Cyber Doomsday Warnings Do More Harm Than Good

Uploaded on 2025-02-24 in TECHNOLOGY--Resilience, FREE TO VIEW

At a recent NATO cyber defence conference in London, British cabinet minister, Pat McFadden, warned that ‘Putin is ready to cripple Britain with cyberattacks’.

This sparked widespread reactions about the use of such cyber doom rhetoric, with many arguing that it does more harm than good, as such language can heighten fear unnecessarily and overshadow more tangible and current risks.

In his speech, McFadden did indeed highlight the real and significant risks posed by cyberattacks, noting that Russia could potentially ‘turn off the lights for millions’ by targeting critical infrastructure.

However, his remarks were framed in the context of Ukraine’s ongoing struggle against Russian aggression – not an isolated warning about the UK. He referenced Russia’s cyberattacks on Ukraine’s electricity grid, airports, and other critical national infrastructure, discussing the broader cyber warfare being waged against Ukraine, including cyber espionage. 

It is unclear whether McFadden changed his remarks in response to the criticism, or whether the media failed to capture his words accurately. But this confusion highlights an essential point: the need for precision in public discourse when discussing cyber threats.

The way we frame and define these issues profoundly influences how we understand and respond to them.  Our perceptions of threats, cyber or otherwise, shape the strategies and resources allocated to combat them. 

The ‘cyber doom’ narrative, which emerged in the early 1990s in the US, used terms like ‘cyber-Pearl Harbor’ and ‘cyber-Armageddon’ to describe the potential for catastrophic cyberattacks that could disrupt economies, cripple military operations, and undermine national security. Over time, however, this rhetoric has drawn significant criticism for its role in shaping public perceptions negatively. It often distracts attention from more urgent and practical cybersecurity priorities. Rather than encouraging preparedness, this rhetoric typically leads to heightened fear, which can be counterproductive. 

This rhetoric plays into the hands of adversaries like Russia, whose information operations seek to destabilise Western nations by projecting vulnerability and eroding trust in national infrastructure. 

Critics argue that such fear-driven discourse undermines efforts to build resilience and manage the more immediate threats, such as ransomware, espionage, supply chain vulnerabilities, and growing criminal activities, that continue to evolve in complexity and scale. These threats are compounded by the proliferation of cyber intrusion tools, which are widely available on underground markets, and by the increasing use by states of criminal proxies for their cyber operations.

Building resilience in cybersecurity requires focusing on actionable, ongoing risks rather than sensationalised, worst-case scenarios. The constant escalation of doomsday language is a distraction. 

Moreover, this rhetoric also plays into the hands of adversaries like Russia, whose information operations seek to destabilise Western nations by projecting vulnerability and eroding trust in national infrastructure. By framing the UK as being on the brink of catastrophic cyberattacks, this discourse unintentionally reinforces Russia’s narrative of cyber strength and influence. 

It is important to note that while cyber threats from state actors are growing, none of the predictions of widespread, systemic collapse have come to fruition. Cyberattacks targeting critical infrastructure have occurred, but they have not resulted in the total disruption that some feared.

However, state-sponsored cyberthreats are increasing in complexity and frequency, particularly when it comes to targeting critical infrastructure. Here, not only Russia but also China, Iran, North Korea and others present serious and evolving threats. Several countries regularly share intelligence about the kinds of threats they face from other nation-states. For example, the US Cybersecurity and Infrastructure Security Agency (CISA) has highlighted how China engages in cyber activities to infiltrate critical infrastructure and advance its national interests. Similarly, CISA has reported that Iran uses sophisticated cyber capabilities to suppress dissent and target regional and international adversaries, while North Korea conducts cyber operations to gather intelligence, generate revenue and disrupt systems. 

When it comes to the role of cyber in modern conflict, the war in Ukraine offers important lessons. While cyberattacks have certainly caused disruptions, such as disabling power grids and communication networks, they have not resulted in the total systemic collapse that some feared. The key focus of Russian cyber operations has been on espionage, information operations, and targeted attacks designed to gain a military advantage. Russia has sought to exploit vulnerabilities in specific targets, whether through cyber espionage or by disabling crucial infrastructure for short periods. 

Cyber has also not been the dominant feature of the conflict as many predicted. Instead, traditional kinetic warfare has remained the primary mode of engagement, demonstrating that cyber capabilities, while impactful, are not a substitute for conventional military power – at least not yet.

While the UK has made significant progress in strengthening its cyber defences, the adoption of basic cybersecurity measures – including things like network security, malware prevention and user education and awareness – remains uneven across sectors.

Therefore, rather than preparing for a worst-case scenario, a more effective strategy would be to encourage the widespread adoption of these measures across government, industry and the public. 

At the same time, governments must address the evolving threats posed by both state and non-state actors, by adopting a whole-of-society approach and engaging with allies and international partners to adapt to the constantly changing threat landscape.

While the risks are real, focusing on resilience-building and addressing current cyber threats will ultimately be more productive than indulging in doomsday scenarios. 

Joyce Hakmeh is Deputy Director, International Security Programme at Chatham House 

You Might Also Read: 

The Impact Of Geopolitical Dynamics On The Evolving Cybersecurity Landscape:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Grok 3 - The Latest AI Reasoning Model

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Armor

Armor

Armor provide managed cloud security solutions for public, private, hybrid or on-premise cloud environments.

Phoenix Contact Cyber Security

Phoenix Contact Cyber Security

Phoenix Contact Cyber Security is a leading manufacturer of network security appliances for use in industrial environments.

International Telecommunication Union (ITU)

International Telecommunication Union (ITU)

ITU is the United Nations specialized agency for information and communication technologies – ICTs. Areas of activity include cybersecurity.

Robert Half Technology

Robert Half Technology

Robert Half Technology offers a full spectrum of technology staffing solutions to meet contract and full-time IT recruitment needs.

Crayonic

Crayonic

Crayonic digital identity technologies protect and guarantee the identity of people and things.

Malleum

Malleum

MALLEUM are specialists in penetration testing and security assessments. We think like hackers – and act like them – to disclose discreet dangers to your organization.

ABS Group

ABS Group

ABS Group provides risk and reliability solutions and technical services that help clients confirm the safety, integrity and security of critical assets and operations.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BluBracket

BluBracket

BluBracket is the first comprehensive security solution that makes code safe—so developers can innovate and collaborate, and security teams can sleep at night.

Tetrad Digital Integrity (TDI)

Tetrad Digital Integrity (TDI)

TDI is a world-class consulting firm offering cybersecurity services to government agencies and commercial clients around the world.

CENSUS

CENSUS

CENSUS is a Cybersecurity services provider offering services to multiple industries worldwide such as Security Testing, Code Auditing, Secure SDLC, Vulnerability Research and Consulting Services.

SecureAge Technology

SecureAge Technology

We’re a rapidly growing cybersecurity company with an 18-year history of ZERO Data breaches. Our security solutions place security and usability on equal footing. Learn more about our technology.

Lansweeper

Lansweeper

Lansweeper is an IT Asset Management platform provider helping businesses better understand, manage and protect their IT devices and network.

Eventus Security

Eventus Security

Eventus, are a team of highly skilled professionals who are committed to deliver excellence in next generation cyber security services and customized solutions for your enterprise.

Bastazo

Bastazo

Bastazo provides tools for vulnerability and patch management. Focus your cybersecurity operations on vulnerabilities with the highest risk of exploitation.

TeKnowledge

TeKnowledge

TeKnowledge enables governments and enterprises around the world to navigate the challenges with digital transformation today and tomorrow with elite cybersecurity protection and managed services.