Resilience: Connecting Cybersecurity and Digital Sovereignty

In today’s volatile geopolitical and economic landscape, manufacturing organisations—particularly those operating complex, interconnected production environments—are rethinking how they approach technology risk and collaboration.

Digital infrastructure is no longer just an efficiency enabler. It is a strategic asset that underpins resilience, trust and long-term competitiveness. As a result, cybersecurity and digital sovereignty can no longer be addressed separately. They are deeply interconnected, shaping not only how organisations protect themselves, but also how they participate in digital ecosystems and data spaces.

This is especially true for manufacturing, energy and critical infrastructure sectors, where operational continuity supports society itself. Manufacturers sit at the heart of global supply chain ecosystems, making them high-value targets for cyberattacks and subject to increasing regulatory scrutiny.

For CIOs and CISOs, the mandate is no longer limited to defending systems. It is about enabling resilience, trust and collaboration across organisational and national boundaries.

What is digital sovereignty?

Digital sovereignty is often misunderstood as isolationism or technological self-sufficiency. In practice, it is a board level strategic concern, driven by the need for clarity, accountability and control in an increasingly complex digital environment.

At its core, digital sovereignty is about resilient autonomy. It means making informed, strategic choices about dependencies, data and technology—choices leaders can explain, defend and adapt over time while remaining open to innovation and collaboration.

Digital sovereignty spans several dimensions of sovereignty:

• Data: Control over where data is stored, processed and accessed
• Technology: Freedom to choose, switch and combine technologies without excessive lock in
• Legal: Reduced exposure to foreign jurisdictions and conflicting legal regimes
• Economic: Visibility and influence across supply chain ecosystems and long term value creation
• Cybersecurity: Capability to protect, monitor and respond independently across IT and OT environments.

Most organisations will not—and should not—aim for complete digital independence. In an interconnected world of shared platforms and global value chains, isolation would limit agility and innovation.

The objective is strategic sovereignty: maintain strong control over critical assets while actively participating in trusted ecosystems and platforms. When designed well, this balance reduces dependency and risks, strengthens stakeholder trust and enables innovation on your own terms—not those imposed by external providers.

In practice, this requires deliberate architectural and governance choices:

• Hybrid and multi cloud strategies to reduce dependency on a single vendor or jurisdiction to improve workload portability and control over sensitive or mission critical systems.
• Zero trust architectures to maintain visibility or control as IT and OT environments converge and ecosystem connectivity expands.
• Clear data localisation and governance frameworks to ensure intentional data placement, classification governance and protection of sensitive information and intellectual property.
• Modular and open source architectures to avoid structural lock in and increase long term flexibility.
• Defined executive accountability —by creating roles like “Digital Sovereignty Officer”—to embed sovereignty into everyday decision making and address cybersecurity, vendor exposure and geopolitical risks consistently across functions.

Cybersecurity and digital sovereignty

A mature cybersecurity strategy is a prerequisite for digital sovereignty. Zero trust architectures, hybrid technology strategies, strong identity and access controls and disciplined data governance create the technical foundation for control and resilience and to operate with confidence.

For this reason, cybersecurity should not be viewed as a cost centre. It is a strategic enabler of collaboration, innovation and long term digital credibility.

Cybersecurity and digital sovereignty are no longer abstract policy discussions. They are strategic decisions that directly impact resilience, competitiveness and trust. Organisations that treat them separately may close technical gaps but remain open to structural risk. Those that connect them and establish visibility, control and trust—by design—position themselves to participate confidently and from a position of strength in manufacturing ecosystems.