The Dark Side of Sovereignty

Last updated on 
The Dark Side of Sovereignty
Photo by NASA / Unsplash

A quick look at how control without protection can leave your business wide open.

Maersk’s wake-up call

It’s 2017. Maersk, a global shipping giant, manages its own key servers to stay in control of its digital identity and operations. But then NotPetya strikes — a destructive malware disguised as ransomware, designed for maximum damage. From a single infected laptop in Ukraine, the malware spreads like wildfire through Maersk’s network. In minutes, it wipes out 150 domain controllers and nearly all IT systems. Screens go dark. Ports fall silent. Global shipping grinds to a halt.

Maersk’s disaster recovery plan? Pure luck. A single domain controller in Ghana happened to be offline. An employee flies across continents, hand-carrying the server to help rebuild Maersk’s digital identity. It sounds like fiction, but it really happened.

The damage:

$250–300 million in losses; 49,000 laptops and 4,000 servers rendered useless
17 ports across 76 countries disrupted — including major hubs like Rotterdam and Los Angeles
➡ Recovery only possible thanks to that one offline domain controller

Maersk’s full control didn’t shield them. It magnified the fallout.

The CIA Basics: Why Sovereignty raises the stakes

Cybersecurity rests on three key principles — the CIA triad:

  • Confidentiality: Only authorized people can access your data — like locking away your files.
  • Integrity: Data stays accurate and untampered — like sealing documents.
  • Availability: Systems and data are there when you need them — like keeping your store open.

When you choose sovereignty — taking full control of your digital systems — you take on full responsibility for protecting these principles. Without external safety nets, you’re on your own for defending confidentiality, integrity, and availability at all times. Every gap is now yours to own and close.

This is where threat modeling comes in:
It helps you see how threats — from cybercriminals to global disruptions — could harm these foundations, and weigh your options. Full control might seem smart, but without matching protection, it can leave you dangerously exposed.

Today’s Threats: How exposed is your business?

The Microsoft Digital Defense Report 2024 highlights the scale of today’s cyber risks:

  • 600 million identity attacks every day, often exploiting weak or stolen passwords
  • 742% rise in supply chain attacks, causing billions in damage
  • Nearly 3× increase in ransomware attacks, shutting down operations
  • 389 healthcare organizations taken offline by cyberattacks
  • 400% surge in tech scams, affecting businesses everywhere

Maersk wasn’t even the target — just collateral damage in a larger attack.

It’s natural to worry about sovereignty and legal risks, like the U.S. Cloud Act, which allows U.S. authorities to request data from cloud providers — even those operating in Europe. But in practice, these requests have been extremely rare, with no widely reported cases involving EU public sector data. Meanwhile, cyberattacks hit businesses hundreds of millions of times each day.

👉 Geopolitical risks are real, but they’re dwarfed by the scale and frequency of technical threats. The real challenge is balancing sovereignty decisions with practical, resilient security.

The Bottom Line

Sovereignty without resilience is a liability. Before chasing control, ask:

Can we protect what we control? Start with threat modeling — and be honest about what you can manage.