Geopolitics has long been treated as background noise in cybersecurity, relevant for strategic discussions, but rarely for day‐to‐day operational decision‐making. That assumption no longer holds. Rising geopolitical tensions increasingly spill into the digital domain, affecting public organizations not only through cyberattacks, but also via sanctions, legal orders, supplier disruption, and political pressure on technology providers. Although the Netherlands is not directly involved in armed conflict, Dutch public organizations are deeply embedded in globally concentrated digital supply chains, making them vulnerable to these developments. This talk examines why traditional approaches such as disaster recovery, business continuity planning, and sovereign cloud strategies are insufficient on their own in geopolitical cyber events. It introduces a shift toward a Minimum Viable Business approach, focusing on the minimum capability required to keep society‐critical services operational, supported by guiding principles to ensure a fit-for-purpose recovery capability.
