Blog
Article . Cybersecurity & Defence

From Cyberespionage to Cyberwarfare

02/07/2026
download Download research

The evolution of cyber operations reveals a spectrum, running from clandestine intelligence gathering to overt acts of digital aggression. Understanding the distinctions, and the overlaps, is essential to discerning escalation pathways in the new warfare.

The Spectrum of Cyber Operations

Cyberespionage focuses on the covert exfiltration of data for strategic advantage, usually in the form of long-term, intelligence-driven campaigns.

Operations of this type are frequently conducted by Advanced Persistent Threat (APT) groups, which are highly capable and often state-linked actors specialising in stealth, persistence and custom-built malware. Their objective is not immediate disruption but the sustained accumulation of knowledge to achieve strategic, economic, military or diplomatic superiority.

Cyberwarfare, by contrast, involves hostile actions designed to disrupt, degrade, disable, manipulate or surveil an adversary's systems, with the explicit potential to trigger a kinetic response.

Although the two are distinct, cyberespionage often serves as a precursor to cyberwarfare, since the intelligence gathered during espionage operations provides the insights and access needed for future destructive or disruptive attacks.

Techniques such as phishing, malware deployment and social engineering are pervasive across cybercrime, cyberespionage and cyberwarfare. That shared toolkit complicates attribution and makes it difficult to categorise an attack based solely on its technical characteristics.



Historical evolution of cyber threats and major incidents

The history of cyber threats traces back to rudimentary beginnings before evolving into the sophisticated landscape observed today.

Early cyber threats in the 1970s and 1980s were largely confined to basic viruses and worms, often created as experiments. The RABBITS Virus in 1969, which replicated itself until it overwhelmed and shut down computers, is considered one of the earliest instances.

The 1990s saw the proliferation of more complex malware, including Trojans and email worms, which spread through email attachments and floppy disks as personal computers became more common. Notable early incidents include the 1834 hack of the French Telegraph System for financial market information and Kevin Mitnick's exploits from 1970 to 1995, where he accessed highly guarded networks including Motorola and Nokia.

The 2000s marked a significant escalation, with a substantial increase in data breaches. More than 4,500 data breaches have been publicly announced since 2005, with experts estimating the true number to be much higher.

Attacks like SQL Slammer in 2003 infected 75,000 victims in under 10 minutes, slowing global internet traffic. That period laid the groundwork for the more targeted and destructive cyber operations that would follow in the 2010s and 2020s, culminating in the industrialised, AI-augmented environment that defines 2025 and 2026.

Escalation dynamics and thresholds in cyber conflict

Escalation in cyber conflict is defined as an increase in the intensity or scope of conflict that crosses thresholds considered significant by one or more participants.

Navigating these thresholds in cyberspace is inherently complex. The fog of cyberwar makes it exceedingly difficult to determine precisely when a red line has been crossed, primarily because of the loose linkages between intent, effect and perception in the digital realm.

Uncertainties about allowable behaviour, the potential misinterpretation of defensive preparations as offensive actions, and errors in attributing attacks all contribute to instability. Unlike conventional warfare, where physical damage provides clear indicators, the effects of cyber operations can be obscure, and the source of attacks may not be immediately obvious.


The New Warfare: Cyber AI Weaponisation of Code

Would you like to know more about this topic?

Download our latest research “The New Warfare: Cyber AI Weaponisation of Code”

Download now

Download now