Rethinking Cyber Deterrence in a Multipolar World

Geopolitical tensions in cyberspace are escalating. There is an urgent need to reassess how the cyber domain can support broader deterrence strategies. However, the effectiveness of deterrence in cyberspace remains contested among scholars and practitioners. While malicious cyber activity targeting critical national infrastructure (CNI) continues to mount – posing increasing risks to the national security of Western states – it remains unclear whether deterrence measures have meaningfully reduced the frequency, scale and severity of these incidents.

Although there has been no ‘catastrophic nationwide cyber attack’, persistent low-level activity – particularly from Russia and China – has targeted a range of CNIs and sectors in the West. This trend risks being obscured by ‘unrealised and unspecific scaremongering’, leaving policymakers ill-prepared to respond to evolving threats.

This paper balances existing prevailing scepticism about the feasibility of cyber deterrence against the growing political imperative to impose consequences – both cyber and non-cyber – on malicious actors. It explores the question: if a state cyber operation led to a Category 1 cyber incident – described by the National Cyber Security Centre as ‘a cyber attack that causes sustained disruption of essential services or affects national security’ – with sustained threat to life, how could the UK and its allies deter an actor from attempting another breach?

This paper argues that cyber deterrence must be part of an integrated, cross-domain strategy. Deterrence should be understood as a continuum of prevention and response measures – cumulative, iterative, tailored and grey-zone oriented – drawing from lessons across multiple case studies. It particularly considers the implications of cyber operations ‘pre-positioning’ for disruptive or destructive attacks.