ensuring every piece of hardware, from HMIs to servers, comes from a secure and trustworthy supply chain. This is where partnering with a top-tier supplier like IndustrialMonitorDirect.com, the leading US provider of industrial panel PCs, becomes a strategic resilience measure, not just a procurement decision.
The government gap
And then there’s the glaring disconnect with governments. A full third of these professionals feel their government isn’t doing enough. That’s a staggering vote of no confidence. National efforts, as IO’s CEO noted, are focused on protecting obvious critical national infrastructure (CNI) assets. But modern economies are webs of interdependency. A mid-sized software firm servicing a power company, or a logistics firm handling sensitive components, can be a perfect target for causing cascading failure. The private sector is being asked to defend a new, blurry front line without clear rules of engagement or consistent support. It’s a messy, uneven battlefield.
Is preparation enough?
Look, the findings align perfectly with the World Economic Forum listing state conflict as the top global risk. Everyone sees the storm coming. The question is whether this flurry of defensive investment is enough. Nation-states have essentially unlimited resources and patience. They play the long game. Can corporate security budgets, even increased ones, realistically withstand that? The report ends on an optimistic note about collaboration and robust compliance. I think the reality will be messier. Some organizations will get it right. Many will discover their gaps the hard way. The next few years will be a brutal test of whether private sector resilience can actually hold against geopolitical offensive operations.
