Getty Images
How to assess and manage geopolitical risk
Geopolitical risks are often linked to international political, social and economic activities. Set policies for global business to better identify risks before they happen.
Risk management is a standard part of business continuity and disaster recovery efforts. But what does risk management look like when assessing the impact of global conflicts?
BCDR professionals regularly perform risk assessments. With a risk assessment, organizations identify internal and external threats and vulnerabilities, then use that data to develop risk management strategies. Common threats examined in risk assessments include natural disasters, power outages and cyberattacks.
The world of risk management is already high-stakes, often dealing with mission-critical and sensitive customer data. It becomes even more complex when assessing the impact of global or regional wars, terrorist acts, and disruptions that affect peaceful relationships between nations.
Geopolitical risk management might not be at the forefront of every organization's BCDR strategy, but it is not as remote a threat as it sounds. International workforces, complex supply chains, climate change and political strife are common factors that many businesses should consider in a risk assessment.
This article will review examples of geopolitical risks that can affect businesses and how those risks might manifest in an organization. It will also explain how geopolitical risks can affect different areas of a business and list strategies for managing geopolitical risk.
In preparing for this article, the author examined several academic papers and analyst reports on geopolitical risk.
What are geopolitical risks and impacts?
Geopolitical risks are often people-based, as embodied in wars. They can also be regional conflicts or humanitarian crises.
In each case, risks and threats from such events can impact economic, financial and social dynamics in countries that do business in the affected areas or with countries doing business in high-risk regions. This can impact investments in economies of affected areas, for example, and can result in companies reducing or removing their investments.
Aside from loss of life and damage to property and national infrastructures from war-related activities, the impact to businesses can be significant. Operational disruptions, damage to business locations, loss of employees, loss of investments in affected areas, and other economic and social impacts can affect ongoing business operations.
A report from the Beazley Group of insurance brokers, the "Geopolitical Risk Snapshot 2024," offers the following assessment: "Our research data found that 30% of corporate leaders globally viewed political risk (including political violence) as their top geopolitical threat in 2024 -- rising from 27% last year, to 32% this year, and concern over this risk is predicted to remain elevated going into 2025."
Impact on business continuity and resilience
Recognizing the importance of geopolitical risk is a key consideration in how local, regional and multinational businesses operate in countries where they do business. Risk assessments must factor in situations involving conflict between nations, terrorist attacks, large-scale technology disruptions, pandemics and other such events. The same considerations are often part of a business impact analysis, which identifies specific business functions that could be at risk as well as ways to prepare for and accommodate disruptions.
Business continuity and resilience plans are not limited to how organizations can respond to technology disruptions, utility outages, climate change and natural disasters. They can also address threats from incursions across national boundaries by enemy or rogue states, terrorist attacks, cyberattacks, and other events that threaten continued business operations. The likelihood of these events will vary by organization, but preparing for the worst is one way to help ensure a disaster recovery plan will be effective when the unexpected occurs.
How to address geopolitical risks
The paper "Measuring Geopolitical Risk" by Dario Caldara and Matteo Iacoviello (2018, revised 2022) provides extensive analysis of how organizations can measure and analyze geopolitical risk.
Among the key points in the paper are that "adverse consequences of the GPR index [a way to measure geopolitical risk] are driven by both the threat and the realization of adverse geopolitical events." The paper also states that "higher firm-level geopolitical risk is associated with lower firm-level investment."
The authors define geopolitical risk as "the risk associated with wars, terrorist acts, and tensions between states that affect the normal and peaceful course of international relations. Geopolitical risk captures both the risk that these events materialize, and the new risks associated with an escalation of existing events."
The authors further state that "an increase in geopolitical risk induces persistent declines in industrial production, employment, and international trade, and that both economic policy uncertainty and consumer confidence enhance the transmission of geopolitical risk shocks. We also document that stock returns experience a short-lived but significant drop in response to higher geopolitical risk."
The Beazley Group report recommends the use of scenario planning, resilience and contingency strategies, and careful assessment and understanding of local cultures and technology infrastructures, including results of local and regional elections that could affect risk strategies.
Examples of geopolitical risk strategies
The task of preparing a geopolitical risk assessment is largely the same as most other assessments: identifying risks, their likelihood and the potential severity.
However, organizations should also consider the following geopolitical risk management issues and strategies to be fully prepared for the worst:
- Determine if the organization's risk management process identifies and addresses current geopolitical risks that could affect business operations.
- Ensure senior management is aware of geopolitical risks and their potential impact to the company.
- Conduct board-level discussions on the organization's international affairs and potential dependencies.
- Review the organization's "crisis playbook" to see what steps are in place for responding to a geopolitical event.
- Assign a point person for assessing geopolitical risk; this could be the organization's chief risk officer or another senior official with relevant experience.
- Consider retaining third-party expertise to assist with geopolitical risk management activities.
- Examine and assess how geopolitical risk compares with other present and known risks.
- Examine how geopolitical risk might affect the organization's supply chains.
- Determine the potential for reputational damage if the business operates in high-risk areas.
- If the risk is determined to be currently low, update continuity and resilience plans to adapt and respond to the risk level if it unexpectedly increases.
- As part of plan updating, define steps to take for short-term, mid-term and long-term response actions.
- Update current risk assessment and mitigation frameworks for new geopolitical threats.
- Determine how shareholders and key stakeholders view geopolitical risk, especially if the company does business in high-risk areas.
- Determine how the organization's overall risk posture and risk appetite should be affected by geopolitical risk.
Paul Kirvan is an independent consultant, IT auditor, technical writer, editor and educator. He has more than 25 years of experience in business continuity, disaster recovery, security, enterprise risk management, telecom and IT auditing.
