Last week, we provided executives a guide to defending against China’s Volt Typhoon and explained why the threat isn’t going away anytime soon.
This week, we expand this view to the broader cybersecurity and geopolitical dynamics facing multinationals in the Indo-Pacific, including the use of “gray zone” tactics that threaten private networks and undermine democratic stability.
Please subscribe to read future issues — and forward this newsletter to interested colleagues.
Contact us directly with any comments or questions: [email protected]
PinnacleOne ExecBrief | Cyber Gray Zone Risks in the Indo-Pacific
Over the next decade, the Indo-Pacific region will be the epicenter of global cyber competition. A recent collaborative study between academic institutions and military cyber experts – “Cyber Competition in the Indo-Pacific: Gray Zone 2035” – provides valuable insights that should inform private sector strategic planning and risk management.
The Evolving Threat Landscape
The study highlights how irregular cyber competition is reshaping power dynamics. State actors, deterred by conventional military balances, are increasingly turning to creative cyber tactics that blur the lines between peacetime and conflict. This trend isn’t confined to the Indo-Pacific; it’s a global phenomenon that affects businesses worldwide.
As we wrote last month, “intelligence and security reports indicate a marked increase in sabotage and “gray-zone” or “hybrid” attacks across Europe and potentially targeting the United States. These activities, primarily attributed to Russia and China, represent an evolution in geopolitical conflict that falls below the threshold of traditional warfare, but poses risks to national security and economic stability.”
Of particular concern is the potential impact on democratic processes. As we’ve seen in recent years, election cybersecurity has become a critical issue. While western governments have upped their security game to protect critical networks and can reliably ensure the integrity of the polls, governments with less resources or mature systems are vulnerable.
This is especially a danger as fragile democracies throughout the world, and particularly in the Asia-Pacific (APAC) region, will come under increasing pressure by authoritarian challengers looking to exploit domestic divisions and drive a wedge in traditional alliances. The resulting political instability could pose a threat to current assumptions driving business strategies in these countries.
The New Cyber Kingmakers
The Indo-Pacific (or APAC region) is home to some of the fastest-growing economies, and as these large markets expand their digital infrastructure, the influence of multinational tech companies – what the report dubs “cyber kingmakers” – is becoming increasingly apparent. These companies, with nation-state-level cyber capabilities, will be critical to determining who dominates cyberspace in the region.
At the same time, multi-aligned states in South and Southeast Asia are positioning themselves as pivotal players in the great power competition between the U.S. and China. These states will look to leverage their status as “tipping powers” to secure their interests and will try to impose more requirements on multinational firms that respect their “digital sovereignty” across cloud, AI, digital currency, and governance infrastructures.
Moreover, with elections increasingly being targeted by malicious cyber actors, tech companies that control critical digital infrastructure play a pivotal role in safeguarding democratic processes. Election interference, from disinformation campaigns to direct cyberattacks on electoral systems, threatens not just the integrity of the vote but the stability of governments and societies.
For private sector leaders, this means:
- Your company’s engagement in the Indo-Pacific is not just about market expansion – it’s about influencing the cyber rules of the game.
- Companies that can align their digital strategies with the broader geopolitical landscape will be in a prime position to shape the development of cyber norms, digital governance, and secure a predictable enterprise environment.
- There’s also an opportunity to play a role in safeguarding democratic processes, including elections, which are increasingly targeted by malicious cyber actors – this has both an ethical as well as a practical dimension given that stable, healthy democracies with clear rule of law provide a more healthy long-term business environment.
Executive leaders should look to forge strategic partnerships with governments and regional allies, positioning your company as a trusted player in building secure, resilient digital infrastructure. This will not only boost market share but also protect the integrity of democratic institutions.
Regulatory Fragmentation and Digital Sovereignty
A major challenge that private sector leaders must contend with is the fragmented regulatory authority across Indo-Pacific nations and the increasing willingness to throw sovereign weight around to protect perceived national security, economic, and political interests. This creates a complex patchwork of rules and geopolitically competing technical infrastructures (from fiber cables, landing stations, satellite terminals, 5G networks, hyperscale AI/cloud datacenters, and digital payments systems) that complicates efforts to build cohesive cybersecurity, data privacy, and AI risk management, and related digital economy policy frameworks.
For companies operating across borders, this fragmentation demands a proactive approach:
- It’s no longer enough to comply with regulations on a country-by-country basis.
- Businesses need to anticipate regulatory changes and work collaboratively with governments to streamline processes.
- This approach is particularly important for internet platforms, media distributors, and others that influence the integrity of democratic processes, where inconsistent regulations across jurisdictions can leave gaps for geopolitical interference or manipulation.
Executives should work to build a cross-border compliance strategy that anticipates regulatory fragmentation and adapts to the trend of national sovereignty and geopolitical competition over national tech stacks.
Cyber Competition in the Gray Zone
The report warns that state actors, particularly China, will continue to exploit the “cyber gray zone” — the space where conventional warfare tactics don’t apply, but cyberattacks and disinformation campaigns can create significant disruption.
China’s cyber operations in the Indo-Pacific are designed to erode geopolitical alliances, undermine military deterrence, and manipulate political processes in U.S. partners. This form of sub-threshold hostile activity bypasses traditional military escalations and focuses on more covert, plausibly deniable methods, often targeting and/or leveraging private sector assets and networks.
For security leaders, this means:
- Preparing for long-term use of cyber tools that go beyond the traditional scope of cyberattacks and intentionally or unintentionally hit private sector networks or business operations.
- Expecting to encounter increasing disinformation campaigns, economic espionage, covert sabotage, and cyber operational preparation of the battlefield targeting critical infrastructure, supply chains, and information networks.
Executives must take a new look at the intersection of geopolitical and cybersecurity risk and invest in cybersecurity measures that address both the technical and human elements of these threats. These leaders should prioritize disinformation detection, advanced threat intelligence, and cross-sector collaboration with public sector partners to mitigate the impact of irregular cyber operations.
The Private Sector’s Role in Cybersecurity
As the Indo-Pacific continues to be a focal point for cyber competition, private sector leaders must recognize their pivotal role in shaping the region’s future. Whether it’s through shaping coherent regulatory environments, building advanced cyber defenses and resilient technical infrastructure, and engaging in shared intelligence efforts, your leadership will be critical in determining the outcome of this global competition in a way that protects your business and fragile democracies as well.