INCYBER Forum 2026 For a Fistful of Data: When Data Becomes a Weapon

“According to Russian doctrine, it is possible to win a conflict without it being declared. For many years, we refused to acknowledge that this was, in fact, war.” Alexander Klimburg, researcher at the Hague Center for Strategic Studies, outlines Russian hybrid warfare doctrine as described in military writings: weakening the political will of the adversary before conventional confrontation—or even winning without declaring war. The method relies on a combination of sabotage, cyberattacks, and information manipulation under plausible deniability. The sponsoring state hides behind non-state actors, sometimes entirely fabricated. Klimburg cites the 2015 cyberattack against TV5Monde: the broadcaster taken off air by “supposed cyber-jihadists,” later revealed to be the GRU, Russian military intelligence. The destroyed data had no intrinsic value—“the sole motivation was political impact. And in recent years, we have seen this trend accelerate massively,” he noted at the Grand Palais in Lille.

Ten years after TV5Monde, the mechanism appears unchanged. Jun Osawa, Director of Research at the Dentsu Soken Center for Economic Security Research, describing recent attacks against Japan, speaks of “two-dimensional weaponization.” The first dimension: weaponized DDoS attacks linked to geopolitical events. “Shortly after the announcement at the Munich Security Conference of significant Japanese support to Ukraine via NATO mechanisms, a massive wave of attacks targeted our government websites, local authorities, police stations, and transport systems.” The second dimension: weaponized ransomware, illustrated by the attack of the Qilin group against the Japanese brewing giant Asahi, interpreted as “retaliation on behalf of the Russian Federation.”

Estonia has lived under this pressure for nearly twenty years. Joonas Heiter, Director of the Estonian Information System Authority (RIA), confirms a direct correlation between political decisions—such as new sanctions against Russia—and waves of attacks combining state actors, coordinated hacktivist groups, and isolated individuals. “We are no longer dealing with isolated cyberattacks; these are continuous hybrid operations,” he states.

Mylène Jarossay, President of CESIN and CISO at LVMH, observes this paradigm shift within French companies. Pure data theft is giving way to a more insidious cycle of injection that goes beyond financial motives: “stealing data, then injecting false data that appears authentic—this is clearly for political purposes, for destabilization.”

Cybercrime as-a-service

General Jean-Philippe Lecouffe, Deputy Executive Director at Europol, describes the economic model driving the scale of cyber threats. Ransomware developers no longer conduct attacks themselves; they sell their tools and collect 30 to 40% of the ransoms paid by victims. AI has further lowered the barrier to entry. “We are seeing criminal groups where the human factor has become minimal—the machine does the work.” Operators without specific technical skills launch large-scale phishing campaigns. The result is “highly diffuse criminality, with low-skilled actors using AI tools to accelerate both the speed and scale of their actions.”

What turns this industrialized criminality into a component of hybrid warfare is the relationship between these networks and the states that host them. Lecouffe puts it plainly: these criminals “take refuge in countries whose jurisdictions are—politely speaking—non-cooperative, and benefit from this protection in exchange for their ability to provide useful data to those states: to identify individuals, detect vulnerabilities, and target specific entities.” He refers to Operation LeakBase, which targeted the world’s leading marketplace for stolen personal data: 142,000 registered buyers, 215,000 private messages, and hundreds of thousands of identities for sale. The infrastructure was dismantled, but no operators were arrested. The only rule enforced by site administrators was the prohibition of selling data belonging to Russian citizens. “That says a lot, perhaps, about the origin of all this,” Lecouffe concluded, indirectly pointing to the sponsor.

In France, General Patrick Touak, commander of ComCyber-MI, recorded 453,000 cybercrime incidents in 2025, an 87% increase over five years. One-third of victims are individuals—a proportion far higher than in traditional crime, where they account for less than 20%. The massive data breaches of 2025 are now fueling crime in the physical world. “It starts in cyberspace and has very real-world impacts.” Touak identifies three areas of convergence between cybercrime and traditional crime: crypto-assets, scam centers in Southeast Asia—where scammers are often victims of trafficking—and more broadly, international mafia structures exploiting jurisdictional gaps.

The timing of the sword and the shield: closing the “velocity gap”

The issue of response timing, raised by several speakers, has a name in Anglo-Saxon terminology: the velocity gap—the difference in speed between attack and defense. General Lecouffe emphasizes the need to accelerate the “information-decision” loop (the OODA loop). He uses this concept to describe what he observes daily: criminals freed from jurisdictional constraints versus institutions whose procedures were not designed for such speed. In France, General Touak notes that gendarmes spend half their time drafting judicial reports. AI should help reduce time spent on such tasks: “the regulatory framework must allow us to move much faster. This is not yet the case,” he regrets. Virginie Rozière, Director for Digital Affairs at the Ministry for Europe and Foreign Affairs, advocates increasing the cost of attacks through public attribution and international sanctions.

“Historically, the sword always develops before the shield,” concludes Alexander Klimburg, placing the issue in a broader temporal framework. According to him, AI will inevitably be more effective for offensive purposes than for defense—at least for a time. “The question is: how much damage will be done before we are able to develop that shield?”