Macro Threats, Historic Hacks, and the Geopolitical Forces Shaping Cybersecurity: Highlights from the 2025 STAR Retreat
By Grace Cassy
Ten Eleven Ventures recently hosted 40+ security professionals and several founders from our portfolio at our annual STAR Retreat. From examining the global impact of government cyber strategies and evolving geopolitics to discussing the state of the cyber market and cutting-edge innovations, the retreat delivered invaluable insights into the challenges and opportunities shaping the industry.
We sat down with two of the retreat’s standout speakers, Gordon Corera, co-host of “The Rest is Classified” podcast, author and former BBC journalist, and Lucas Kello, associate professor of international relations and director of Oxford University’s Academic Centre of Excellence in Cyber Security Research, to get their thoughts on how geopolitical forces have and continue to influence the cybersecurity landscape.
Here’s what they had to say:
What do you see as the top macro cybersecurity threats that society/organizations are currently underestimating or struggling to address?
Corera: A uniquely turbulent and uncertain geopolitical climate is complicating an already-challenging cybersecurity environment. The potential for escalating conflict in Europe or Asia has rarely been greater, which means other states may be more likely not just to carry out espionage and preposition for sabotage but may also seek to find other innovative ways to inflict harm. That might involve building or exploiting technological dependencies which are hidden somewhere down the supply chain or it might mean accelerating AI to develop new ways of imposing costs.
Kello: Geopolitics has long been the hidden hand behind major cyber crises – and that hand is getting heavier. The Sony Pictures hack, NotPetya, the Saudi Aramco attack, and other high-impact incidents weren’t mere digital pranks; they were power plays in an intensifying game of statecraft. Nations like Russia, China, and Iran aren’t just pilfering data; they’re redrawing the rules of interstate conflict. Through cyber operations, they wield economic weapons and conduct political subversion in ways that circumvent the traditional boundaries of war. Yet many people in government and business still treat cyber risk as an IT nuisance, rather than a strategic challenge. The hard reality? Cyber defense isn’t just about patching software: it requires reading the geopolitical chessboard and anticipating the next moves of adversaries who treat keyboards as tools of state power.
Throughout your career, are there any particular cyber incidents that have significantly shaped your perspective on cybersecurity, and what key lessons can be learned from them?
Corera: Events like the NotPetya and Wannacry cyber attacks in 2017 taught us that nation state operations can sometimes have unintended consequences beyond the geographies they were intended to hit. Those attacks were a wakeup call to business, government and individuals, particularly in the UK. The UK’s National Health Service was severely disrupted by Wannacry and yet the intention seems to have been North Korean hackers trying to make money. Equally, NotPetya was designed by Russia to target Ukraine and yet spilt over into businesses with only the loosest connection to the country. Those incidents made clear that organizations and individuals were suddenly at risk of being affected by nation states and geopolitics even if they were not the actual targets. In recent years, though we are increasingly seeing nation states deliberately target citizens, often for disruption.
Kello: Few cyber incidents have hit as hard – or taught as much – as the 2014 Sony Pictures hack, a striking lesson in geopolitical audacity and corporate unpreparedness. Furious over a Hollywood satire, North Korea’s government didn’t just protest; it unleashed a devastating cyberattack that paralyzed a global company and tarnished its leadership’s reputation. The lesson? Cybersecurity is a boardroom priority. Executives need more than a skilled technical crew; they need a crisis playbook they can personally direct. Sony Pictures’ CEO Michael Lynton confessed that the company had no plan to navigate the crisis. That’s unacceptable. Crisis playbooks should be as routine as fire drills, mapping out how to liaise with authorities, limit reputational damage, and shape the crisis narrative before it shapes you.
What emerging areas of cybersecurity are you most excited about and what potential geopolitical impact could they have in the next 2-3 years?
Corera: The race to find defensive tools to spot vulnerabilities and outpace adversary AI and technological innovation is going to be vital. I’ve heard different views about whether AI will aid attackers or defenders. History suggests attackers often have an incentive to use new tools first and find vulnerabilities. If that is true with AI and cybersecurity we could see significant risks. These will only heighten the accelerating race between the US and China to move ahead of the other in AI. The question is whether that race will itself create new risks and vulnerabilities if security and safety are not prioritized. As well as playing a role in cybersecurity, the security of AI systems and the ability to undermine their integrity will undoubtedly be the next battleground.
Kello: Looking ahead, AI is poised to tilt the cyber offense-defense balance. I expect that a future crisis will provide a “demonstration” moment that reveals AI’s ability to outsmart both human and machine defenses in unexpected ways. The bottom line? In this fast-moving, high-stakes arena, slow adapters won’t get a second chance.
These insights from Kello and Corera emphasize a critical reality: in a world marked by geopolitical uncertainty and rapid technological advancements, businesses must remain agile. When it comes to cyber defense, there is no finish line—only the relentless need to stay one step ahead.
About the Speakers
Gordon Corera is the co-host of “The Rest is Classified” podcast which explores the world of secrets and spies. He spent twenty years as a Security Correspondent for BBC News reporting on issues relating to intelligence, cyber security and conflict. Corera is the author of a number of books including Shopping for Bombs: Nuclear Proliferation; Global Insecurity and the Rise and Fall of the AQ Khan Network; Intercept – The Secret History of Computers and Spies; MI6 – Life and Death in the British Secret Service;The Secret Pigeon Service; Russians Among Us and The Spy in the Archive.
Lucas Kello is Associate Professor of International Relations at Oxford University. He serves as Senior Lecturer/Director of the Centre for Technology and Global Affairs, a major research initiative exploring the impact of modern technology on international relations, government, and society. He is also Co-Director of the interdisciplinary Centre for Doctoral Training in Cyber Security at the Department of Computer Science. His publications include The Virtual Weapon and International Order (Yale University Press), “The Meaning of the Cyber Revolution: Perils to Theory and Statecraft” in International Security, and “Security” in The Oxford Companion to International Relations (Oxford University Press).
