Quorum Cyber’s recently released Global Cyber Risk Outlook Report 2025 outlines how nation-state cyber activities, particularly from China, are evolving. According to the report, China’s cyber espionage operations will likely increase in 2025, with attacks targeting Western critical national infrastructure (CNI), intellectual property, and sensitive corporate data. The report also highlights that AI-powered cyber capabilities are being leveraged by China-state-sponsored, and other, threat actors to conduct advanced campaigns and evade detection more effectively.
China’s alleged involvement in data theft through services like DeepSeek raises significant concerns for cyber security leaders. Reports indicate that DeepSeek’s privacy policies allow user data to be stored on servers within China, making it potentially accessible to the Chinese government under local cyber security laws. Cyber security researchers have also found that DeepSeek embeds technology capable of transmitting user data to China Mobile, a state-owned entity, further heightening fears of surveillance and data exploitation. These risks are so severe that US government entities have moved swiftly towards banning its personnel from using DeepSeek, citing security concerns over data interception, including keystrokes and IP addresses. For chief information security officers (CISOs), this serves as a stark reminder of the dangers posed by foreign adversaries.
Actionable steps for CISOs and security leaders
To mitigate the risks of nation-state cyber threats, security leaders must take a strategic, multi-layered approach. Below are key measures that should be considered:
1. Adopt a zero-trust Security Model
Zero-trust assumes that every request for access – whether internal or external – must be verified. Implementing zero trust involves addressing the following core principles:
- Verify connectivity explicitly through strong authentication, for example multi-factor authentication (MFA)
- Authenticate and authorise identities, devices, infrastructure, services and applications based on strong conditional access policies
- Enforce privileged access through tactics such as just-in-time (JIT) and just-enough-access (JEA)
- Implement data protection controls based on defined classification policies
- Take an “assume breach” stance, operating under the assumption that connecting entities have been exposed to threats.
In partnership with many top cyber security solution providers, the NIST National Cybersecurity Center of Excellence (NCCoE) has drafted Special Publication (SP) 1800-35 Implementing a Zero Trust Architecture. The practice guide is designed to provide implementation examples and technical details on how security leaders can ultimately achieve zero trust to safeguard modern digital enterprises.
2. Strengthen supply chain security
Threat actors often exploit supply chains to gain access to larger targets. Organisations should:
- Conduct rigorous third-party risk assessments, ensuring additional rigour is applied to connected and critical third parties
- Implement contractual security obligations for vendors, ensuring key clauses such as the maintenance of strong cyber security programmes and audit rights are considered
- Continuously monitor supplier network connections and other forms of access for suspicious activity.
3. Enhance threat intelligence, monitoring and response
Threat management programmes must evolve to counter espionage threats. Organisations should:
- Maintain cyber threat intelligence (CTI) services to track state-sponsored threat actors
- Conduct ongoing vulnerability detection and mitigation activities, ensuring programmes monitor the full digital estate
- Quickly detect and respond to threats with 24×7 detection and response and threat hunting services
- Increasingly leverage automation, including emerging artificial intelligence (AI) services, to streamline and accelerate cyber security programme processes.
4. AI and data governance practices
As AI becomes an integral part of enterprise environments, organisations must implement governance practices to manage AI solutions securely and protect corporate data. Security teams should:
- Define policies and supporting controls for the secure use of AI and data within business operations
- Ensure AI models used internally are developed and deployed with strict security controls
- Monitor third-party AI tools for compliance with security and data protection requirements
- Define and deploy strong AI and data protection controls to prevent unauthorised data exfiltration or manipulation.
5. Educate end-users on AI risks
The rapid adoption of AI-driven tools within the workplace increases the risk of accidental exposure or misuse of sensitive data. Organisations should:
- Conduct regular security awareness training for employees on the risks associated with AI tools
- Establish guidelines on the appropriate use of AI applications in corporate environments
- Implement policies that prevent employees from sharing sensitive corporate data into public AI models
7. Test and improve incident response readiness
Given the sophistication of nation-state actors, organisations must ensure their response strategies are up to par. Best practices include:
- Conducting regular tabletop exercises simulating attack scenarios, including state-sponsored events
- Running red team/blue team exercises to test security defences
- Establishing and updating clear escalation protocols and contact lists, including the relevant authorities, in case of detected espionage attempts.
As CISOs and security leaders navigate this new AI augmented era of cyber threats, leveraging strategic frameworks, advanced security tools, and frequently tested, highly operationalised processes will be essential in countering nation-state industrial espionage. By staying ahead of emerging risks, organisations can ensure the resilience of their operations in an increasingly hostile digital landscape.
Andrew Hodges is vice president of product and technology at Quorum Cyber.
