Skip to content

Risk Landscape 2025: Cybersecurity Between Geopolitics and Disinformation

The Point: Austria’s 2025 Risk Landscape merges cyberattacks and disinformation into hybrid attack strategies. A CISO warns: treating them as equivalent could lead cybersecurity experts to increasingly be asked about disinformation – with potentially negative consequences for the professional integrity of both fields.

Austria’s Defence Ministry presented the “Risk Landscape 2025” as a comprehensive analysis of current threats. A CISO analyses how cyberattacks and disinformation interact in hybrid strategies – and what risks this poses for the cybersecurity industry.

Austria’s Defence Ministry presented the “Risk Landscape 2025” on 27 January. As expected, geopolitical challenges dominate the risk landscape: the Ukraine war, tensions between China and the USA, and the situation in the Middle East shape the international security environment.

Cyberattacks are primarily viewed as a tool of these geopolitical conflicts. Russia, China and Iran in particular employ cyberattacks as an integral part of their arsenal – from military operations to sabotage of critical infrastructure. These findings are hardly surprising.

However, another observation from the risk report is remarkable: cyberattacks and disinformation campaigns are frequently mentioned in the same breath. As part of hybrid strategies, both are deployed in parallel and thus endanger democratic processes and institutions. While there are overlaps – hacked social media accounts, manipulated deepfakes or fake websites show technical connections – these are fundamentally different phenomena.

Disinformation is not a purely security issue, but a social, political and communicative one. While cybersecurity requires complex technical concepts, everyone intuitively understands what deliberately false information means. This asymmetry presents a structural problem: experts could increasingly be asked about both topics, with disinformation potentially dominating – simply because it is easier to understand and more emotionally charged.

A cautionary example comes from the United States: the national cybersecurity agency CISA was criticised for “straying from its mission” in its disinformation-focused initiatives. Mixing cybersecurity expertise with disinformation countermeasures could lead the industry into an unwanted expansion of roles and ultimately endanger specialised security work.


Source: www.cert.at

Share on: