Geopolitics has long been treated as background noise in cybersecurity, relevant for strategic discussions, but rarely for day‐to‐day operational decision‐making. That assumption no longer holds. Rising geopolitical tensions increasingly spill into the digital domain, affecting public organizations not only through cyberattacks, but also via sanctions, legal orders, supplier disruption, and political pressure on technology providers. Although the Netherlands may not directly be involved in an armed conflict, Dutch public organizations are deeply embedded in globally concentrated digital supply chains, making them vulnerable to these developments. This talk examines why traditional approaches focusing on prevention are insufficient on their own in geopolitical cyber events. It introduces a shift toward a Minimum Viable Business approach, focusing on the minimum capability required to keep society‐critical services operational, supported by guiding principles to ensure a fit-for-purpose recovery capability.