An article that should not be ignored at any level of leadership – ‘Russia stepping up hybrid attacks, preparing for long standoff with West, Dutch intelligence warns‘. Whilst it talks to the current state of national Hybrid threats predominantly from Russia it has lessons for Organisations of any size operating in today’s digital threat landscape and is a nice continuum of the theme that I started writing about some weeks ago around ‘Cyber Tail-Risk‘ and a authority led model to address the fast moving Cyber environment.
Hybrid adversaries do not wait for war to begin. They use peacetime as a live training ground. Low-level cyber incidents, disinformation, proxy activity and supply-chain probing are not random or opportunistic. They are deliberate discovery operations designed to map systems, expose organisational seams and rehearse escalation pathways, all while staying below the threshold that would trigger a decisive response at a national level and at an organisational level to avoid asserted mitigation steps.
Small, persistent cyber events teach adversaries far more than technical configurations. They reveal how quickly leaders pay attention, where decision-making stalls, how legal and regulatory friction slows response, which suppliers are trusted without meaningful assurance and investment appetite to respond and mitigate. Over time, attackers learn which incidents are tolerated, which are denied and which provoke action. This behavioural intelligence becomes the playbook for future pressure.
Hybrid tactics also shape the response environment. Information operations undermine trust in institutions, create fear of reputational damage and encourage hesitation. It does not stop there. The modern threat actor is aware of more than the technical pressure points. Legal ambiguity is exploited to create paralysis. They seek out who owns the decision, what can be shared and when can authority override process. In this way, adversaries are not just probing networks, they are conditioning leadership behaviour, training the psychology of the organisation to respond in a controlled and predictable way. With AI this is becoming more and more nuanced as I wrote about last year in ‘A Very Real Breach Symphony‘., how many comments I had suggesting this was fiction … I regret to say think again, it is not the first time fact was born of fiction (not that I profess to be so prophetic!) .
Mitigating this requires more than better tools. Organisations must establish clear cyber authority before crisis operating models. Model that establish who can act decisively when consensus is slow and information is incomplete. Low-level incidents should be treated as strategic intelligence, not operational noise, with patterns tracked over time to understand both adversary learning and internal response drift. Supply chains must be made defensible through evidence-led assurance, not contractual trust. Finally, leadership must pre-position narrative resilience, sorry I am sounding like a consultant with phrases like that, but understanding how to communicate uncertainty without paralysis and defend legitimacy under pressure is not a natural instinct for most.
Hybrid warfare thrives on ambiguity. Resilience comes from authority, clarity of ownership and the ability to act decisively before peacetime rehearsals become wartime consequences. Delays train your adversary. Are you hybrid-fit?
Posted on February 28, 2026
0