Sun. Oct 1st, 2023

Content Assessment: An Escalation Roadmap? Understanding Cyber Threats, Organizational Harms, and International Response Mechanisms

Information - 91%
Insight - 90%
Relevance - 92%
Objectivity - 93%
Authority - 92%



A short percentage-based assessment of the qualitative benefit of the recent report authored by Lieutenant Colonel Ben Valk and published by the CCDCOE on cyber threats, organizational harms, and international response to these threats and harms.

Editor’s Note: In an increasingly interconnected world, the landscape of cyber threats is evolving at an unprecedented pace. These threats pose significant challenges to organizations, impacting their security and ability to manage and govern information effectively. This article provides a high-level overview of the European Union Agency for Cybersecurity (ENISA) Prime Threats, the Taxonomy of Organizational Cyber Harm, the threshold of what constitutes an armed attack in cyberspace, and the escalation roadmap for international entities like the United Nations (UN), the European Union (EU), and the North Atlantic Treaty Organization (NATO), as comprehensively covered in the “Escalation Roadmap: An analysis paper” by the CCDCOE. Readers are strongly encouraged to read the report for a more comprehensive understanding.

Industry Report Summary

Escalation Roadmap: An Analysis Paper (CCDCOE)

ComplexDiscovery Staff


The Cooperative Cyber Defence Centre of Excellence (CCDCOE) is a NATO-accredited cyber defense hub that focuses on research, training, and exercises in the field of cyber security. The CCDCOE’s recent document, “Escalation Roadmap: An analysis paper,” authored by Lieutenant Colonel Ben Valk, comprehensively analyzes the current cyber threat landscape and presents an escalation roadmap that includes flow charts for reporting and responses to cyber threats. This article aims to provide a high-level account of the key insights from this document, elucidate their implications, and offer a clear understanding of the cyber threats, the potential harms that can result from them, and the international response mechanisms in place to deal with them.

Understanding ENISA Prime Threats

The ENISA Threat Landscape 2022 identifies several prime threats that could potentially disrupt vital services, pose a danger to life or health, or cause environmental damage. These threats include:

  1. Ransomware: Malicious software that encrypts data and demands a ransom for its release. Ransomware can lead to significant economic effects if parts of the distribution system are attacked.
  2. Malware: Software designed to cause harm to a computer system or network. Malware could disrupt a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or unknowingly interfere with the user’s computer security and privacy.
  3. Social Engineering: Manipulative tactics used to trick people into revealing sensitive information. Social engineering always needs a human element to be successful.
  4. Threats Against Data: Activities aimed at unauthorized access, disclosure, or data manipulation. Disclosure of personal, sensitive, or classified data could be a GDPR violation or bring a government into disrepute.
  5. Threats Against Availability: Attacks that aim to make a network, service, or data unavailable, such as Denial of Service (DoS) attacks.
  6. Disinformation and Misinformation: The creation and spread of false or misleading information. Disinformation can lead to a crisis if a disinformation campaign intends to destroy, in part or whole, a national, ethnic, racial, or religious group.
  7. Supply Chain Attacks: Attacks that target the relationship between organizations and their suppliers.

As we study the potential harms that can result from these threats, it becomes clear how they can translate into tangible impacts on organizations.

Exploring the Taxonomy of Organizational Cyber Harm

The Taxonomy of Organizational Cyber Harm categorizes the potential harms that can result from cyber threats into five broad categories:

  1. Physical or Digital Harm: This includes malicious cyber activities that result in physical or digital harm, such as the exfiltration or theft of sensitive data, corrupted data files, or unavailable systems. Depending on the results, these could also lead to physical harm, meaning bodily injury or physical damage.
  2. Psychological Harm: This pertains to harm that affects an individual’s mental well-being, often resulting from breaches of personal data.
  3. Reputational Harm: This involves harm to the general opinion held about an entity. A significant cyber incident can damage an organization’s reputation, leading to a loss of trust among customers and stakeholders.
  4. Economic Harm: This harm refers to the financial impact of a cyber incident on an organization. It could result from direct costs associated with responding to the incident, such as recovery and remediation costs, as well as indirect costs, such as lost revenue, decreased productivity, and increased insurance premiums.
  5. Social and Societal Harm: This includes malicious cyber activities like disinformation campaigns that can disrupt daily life and change the public perception of technology.

Understanding these potential harms is crucial in assessing the impact of cyber threats. However, knowing when these cyber operations cross the line and become an armed attack is equally important.

What Constitutes an Armed Attack in Cyberspace

For a cyber operation to be considered an armed attack, it must reach a certain level of harm. However, there is no general rule on what level of harm constitutes a crisis, and a decision has to be taken on a case-by-case basis. When a cyber operation reaches the level of an armed attack, a state may exercise its inherent right of self-defense under Article 51 of the UN Charter. This brings us to the question of how international entities like the UN, the EU, and NATO respond to such situations.

The Roadmap for Escalation for the UN, the EU, and NATO

If a cyber operation reaches the level of an armed attack, the incident should be immediately reported to the UN Security Council. For NATO, a decision as to when a cyber attack would lead to the invocation of Article 5 would be taken by the North Atlantic Council on a case-by-case basis. In the EU, when the disruption caused by a cyber incident reaches a level that is too extensive to handle for a single member state, the incident has to be reported. Clearly, a NATO member nation is not obligated to report to or involve NATO when a malicious cyber activity or attack constitutes a crisis. However, if such a situation occurs, it is unlikely that a member nation would not inform NATO or ask for consultations. With this understanding of the international response mechanisms, let’s reflect on the importance of this knowledge for cybersecurity, information governance, and eDiscovery professionals.


Understanding cyber threats’ landscape, potential harms, and the prescribed international response mechanisms is crucial in today’s digital world. As cyber threats evolve, staying informed and proactively responding can help organizations and nations navigate the cyber threat landscape effectively and ensure their resilience in the face of potential cyber crises. For cybersecurity, information governance, and eDiscovery professionals, this understanding is not just important—it’s essential. It forms the foundation of their work, enabling them to protect their organizations and those of their clients, manage information effectively and respond appropriately to cyber incidents. While this article provides a high-level overview of these topics, they are comprehensively covered in the “Escalation Roadmap: An analysis paper” by the CCDCOE. Readers are encouraged to read the complete report by Lieutenant Colonel Ben Valk and the CCDCOE for a more in-depth understanding.

Read the complete paper from the CCDCOE.

Cite: Valk, B. (no date) Escalation roadmap: An analysis paper –, NATO Cooperative Cyber Defence Centre of Excellence. Available at: (Accessed: 27 July 2023).

Assisted by GAI and LLM Technologies

Additional Reading

Source: ComplexDiscovery


Generative Artificial Intelligence and Large Language Model Use

ComplexDiscovery OÜ recognizes the value of GAI and LLM tools in streamlining content creation processes and enhancing the overall quality of its research, writing, and editing efforts. To this end, ComplexDiscovery OÜ regularly employs GAI tools, including ChatGPT, Claude 2, Midjourney, and DALL-E2, to assist, augment, and accelerate the development and publication of both new and revised content in posts and pages published (initiated in late 2022).

ComplexDiscovery also provides a ChatGPT-powered AI article assistant for its users. This feature leverages LLM capabilities to generate relevant and valuable insights related to specific page and post content published on By offering this AI-driven service, ComplexDiscovery OÜ aims to create a more interactive and engaging experience for its users, while highlighting the importance of responsible and ethical use of GAI and LLM technologies.


Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

ComplexDiscovery is a premier online publication renowned for providing essential insights and intelligence in the realms of cybersecurity, information governance, and legal discovery to professionals navigating these fields. As a leading source of information, the publication expertly combines original research with aggregated news to cater to a highly specialized audience. Committed to enhancing readers’ understanding of relevant topics, ComplexDiscovery stands as an impartial and comprehensive resource for exploring trends, technologies, and services associated with electronically stored information.

The driving force behind this influential publication is ComplexDiscovery OÜ, a technology marketing firm that excels in strategic planning and tactical execution for organizations operating within these sectors. Registered as a private limited company in Estonia, a global leader in digital advancements, ComplexDiscovery OÜ dedicates its primary focus to supporting the publication. The company capitalizes on its virtual presence to provide marketing consulting and services to a diverse array of clients around the world, further solidifying its reputation as a leading voice in the eDiscovery ecosystem.