Countering information manipulation (LMI): a new challenge for crisis exercises

For several years, cyber crisis exercises have mainly been built around ransomware attacks. These scenarios remain essential today, but they no longer cover the full range of threats organizations face. Information manipulation campaigns, conducted through social media, the press or coordinated influence operations, now directly target the reputation, trust and perception of companies. In this context, countering information manipulation (LMI) is progressively becoming a new training ground for organizations.

Why cyber crisis exercises still focus largely on ransomware

For several years now, cyber training programs have largely relied on a scenario that has become almost systematic: the ransomware attack. Organizations prepare for situations combining system encryption, data exfiltration, operational disruption, media pressure and business continuity issues.

These exercises have profoundly transformed how companies approach cyber crisis management. They have helped structure crisis cells, professionalize response mechanisms and bring these topics into executive committees.

This rise in maturity remains essential. Even so, it does not always make it possible to address another category of threat now growing rapidly: information manipulation.

In its awareness guide produced with the CDSE, VIGINUM points out:

“Not a week goes by without VIGINUM’s teams detecting an attempt at foreign interference or destabilization targeting our [French] companies.”

This evolution profoundly changes the nature of the crisis scenarios that companies must now prepare for.

Information manipulation: a threat now targeting trust and perception

In a classic cyberattack, the objective is generally to compromise an information system, halt an activity or steal data. Information manipulation campaigns follow a different logic: they seek above all to weaken trust around an organization, to discredit it. 

These operations originate outside the company. They develop on social media, in the press, through influencers or via content deliberately taken out of context.

The threat then becomes informational, cognitive and reputational. The target is no longer only the technical infrastructure, but the very perception of the organization by its ecosystem and stakeholders. 

One particularity of these attacks lies in the fact that they can produce major effects without any technical or human flaw having been exploited. The campaigns rather rely on deceptive narratives, manipulated content or coordinated operations that are particularly difficult to attribute.

The consequences, however, remain very concrete: loss of trust, media pressure, economic destabilization or security risks.

Why countering information manipulation (LMI) requires rethinking crisis exercises

Traditional crisis exercises generally rely on well-identified mechanisms: incident detection, containment, remediation and then business recovery.

These scenarios often assume a relatively controlled perimeter, identifiable actors and already-structured decision chains.

Crises linked to information manipulation work differently. From the very first phases, they unfold in a much more open and complex environment, involving media, social networks, business partners, institutions, influencers or sometimes even foreign authorities.

In this context, crisis management is no longer solely about handling a technical incident. Organizations must also be able to coordinate consistent public statements, mobilize credible voices and activate alliances beyond their own communication channels.

Yet these dimensions are still rarely exercised in traditional cyber crisis management programs.

Countering information manipulation (LMI) therefore calls for new playbooks capable of incorporating:

• media pressure,
• the multitude of actors involved (influencers, trolls…),
• informational uncertainty,
• indirect influence phenomena,
• the extremely fast tempo of social media,
• and the complexity of an open information space in which the organization no longer fully controls the pace of the crisis.

These exercises must be able to simulate a real information operation designed by a hostile actor, as well as much more unstable and porous environments, in which the usual landmarks of crisis management become harder to identify.

Paris 2024 Olympic Games: a concrete example of information interference targeting businesses

The Paris 2024 Olympic and Paralympic Games illustrated, particularly visibly, the rise of risks linked to information interference.

The economic ecosystem surrounding the Games was directly exposed to information manipulation operations. Sponsors, transport operators, service providers, security players, event companies and partner brands were all affected by these maneuvers.

The observed operations directly or indirectly targeted several actors linked to the Games, in particular the International Olympic Committee (IOC), sponsors, the City of Paris, and certain institutions whose identities were impersonated, such as Amnesty International or the DGSI.

The documented modus operandi shows a strong diversity of techniques used:

• boycott campaigns,
• polarizing hashtags,
• fake audiovisual content, sometimes generated by AI,
• impersonation of institutional identities,
• instrumentalization of physical actions,
• opaque use of influencers,
• amplification through networks of inauthentic accounts.

The campaigns around the alleged bedbug “invasions” in Paris, widely relayed on social media in the months leading up to the Games, also illustrated the ability of certain narratives to fuel large-scale informational and reputational destabilization dynamics.

This episode concretely illustrates how information operations can now target an entire economic ecosystem without necessarily going through a classic cyberattack.

Toward hybrid crisis exercises combining cyberattacks and information manipulation

The challenge for organizations is not to pit traditional cyber crisis exercises against those linked to countering information manipulation (LMI).

The most mature organizations are now seeking to combine these approaches through hybrid programs, blending technical exercises, informational scenarios and crises combining both dimensions.

Information manipulation shares several characteristics with cyber crises: it can erupt suddenly, spread very quickly and generate massive effects in very little time.

It is precisely for this reason that it must now be integrated into companies’ training programs, tested in crisis exercises and prepared for before a real situation arises.

Sources

• Synthesis of the information threat targeting the Paris 2024 Olympic and Paralympic Games, September 2024, VIGINUM (SGDSN)
• Awareness guide on the information threat for French economic actors, December 2025, VIGINUM in
• partnership with the CDSE

FAQ: countering information manipulation (LMI)

What is countering information manipulation (LMI)?

Countering information manipulation (LMI) refers to all the actions aimed at detecting, analyzing and limiting disinformation, interference or informational destabilization campaigns. These operations generally seek to influence the perception of an organization, weaken its reputation or disrupt its economic and media environment.

Why are businesses concerned by information manipulation?

Businesses are now directly exposed to information operations, particularly via social media, digital media or coordinated influence campaigns. These attacks can target reputation, customer trust, partner trust, investor trust or even employees, without any classic cyberattack being necessary.

What risks does information manipulation pose to organizations?

Information manipulation campaigns can lead to a loss of trust, brand image deterioration, significant media pressure, tensions with business partners or financial and operational impacts. Some operations can also generate security risks or durably destabilize an entire ecosystem.

What is the difference between a cyberattack and information manipulation?

A cyberattack mainly targets an organization’s information systems, data or technical infrastructure. Information manipulation primarily targets the perception, opinion and trust around the company. The two approaches can however be combined in hybrid crises mixing a cyber incident with informational pressure.

Why integrate LMI into crisis management exercises?

Crises linked to information manipulation mobilize actors, timelines and mechanisms very different from classic cyber incidents. They require organizations to manage simultaneously social media, the press, external communication, influencers, partners and reputational pressure. Crisis exercises must therefore evolve to prepare teams for these complex information environments.

What types of scenarios should be included in LMI exercises?

Exercises related to countering information manipulation should include scenarios combining disinformation, viral campaigns, fake audiovisual content, media pressure, institutional identity impersonation, indirect influence or amplification on social media. The objective is to test coordination, trade-offs and the response capacity of organizations in unstable information environments.