Geopolitical tensions have risen across the globe. Whereas the Russia-Ukraine battle has accomplished little to vary enterprise continuity and catastrophe restoration practices in “secure” places, the struggle in Iran has served as a wake-up name, inflicting extra CIOs to rethink the scope of their DR plans.
CIOs are discovering that the assumptions behind their catastrophe restoration plans not maintain. Geopolitical battle — and rising constraints on compute and power tied to AI — are exposing how rapidly disruptions can cascade throughout techniques, distributors and areas, overwhelming DR plans constructed for remoted failures.
In accordance with Kapish Vanvaria, danger consulting chief at EY World and Americas, conventional catastrophe restoration planning typically underestimates uncommon and excessive occasions as a result of such plans are constructed round “identified knowns,” reminiscent of hazards, fastened eventualities and predictable timelines — at the same time as geopolitical disruption isn’t contained. Disruptions originating in a single area can quickly cascade into provide chain constraints, regulatory modifications, vendor limitations and connectivity, eventualities conventional DR plans have a tendency to not anticipate.
A part of the shift is structural, not simply operational. “CIOs are additionally recognizing that the boundary between nation-state dynamics and personal enterprise is more and more blurred,” Vanvaria mentioned in an e-mail interview. “Organizations of all sizes may be immediately impacted; difficult assumptions about who’s uncovered and the way rapidly impacts can materialize.”
For instance, in March and April, Amazon AWS information facilities within the United Arab Emirates and Bahrain had been hit by Iranian kamikaze drones, disrupting service. An Oracle workplace in Dubai additionally suffered minor harm from Iranian missile particles in early April.
Whereas the Huge Tech corporations are apparent targets, no group ought to think about itself secure from disruption or provide chain woes brought on by geopolitical unrest. The issue is that IT departments have been so centered on cybersecurity and insider threats that they’ve missed different threats that would trigger critical disruption.
“[The] Russia-Ukraine [war] did not wake them up, nor did the 12-day struggle final 12 months [between Iran and Israel]. It actually took your complete Center East to be in flames to [realize], possibly we should always have thought of this,” mentioned Stefano Ritondale, chief intelligence officer at AI-driven intelligence agency Artorias.
What organizations must do is anticipate the probabilities earlier than catastrophe strikes — for instance, ensuring cybersecurity groups are conscious of international hacking strategies and the IP addresses they have a tendency to make use of for assaults.
Extra essentially, when catastrophe strikes, a typical response is to speculate aggressively in know-how, whereas organizations ought to begin with the in-depth conversations obligatory for danger mitigation. EY’s Vanvari mentioned organizations are more and more breaking down silos amongst know-how, authorized, danger, cyber and compliance features to proactively map complicated eventualities, making enterprise resilience a cross-functional enterprise functionality moderately than simply an IT playbook.
The influence of cloud, web and telecom disruption
Most organizations have hybrid cloud infrastructure partly to guarantee resiliency. Whereas the main cloud suppliers have information facilities around the globe and are persevering with to construct extra, the density of these information facilities varies by area, making some areas extra susceptible to service disruption.
Extra broadly, cloud, web and telecom infrastructure are major targets as a result of they will hamper an enemy’s potential to speak and function successfully. This isn’t solely a menace to corporations with a presence in struggle zones, but it surely also needs to be thought of by all CIOs.
Bernard Brantley, CISO of community detection and response answer supplier Corelight, mentioned he wouldn’t have thought of the obliteration of an AWS information middle in a danger mannequin a 12 months in the past, however instances have modified. “Have we up to date our psychological mannequin to incorporate the catastrophe danger — which now, within the present geopolitical local weather, contains massive [numbers] of companies going offline, potential full-scale disruption of infrastructure resulting from navy motion? We might not have [included that in the] calculus and evaluation [previously]. I feel it is crucial for us to do now.”
In accordance with EY’s Vanvaria, organizations want the power to fail over operations by making the most of geographic redundancy, different connectivity routes and architectures that permit crucial features to proceed working below constrained community situations.
The untested situation: When every thing fails without delay
Whereas enterprises have redundancy for failover, an necessary level has been missed: What would occur if every thing was down concurrently? Whereas some organizations could have thought of this, they have not essentially backed it up with an train that simulates such a situation. “Folks plan for eventualities that make take just a few days or per week, however that is not actuality. In the event you’re working from a scratch backup, it could take six months to a 12 months to rise up and working,” mentioned Kim Larsen, group CISO at cloud-native information safety and restoration answer supplier Keepit and a former member of the Danish police pressure.
In at present’s geopolitical local weather, CIOs are smart to begin pondering extra like navy strategists in relation to enterprise continuity and DR.
For instance, in 2025, cloud connectivity firm Cloudflare skilled just a few outages, the worst of which was a full six-hour outage that immediately affected many organizations together with Canva, ChatGPT, Uber and X. The incident additionally served as a wakeup name for Chris Campbell, CIO at DeVry College. “A Cloudflare outage could not have an effect on my web site, but it surely may take down three or 4 functions that depend on it,” Campbell mentioned. “If you do not have a well-documented understanding of your know-how stack and its interplay along with your clients and your inner processes, you are in all probability working in a high-risk situation.”
There may be additionally the query of what to do with staff who stay and work in a war-torn area. For instance, Corelight has provided relocation companies or stipends to staff who must get to a secure place. After witnessing an analogous situation at Amazon beforehand, Brantley mentioned it is necessary to know what staff might want to keep secure, prioritizing their well being and constructing packages round that.
EY’s Vanvari mentioned continuity depends upon the power to redistribute work quickly if a location turns into unavailable. This contains:
-
Clear authority handovers.
-
Pre‑organized third‑occasion capability to soak up key features briefly, with worker security — all with the intention of prioritizing worker security and well-being.
Different surprises in 2026: Infrastructure shocks add new DR stress
The present world scenario calls for that CIOs adapt to it, but it surely’s not like they do not have the rest to do. For instance, information analytics firm FICO has been working into infrastructure limits due to the GPUs it makes use of for AI. “We have gone from a world the place cloud capability felt limitless to at least one the place silicon and energy are rationed,” mentioned Mike Trkay, CIO at FICO. “Vitality procurement and grid stability at the moment are two of our prime three operational priorities.”
Earlier than, FICO would clear up mannequin scaling processes with specialised {hardware}. Now, it’s utilizing underutilized CPUs and rethinking mannequin effectivity as a core a part of how the corporate deploys its options. By squeezing high-performance execution out of normal x86 and ARM architectures, FICO has been capable of bypass the GPU bottleneck for a good portion of its predictive modeling.
This is not only a technical repair; it is also a strategic hedge in opposition to {hardware} volatility. GPUs are handled like a fluid, valuable useful resource that makes use of AI-driven brokers to dynamically provision spot situations and shift workloads throughout suppliers in actual time based mostly on value.
For catastrophe restoration, FICO designed operational fashions utilizing a multi-geo strategy for value optimization and GPU useful resource availability. This ensures that catastrophe restoration necessities turn into inherent to the working mannequin.
“Inference must turn into geo-agnostic. We have to transfer towards a mannequin the place workloads are stateless relative to the information middle, and free emigrate wherever compute sources are most obtainable, secure and cost-effective,” Trkay mentioned.
He added: “If we keep inside the applicable regulatory jurisdiction to fulfill information sovereignty necessities, the place the ‘pondering’ occurs should not matter. IT Ops and workload distribution at the moment are as a lot about useful resource optimization as they’re about resiliency and DR.”
Darren Cassidy, CIO at AI-enabled digital expertise software program supplier Sitecore, mentioned his group has needed to speed up the maturity of its resilience at a tempo that was beforehand uncomfortable. “It has pressured us to vary how we deal with dangers and handle that,” he mentioned. “So, for instance, it is not sufficient now simply to have the piece of paper saying your audit course of handed and you have got certification. You have to go and robustly problem these processes, do tabletop workouts and attempt to break issues.”
Backside line: DR planning now assumes cascading failure
Although geopolitical tensions have all the time been a menace to enterprise continuity for organizations that function in these areas, the rising interdependence of digital infrastructure — and rising stress on compute and power sources — is rising the dimensions and complexity of disruption.
This requires CIOs to know a extra inclusive scope of threats, a few of which can appear superfluous within the absence of an imminent menace.
Instances have modified — and so has warfare. Whereas cyberterrorism stays a rising menace, it isn’t the one one.
The larger danger now could be assuming disruptions — whether or not from battle or useful resource constraints — will probably be contained.
