Most organisations discover they have a disinformation problem the same way most people discover they have a structural problem with their house. By the time the damage is visible, the underlying deterioration has been underway for considerably longer than anyone would find comfortable to acknowledge.
This analogy is not rhetorical. The operational signature of a well-constructed influence operation is, by design, indistinguishable from organic reputational pressure until it has achieved sufficient scale to become self-sustaining. At that point, the causal architecture, who initiated it, through what infrastructure, toward what specific objective, has been deliberately obscured. What remains visible is the effect, a narrative that has embedded itself in the discourse surrounding an organisation, a person, or an institution, and that continues to propagate through the information environment largely independent of the original actor.
Responding to that effect without understanding its cause is not crisis management. It is crisis theatre.
The Comfortable Misdiagnosis
There is a version of this problem that is easy to sell to boards and comfortable for leadership teams to accept. In that version, disinformation is essentially a supercharged PR challenge, requiring faster monitoring, sharper messaging, and more agile communications infrastructure. The solution set is familiar, social listening tools, rapid response protocols, media relations, legal letters to the most egregious offenders. It fits within existing organisational structures. It does not require building new capability or acknowledging new categories of vulnerability.
It is also largely inadequate for the threat it claims to address.
The conflation of disinformation response with communications management reflects a fundamental misapprehension of what disinformation operations actually are. They are not, at their core, communications phenomena. They are adversarial operations, planned, resourced, and executed with specific objectives, using the information environment as the operational terrain. Treating them as communications problems applies the wrong analytical framework, generates the wrong intelligence picture, and produces responses calibrated to a threat that does not correspond to the one actually present.
The distinction matters because the response architecture for an adversarial operation is categorically different from the response architecture for a reputational crisis. One requires intelligence methodology. The other requires communications expertise. Organisations that deploy only the latter against the former are not managing the risk. They are performing the management of it.
What the Threat Environment Actually Looks Like
The academic and practitioner literature on influence operations has advanced considerably in the past decade. The work coming out of institutions including the Stanford Internet Observatory, the Oxford Internet Institute, and the EU DisinfoLab has produced a detailed empirical picture of how coordinated inauthentic behaviour is structured, resourced, and deployed across different geopolitical and commercial contexts.
Several features of this picture are worth holding in focus. First, the barrier to entry for a credible influence operation has fallen dramatically and continues to fall. Generative AI has reduced the production cost of synthetic content, credible personas, and scaled narrative seeding to a fraction of what it required even three years ago. Second, the platforms through which disinformation circulates have not developed countermeasures at a pace that tracks the evolution of the threat. Enforcement remains inconsistent, attribution tools available to non-state actors remain limited, and the incentive structures of major platforms continue to reward engagement over accuracy. Third, and most consequentially for organisations assessing their own exposure, the targeting logic of influence operations has become significantly more granular. Operations are increasingly designed not to shift mass public opinion but to influence specific, high-leverage audiences, investors, regulators, journalists, senior employees, whose decisions are consequential to the target organisation's functioning.
This last development renders audience-scale metrics largely irrelevant as a measure of operational impact. An influence operation that reaches ten million people and shifts none of their behaviour has achieved nothing. One that reaches three hundred analysts, fund managers, or regulatory officials and introduces meaningful uncertainty into their assessments of a target organisation has achieved a great deal. The sophistication with which targeting has evolved is not matched by the sophistication with which most organisations assess their own vulnerability to it.
The Operational Logic of Serious Response
The Disinformation Commission is built on a practitioner model that takes this threat environment seriously on its own terms rather than translating it into the more comfortable language of communications management. The analytical starting point is the threat actor and the operational architecture, not the content of the narrative being seeded. Source attribution, network topology, amplification infrastructure, timing patterns and the identification of target audiences are the primary analytical objects. The communicative response, if one is warranted, follows from that picture rather than preceding it.
This sequencing is not procedural fastidiousness. It reflects a genuine insight about how influence operations are structured and what effective intervention requires. An organisation that responds to a disinformation operation without first establishing who is behind it, what their operational objective is, and what their likely next move is, is navigating without a map. It may accidentally counter the operation. It may, with equal probability, accelerate it.
Persistent environmental monitoring, the maintenance of an ongoing analytical picture of the information terrain surrounding an organisation, is the prerequisite for everything else. It is also the capability that is most consistently absent in organisations that consider themselves prepared for reputational risk. The gap between having a crisis communications plan and having the intelligence infrastructure to know when and whether that plan should be activated is where most institutional responses fail.
The Reckoning That Is Already Underway
The organisations that have experienced significant disinformation operations at first hand are not, in aggregate, returning to their previous posture. The experience of navigating a coordinated false narrative through conventional communications infrastructure, watching it propagate faster than the rebuttal, seeing it embed itself in the assessments of key stakeholders despite being demonstrably false, is clarifying in a way that threat briefings rarely are.
The lesson those organisations are drawing is consistent. The capability required to manage this threat effectively cannot be assembled after the operation begins. The monitoring infrastructure, the analytical relationships, the legal pathways, the response protocols, all of it must exist before the need for it becomes acute. Organisations that are building this capability now are not being paranoid. They are being accurate about the environment they are operating in.
The information environment is not going to become more benign. The tools available to actors who wish to use it as operational terrain are not going to become less accessible. The question for any organisation that operates in a contested information space, which is to say, any organisation of any significance, is not whether this risk is real. That question has been answered, repeatedly and expensively, by the organisations that asked it too late.
The question is whether the infrastructure to manage it exists before it becomes necessary to use it.
Top comments (0)