Modern risk doesn’t announce itself clearly. It doesn’t stay in one lane, respect organisational boundaries, or wait for the right team to be briefed. It moves across domains simultaneously, faster than most frameworks were built to handle.
That’s not a future problem. It’s the current reality. For public sector leaders, this isn’t just a corporate challenge; it is a fundamental threat to national resilience and the safety of critical national infrastructure (CNI). The Iran conflict right now is one of the clearest demonstrations of this reality we’ve seen in years.
The Age of Cascading Risk
There’s a pattern worth naming: a kinetic event triggers cyber operations. Cyber activity targets critical infrastructure or financial systems. Economic pressure then fuels political instability. Information operations amplify the tension in real time. Each layer feeds the next. This isn’t unique to any one region or conflict. It’s how modern crises work. The trigger changes but the cascade doesn’t.
We saw it play out sharply in recent weeks. The Strait of Hormuz disruption didn’t stay a maritime problem—within hours it had become something else entirely. Oil spiked above $100 a barrel, triggering national energy emergencies as far away as the Philippines and Thailand. Brute-force attacks targeting Western critical national infrastructure surged. Major shipping lines rerouted entire fleets. Insurance premiums repriced globally, almost overnight. One event, five consequences, none of them contained. These were not side effects—they were coordinated strikes on the systems that keep society functioning.
In the public sector, we can no longer afford to view these as isolated incidents. We have already seen state-aligned actors target U.S. and UK water systems, manipulating industrial controls to cause tank overflows and supply disruptions. These breaches proved that administrative IT vulnerabilities can force protective shutdowns of physical utility operations, directly impacting public health and regional stability across multiple borders.
Geopolitical complications aren’t the point. The pattern is. Physical events drive digital consequences. Digital activity shapes real-world behaviour. Crises don’t unfold in sequence anymore—they ripple, fast.
The Golden Quarter
I spent over 20 years in national security and counter-terrorism. The intelligence picture back then was a slow build. Classified reporting reached your desk hours or days after the event. You worked with what you had and filled the gaps with judgment and experience. That world is gone.
We used to talk about the golden hour. That’s now the golden quarter. What once moved through intelligence channels over days now surfaces publicly within minutes. Millions of people are functioning as live sensors, posting images, footage, and firsthand accounts as events unfold. The first hour of a crisis now contains more raw signal than an entire reporting cycle used to.
I see the erosion of that “Golden Hour” every day now. The earliest indicators of a situation rarely come from a single clear source. They emerge as fragments. A video. A local report. A spike in online chatter. On their own, they’re easy to dismiss. Together, they tell you something is building.
But volume isn’t the same as clarity. The pressure on decision-makers hasn’t eased—tt’s intensified. It’s no longer about getting information. It’s about making sense of the information quickly enough to act, often before the full picture exists. That’s a different discipline entirely.
Cyber and Physical Risks Are the Same Problem
One of the most significant shifts of the past decade is the collapse of the domain boundaries between cyber and physical risk. They were never really separate. We just treated them that way.
The Iran conflict example makes it plain. Physical strikes on energy infrastructure were accompanied by a simultaneous surge in cyber activity targeting operational technology devices in Western water and power utilities. These were not parallel events that happened to coincide. They were coordinated, multi-domain operations designed to create pressure across multiple systems at once.
Take the December 2025 targeting of the Polish energy grid. Coordinated cyber strikes hit 30 energy sites during a severe cold snap. Wiper malware corrupted firmware on Operational Technology (OT) devices, threatening life-safety systems for 500,000 citizens. This wasn’t just a data breach; it was a physical threat delivered through a digital vector.
This isn’t a regional phenomenon. It’s a template, and it will be replicated, in different contexts, by different actors, wherever the conditions exist. For anyone responsible for protecting people or operations, recognising signals across both domains is no longer an advanced capability. It’s a baseline requirement.
The Signal Problem
Here’s the irony. We have more data than at any point in history, and yet clarity is often harder to find, not easier. The volume itself becomes the problem.
Security teams aren’t suffering from a lack of information. They’re facing a signal detection challenge. Which indicators represent genuine escalation? Which events are noise? Which weak signals, when connected, point to something building?
Getting that right, quickly, is what separates organisations that stay ahead of a situation from those permanently playing catch-up. The difference increasingly comes down to context—not just seeing the signal, but understanding what it means and why it matters to you.
The Shift From Reaction to Anticipation
Most security and public safety models were built around response. Mobilise once the crisis is visible. Contain. Recover. That logic made sense when threats were slower and more contained. It doesn’t hold anymore.
By the time a multi-domain crisis is obvious to everyone, the decision window has often already closed. The response that mattered happened earlier, in the detection phase, not the reaction phase.
Consider the February 2026 satellite communications disruption. A cyber-interference event targeted satellite navigation used by EMEA transport hubs. The ripple effect was immediate: maritime traffic stalled and regional aviation suffered ground stops. By the time the disruption was “confirmed,” the supply chain was already paralyzed.
What is also required is a shared operational picture. Geopolitical analysis, cyber monitoring, and physical security functions must work from a unified feed of real-time intelligence. Dataminr provides this foundation, moving organisations away from siloed reporting and toward a model of true anticipation.
The Signals Are Usually There
Threats don’t respect organisational structures. A geopolitical escalation may surface first as a cyber signal. A cyber incident may move markets before any official statement exists. A supply chain disruption may carry political consequences that nobody modelled.
In a world of cascading risk, the difference between a managed incident and a national crisis is the speed of your first signal. The signals appear early and are often visible to anyone looking in the right places, but for public sector and security organisations, the goal is not just to find them—it is to find them first.
Dataminr is the engine that makes this possible. By transforming the overwhelming noise of global data into precise, actionable intelligence, we give decision-makers the one thing they cannot afford to lose: time. In the age of the Golden Quarter, Dataminr ensures that when one crisis becomes five, you aren’t just watching it happen—you’re already steps ahead.
Tracking and Analyzing Cyber Warfare in Modern Conflicts
The evidence of both hacktivism and high-end cyber enablement of physical operations shows that cyber is an integrated component of modern military efficacy.
Learn More
