If there’s one thing that businesses should be starting to appreciate, it’s that political earthquakes, geopolitical posturing and government backed saboteurs will no longer be constrained to outlying markets and distant, far off lands.
Over the past two years shock election results, crucial referendums and sudden regional policy shifts have caused significant disruption across global markets, (although admittedly not as much as was first feared) and brought the impact of geopolitical turbulence to the top of many businesses’ list of concerns and perceived risks.
With several key regional elections still to come in 2017, and a number of more long-term political issues yet to be resolved, it would seem as if we are set to continue this somewhat exciting, if a little nervy, political trend.
In periods of such ubiquitous volatility, how should businesses manage their own reputational risks, and is it even possible to successfully navigate such large and unpredictable events? Well, in short, yes.
The key to navigating these risks, and any potential reputational damage, lies in understanding the commercial implications that key, sector relevant events have on your own business’ reputation and identity.
Speaking broadly, the geopolitical manifestations of these risks are likely to revolve around changes to trade, international policy and regulation, the movement of labour, domestic industrial strategies and radical changes to foreign policy. Therefore, what businesses must do, as with all other aspects of their commercial operations, is develop a risk-based contingency plan for sector-relevant events, evaluating what issues have the potential to hurt them, as well as the negative impact of key outcomes.
At this point I should stress that this does not mean preparation for what is perceived as ‘the likely outcome’. The past year has shown us that this is at very best unwise, and at very worst shows a stunning ignorance with regards to the current political climate. Businesses should have developed a healthy respect for an increasingly obvious trend – institutional ‘wisdom’ is no longer gospel and no outcome, no matter how statistically unlikely, should be viewed as impossible.
There are few examples that encapsulate the risk that foreign actors can create that are more relevant than the steady stream of government sponsored (or at the very least endorsed) ‘cyber-attacks’ and ‘data breaches’ that have recently made headlines across the world. These events have strategically exposed embarrassing information, caused significant disruption to public and private organisations and, allegedly, even interfered in a number of democratic processes. These attacks, which are stylistically separate from criminal attempts to leverage or extort information for financial gain, are designed to test both domestic and foreign structural weaknesses across a wide range of interconnected systems. However, their effects, as I will go on to explain, can often go beyond the realm of backchannels and closed systems.
The WannaCry ransomware attack, carried out in May 2017, is an excellent example of when this geopolitical game playing, reaching beyond government systems and closed doors, can have a devastating impact on unprepared corporations and organisations.
For those of you that are unaware, the WannaCry cyber-attack began on Friday 12 May, 2017 and affected the IT systems of over 230,000 computers across 150 different countries.
Whilst there has been no official confirmation regarding the perpetrator, the common consensus appears to be that the North Korean affiliated team ‘Lazarus Group’ played some role in the attack. The North Korean regime currently appear to be pre-occupied with developing more conventional methods of warfare, but there is no indication that these sort of government-backed cyber-attacks will stop.
So, why should private sector companies, thousands of miles away, care about what appears to be large-scale geopolitical posturing? Well, in the days following the first ransomware incidents, experts suggested that the vast majority of UK-based IT systems had been affected because they had failed to install up-to-date security patches, and had therefore left their IT systems vulnerable to malicious software.
This example is significant because it proves that what are seemingly distant and irrelevant threats can seriously, and very quickly, damage a previously untainted reputation. It does not take long to link poorly updated IT systems with other, more significant corporate issues. It is logical, in the minds of the public, to link poor IT security with a wider range of undesirable corporate traits, such as an irresponsible approach to data handling, and cost cutting in areas that directly affect an organisation’s security. This is obviously not good for any company that is heavily reliant on consumer trust. It is also foolishly reckless to assume that only governments can expose flawed IT systems. However, that is another subject entirely.
This is just one example of how geopolitical manoeuvring can affect organisations that appear to be completely undeserving of malicious attention, and companies need to take time to identify what the greatest threats to their operations are, and how to mitigate against such exposure. Awareness and proactivity are the surest way to protect your business, and it is no longer acceptable to plead ignorance.