Organizations operating as if they’re in a connected world will fall behind those prepared to exist in the fragmented globe that’s unfolding, Mike Driscoll and Paul Abbate of FTI Consulting write. To create resilience in an unstable climate, organizations can start with three steps — assess, simulate and codify.
The geopolitical shift from globalization to fragmentation means resilience has become a competitive advantage. Organizations capable of withstanding disruptions and maintaining business continuity create a genuine competitive model that is sustainable and unable to be replicated by those entities focused solely on efficiency.
The ongoing transition from a connected, global world to a fragmented landscape continues to impact operating models that were built with a foundation focused on international integration. Geopolitical volatility, including military conflict, evolving sanctions, technology compartmentalization and supply chain coercion fractures global markets, siloing technology and often creating misaligned regulation.
Resilience, while previously a vital component of any crisis management plan, has become even more essential when operating in this new, disjointed landscape. Real-world examples of geopolitical volatility, such as conflicts in Iran and Ukraine, the Venezuelan blackout, the splinternet effects of regional protests, the restrictions on rare earth minerals and the Spanish power outage, among too many others to name, all highlight the unpredictability permeating today’s world. The organizations not just left standing but thriving will be those that are agile and can minimize downtime.
Geopolitical intelligence & risk mapping
The path to resilience begins with moving beyond standard compliance and risk metrics, such as ESG indicators, to inform risk management and instead conducting geopolitical risk assessments. This blends geopolitical intelligence like regime stability, sanctions exposure and technology reliance with traditional risk mapping. These assessments can provide organizations with enhanced anticipation capabilities regarding operational vulnerabilities that are often overlooked or not captured by ESG metrics, allowing for remedial measures to be implemented before risks become crises.
Geopolitical risk assessments should also involve mapping deep-tier supply chains to identify hidden dependencies, including dependencies on potentially volatile regimes. For example, an assessment might reveal Tier 3 suppliers that present geopolitical risk but were not disclosed by a Tier 1 supplier. By tracing existing dependencies, hidden exposure points may be revealed, along with details on how and where an organization’s operations become exposed when entering vendor networks.
In addition to assessing the vulnerabilities of third-party relationships, geopolitical risk assessments can be valuable in identifying single points of failure within supply chains and among power and connectivity resources. Due to the volatility present in fragmented environments, contingency plans are a necessity to avoid overdependence that can extend unexpected disruptions.
From theory to muscle memory
Tabletop exercises are an essential practice for unpredictable events, but they must go beyond basic training. Instead, these exercises should be high-stakes, inject-heavy simulations, in which new information is introduced to purposely complicate the scenario and compel participants to act quickly within the unknown. Real-world contexts truly test existing response plans and reveal the effectiveness of decisions made under pressure. While it is impossible to determine the exact outcome of an incident in advance, the ability to act strategically and swiftly can be developed through repeated simulations involving varied scenarios.
Training should also focus specifically on leadership, communication and strengthening of decision-making abilities using the limited information that often accompanies the fog of crisis. Learning how to develop and utilize frameworks to guide rapid yet thoughtful decisions, potentially made without all the information about a situation available, is key in building resilience and minimizing disruptions.
Nothing should be considered off the table for these exercises — involvement of state-level threat actors, complete infrastructure or data loss and geopolitical risks should all be included. By planning for complex situations, managing more common disruptions will feel simpler.
Hardening the framework
Formalizing policies to account for geopolitical uncertainties not only builds resilience but also helps enhance competitive advantages. By creating an infrastructure where operational capabilities can function independently – for example, through redundant information technology networks – an organization can continue business operations and maintain critical functions locally even if the headquarters is disrupted due to a geopolitical incident.
Policy review and development should also include plans for responses to internet shutdowns and state-mandated data localization. By building framework protocols for these variables, business continuity can be ensured despite situations in which sudden connectivity restrictions arise, possibly as the result of government mandates. Protocols could include frameworks for compliantly maintaining data backups across several jurisdictions or establishing methods for critical operations to function offline.
Developing and ensuring redundancies in power and communication can help avoid overreliance concerns, which can be essential when grids and networks are significantly affected by, or completely inaccessible as a result of, a geopolitical crisis.
The resilient enterprise
CEOs are operating in unprecedented conditions. Though it is likely not included in their job descriptions, CEOs must understand the geopolitical risks that our environment could call on them to address.
Accounting for geopolitical volatility may sound daunting, but engineering corporate resilience can be achieved through three steps: assess, simulate and codify. Building resilience involves identifying vulnerabilities, testing response efforts, adjusting processes and turning those outcomes into agile, strategic and actionable plans.
Combined, disciplined preparations made today can help organizations survive the disruptions of tomorrow and maintain or strengthen competitive advantage, while peers scramble to respond in the face of prolonged outages and interruptions.
Mike Driscoll
Paul M. Abbate
