The full extent of the war’s impact on assets and business continuity is unknown, but the time to manage elevated corporate security risk is now. Ontic’s Chuck Randolph outlines current threats while urging cross-organizational teams to come to the table for conversations about risk.
Since the Cold War, military conflicts have usually been regional disputes, often involving smaller nations. And when global “great powers” were engaged in conflicts, they were usually asymmetrical in nature and involved adversaries who weren’t peer nation-states.
Perspective: Read the U.N.’s “A New Era of Conflict and Violence” about the evolving nature of conflict around the world
The current war in Ukraine marks the first time in modern history that two large, industrialized countries have engaged in conflict with each other. The reverberations across the globe — from travel restrictions to inflation — have been enormous and will continue. For many in the business world, this war is the first time they have felt these effects.
When geostrategic crises erupt, the risks to businesses can be complex and unpredictable. It’s critical that groups that mitigate risk and ensure business resilience, such as human resources, legal and compliance, work across the organization to identify the impact. When widening the circle of teams you collaborate with, it’s important to think broadly about the issues on the table. The Russian invasion of Ukraine has had cascading effects across the globe, but the full extent of these reverberations on assets, employees and executives has yet to be known.
The lagging effects from Russia’s incursion will jeopardize several world regions’ economic and political stability, making cross-organizational dialogue about risk even more urgent. Leaders need to assess safety plans at in-country physical locations, review executive travel plans and monitor supply chain risks, considering a variety of possible scenarios.
Unforeseen and unintended hazards have great potential to present themselves to businesses. Consider these ramifications of the more significant risk:
- Russia’s invasion has created tremendous supply chain upheaval and contributed to a rising inflation rate unseen since the 1980s, providing an additional motive for theft or insider threat. The increasing cost of goods can provide more demand for stolen ones. Cross-functional investigative teams should look for signs of financial distress among employees, including inordinate requests for loan information like income and work verification.
- Sanctions against Russia began almost immediately and were expanded through an updated Office of Foreign Assets Control (OFAC) list. Corporations may unknowingly run the risk of criminal or civil penalties for violating sanctions. Outdated records mean suppliers may be part of a sanctioned entity that a company believes they are legally doing business with, thus placing themselves at risk of criminal and civil liability. This is particularly an issue when dealing with a ransomware incident and the legal consequences of payouts.
- Ukraine is a significant wheat exporter, accounting for about 10 percent of global trade. The inability to plant, harvest or ship food from Ukraine will exacerbate rising food prices and global hunger. There is a foreseeable risk of political instability in some trading partner nations as a result. Companies should closely monitor political sentiment to protect assets and people.
- The localized workforce may not see wages keep pace with rising inflation. It’s not unheard of for corruption to increase when personnel have trouble feeding their families or meeting basic personal resource costs. This could lead to impunity for crime among embedded security, logistics teams and organized crime groups alike.
- Tangentially, China’s ongoing battle with Covid-19 and its stance regarding Russia-in-Ukraine will have substantial global economic implications that could intensify inflation risk. As the world’s second-largest economy, a significant exporter of manufactured goods and a major importer of food, China’s actions could have ramifications for inflation, food costs and other knock-on effects.
The challenge for security professionals and their colleagues who support risk mitigation is learning to anticipate these effects. The first step is to begin an organization-wide discussion with cross-functional teams and key stakeholders about the issues they face in their departments and what they need to protect.
To help security teams understand the potential implications of risk affecting their companies’ financial and operational health, one suggestion is to review the “risk factors” section of your organization’s 10-K filing or that of a similar company in your industry. It is an informative way to ascertain and begin understanding an organization’s risk appetite. You can then start to understand how operational factors (such as geopolitical events) might affect those risks and begin internal dialogue regarding monitoring and mitigating activities.
In a recent survey of security, risk and legal professionals conducted before Russia invaded Ukraine, respondents noted that increasing hazards would likely lead to increased missed risks. Despite indicators and warnings from U.S. intelligence officials, the Russian invasion of Ukraine surprised many international observers and organizations. Perhaps mislabeled as a black swan by some, miscalculating Russia’s actions should remind security and risk business lines to incorporate global intelligence monitoring into their programs. Collaboration, monitoring and analysis will assist risk management functions in forecasting and staying ahead in this period of radical uncertainty.