INTERNATIONAL RISK OUTLOOK FOR 2022

The international risks of geopolitical tensions

The international risks to businesses and the geopolitical challenges involving USA, Russia, and China will continue in 2022. Large state actors will continue to compete for power, resources, intellectual property, and emerging technologies. State actors are using all instruments of national power, including information and cyber means, to shape societies and markets, international rules, institutions, and areas of interest, to their advantage. Geopolitical risks and evolutions must monitored even more closely than ever before the risk analysis must be insightful and useful to end users. This new normal brings multiple international risks, including instability and crisis, and this has a significant and direct impact on business. Accurate intelligence, local understanding, and risk monitoring will be required by every company. Companies must focus on how their business strategies and risk management practices keep their interests out of trouble and the political and economic dimensions of the ongoing issues between China and USA and Russia.

In 2022, we expect to see:

• Great Power struggles, military build-ups, and continued regional rivalries
• Nuclear modernisation programs and more assertive military activies, exercises, and provocations
• Fierce competition for influence, resources, and technology
• Growing protectionism, sanctions, and trade wars
• US and China having domestic priorities that demand inward attention
• Many unmanaged crises
• An increasing amount of fragile states

REGIONAL RISKS

The European Union wants to maintain its prominence and increasingly influence global events, but this will be restricted to trade and digital regulatory influence.  As Germany undergoes the post-Merkel transition, and the EU remains without its own military, it will stay a normative, stablising power globally.

In Asia, competition will be interested in resources and trading routes.

The global rise of dysfunctional, vulnerable, and fragile states with minimal capacity to cope with new challenges could destabalise entire regions.

All states are exposed to multiple states, but political and institutional fragility makes a country’s ability to withstand these shocks much more difficult.  Covid highlighted instability even in high income states.

Many of the countries most affected by terrorism were also the same countries dramatically affected by Covid, which further destablised many states.  At the same time, economic slowdowns further increased recruitment opportunities for extremist groups, increasing the likelihood of future risks materializing.

Both online, and in person right and left wing extremism has expended in 2021.

Extremist groups will continue to be less predictable, diverse, and be less centralized that historically experienced.

In the highly volatile and unstable environment, companies will need to closely monitor events and risk indicators. Businesses must be prepared to monitor, prepare, and respond without state security services in many locations.  Political violence and radical activism continued and expanded in 2021.  Companies need to prepare for demonstrations and activism.  Politics will continue to be fought in the streets in many countries, including many developed countries.

The lack of stability and increased international risk is a common theme. It has created power struggles, regional rivalries and new conflict.  There are many conflicts and crisis to watch in 2022 including:

• Russia – US/NATO (involving Ukraine, the Baltics, and the Bering Sea)
• China – Taiwan
• Iran – Israel
• Cyber space (where there is a painful lack of governance, international law and control). The cyber domain is the fifth domain of warfare and presents international risks, as well as the surface area for so many other international risks.

Today many companies are on the front lines of a fierce geopolitical competition, complex intelligence risks, and an unprecedented cyber threat. At the same time, most organizations are unprepared for this new environment.

The complexity of today’s security threat landscape and the increasing dependence on technology make security a challenging activity. Adding to this complexity is a growing list of vulnerabilities, sophisticated cyber threats and increasing regulatory pressure

However, the only way for businesses and investors to protect themselves is to develop a broad understanding of the threat landscape. The security threat landscape 2022 may be overwhelming, broad and hard to assimilate.

Cybercrime has become an epidemic

There is a real and credible international risk to our information and IT security. A wide spectrum of cyberattacks, involving malware, phishing and ransomware, have placed data, IP and information systems of corporations, governments and individuals at increased risk. In 2021, thousands of new cybersecurity incidents have been recorded and cryptocurrency theft and data loss are now commonplace.

Cybercrime is a multi-billion dollar a year industry. Last year stands out due to several high-profile incidents involving ransomware, supply chain attacks, and the exploitation of critical vulnerabilities. According to an IBM report, the average cost of a data breach has now reached over $4 million, while the world record for the largest ransomware payout, made by an insurance company this year, now stands at $40 million.

Everything is hackable with sufficient time, tools and expertise. Our societies are increasingly dependent on technology and the rapid pursuit of new technologies will increase our risk surface. The absence of appropriate information security practices, systems, and training, has created vulnerabilities and weaknesses in the internet, networks, devices, and systems. Today, there are more vulnerable devices connected to the internet than ever before. In addition, ever-new critical software vulnerabilities emerge and become major threats to organisations around the world.

In 2022, information, networks and systems will be at risk, while cyberattacks become endemic and cyber espionage commonplace. Cyber security and data privacy remain long-term concerns, as do regulatory matters. States are also failing to deter the cyberattacks and cyber threats, insurers are questioning the viability of offering coverage, leaving the private sector to defending itself.

The nation-state has traditionally been the main actor responsible for detecting and deterring cybercrime, but deterrence is failing. Companies failing to prepare for cyber risks may have fatal consequences.  US attempts to negotiate cyber red lines failed and several states will continue to lead the development of many cyber weapons.  Business should expect to see restrictions from many countries. Many countries are actively supporting online criminal groups and the thriving online criminal cyber marketplace means cyber weapons are increasingly inexpensive and potent.

The political and financial benefits of cyber-criminal activities have made this increasingly attractive for many states and criminal organisations.  Business leaders and risk managers must expect the previously unexpected.  Response must go beyond the technological defences. The attack surface is growing and the private sector must be able to defend itself. Interstate cyberwarfare will be an ongoing concern, but insider threats, cyber regulation and data compliance breaches bring much greater risks to companies.

All nations spy – and some do so for commercial purposes

Today, business leaders must understand that in many cases they are no longer simply competing with corporate rivals. They are also competing with the nation-states supporting their corporate rivals, nation-states with enormous resources and capabilities. Some governments are doing everything they can, including using their intelligence entities, to build successful businesses and grow their economies, simply because economic power is the key to national power. Hence, foreign intelligence entities, and their proxies, are actively targeting information and emerging technologies that are vital to both national security and competitiveness.

In the USA alone, the estimated annual losses from intellectual property theft cases associated with the People´s Republic of China is $500 billion. To support its military and commercial research, development and acquisition, the Chinese Government is assessed to leverage foreign investments, commercial joint ventures, business relationships originating from academic exchanges, and state sponsored industrial and technical espionage. But China is not alone; all countries conduct espionage.

Increasingly, companies are the focus of foreign intelligence entities, which are breaching computer networks, stealing business secrets and intellectual property. There is a high intent to target business’ critical information, technologies and IP, as well as interfere with business development, to gain advantage. And cyberespionage is part of their toolbox because it is:

• Highly lucrative
• Gains are substantial
• Practically risk free
• Undetectable in many cases

If your company has a technological edge, expect foreign adversaries to target your technology, including your developmental process and those who have access to your technology. If your company is negotiating with another company or country, foreign adversaries could target your negotiators or negotiation strategy. Some of the information they target might seem low risk or low value, but by bypassing the research and development phase and stealing your proprietary business information, foreign adversaries can gain a competitive economic advantage.

The important Role of Risk Management

Risk Management has become an urgent issue for most organisations. Today, effective risk management is an essential requirement for doing business, and operate safely, in a globally networked economy, as well as for achieving organisational goals and mission. Risk management has shifted from solely protecting companies, to being a new source of competitive advantage, and in some cases survival.

2022 is the year to adapt and gain competitive advantage in a continually changing world.  Social and governance issues will remain key issues and human rights will need to be part of responsible business operations.  There will be deep market distributions and companies can prosper despite the window for change rapidly closing.  Recover plans that are effective and tested must be in place for the complete length of global supply chains and operations.  The strong culture of preparedness will define successful businesses operating in a world with a changing climate.