“You may not be interested in geopolitics, but geopolitics is interested in you.” The tectonic shifts in early 2025 are having profound effects on many industry sectors, economies and organizations worldwide, including those who considered it an afterthought because they operate in a single nation.
In this blog we will cover:
- An overview of the current geopolitical climate
- How enterprise risk management needs to adapt
- Reviewing strategic decisions
- Aligning risk appetite
- Scenario planning and resilience
Protecht’s Operational Resilience eBook provides practical steps showing how to integrate risk management, governance and BCP to protect your organization:
An overview of the current geopolitical climate
2025 has emerged as one of the most geopolitically volatile years in recent memory. A confluence of regional conflicts, economic protectionism, sanctions, and global power shifts are reshaping the business landscape. The war in Ukraine continues to disrupt European energy and security, while tensions in the South China Sea, the resurgence of conflict in the Middle East, and the US/China trade rivalry are sending ripple effects through global supply chains and financial markets.
Even organizations that once felt insulated by their domestic focus find themselves exposed, whether through disrupted suppliers, changing regulations, or workforce mobility issues. National security concerns are influencing technology and investment policy. Sanctions regimes are expanding at pace. And the global consensus that once upheld free markets is fragmenting into regional spheres of influence. For businesses, this new environment demands not just vigilance but active adaptation.
How enterprise risk management needs to adapt
Geopolitics isn't just a risk in and of itself, it is a causal driver for many existing risks that organizations face. Political tensions can drive nation-state actors to escalate their cyberattack efforts. Supply chains can be affected by trade wars. Regulatory divergence or inequity may create compliance complexity. Asset freezes might affect you directly or cripple your suppliers.
Traditional enterprise risk management (ERM) frameworks must evolve to account for geopolitical uncertainty. Too often, geopolitical risk was seen as a macroeconomic concern, difficult to quantify and better left to political analysts. That approach no longer holds.
ERM functions must move from reactive to proactive. Horizon scanning is a great way to gather information – as long as it is then benchmarked on its potential effect on your organization. Consideration of geopolitical drivers should be considered when evaluating risks, assessing risk appetite, and integrated into resilience planning.
Reviewing strategic decisions
Organizations must revisit past strategic decisions and defined objectives through a geopolitical lens. This includes evaluating geographic expansion, third-party vendors, sourcing arrangements, and M&A activity. Past investments should not justify continued commitment to a strategy that is no longer viable. It isn't enough to evaluate decisions once, they must be monitored for ongoing change that will turn a previously good decision into a suboptimal one.
Geopolitical trends must inform assumptions underpinning business models. For example, reliance on a single-country supply chain, once a decision driven by cost-efficiency, may now introduce unacceptable risk. This might drive mitigations such as onshoring or nearshoring to minimize potential disruption to logistics. Similarly, planned market entries into politically unstable or heavily sanctioned jurisdictions might need to be paused or reconsidered.
Risk professionals should collaborate with strategy teams to apply geopolitical stress testing to long-term plans. Asking "what if" scenarios about policy shifts, leadership changes, or trade breakdowns can help anticipate disruptions before they become business-critical.
Aligning risk appetite
Geopolitical uncertainty forces organizations to reconsider how much risk they are willing to take. It is not enough to say "we accept market risk." Organizations need to be precise. How much exposure to a given country, regulatory regime, or political system is acceptable? When does risk to people, operations, or reputation outweigh commercial opportunity? Existing risk metrics may need to be reviewed, such as supplier concentration limits.
Some organizations may find themselves outside of their previously defined risk appetite, with no practical option to rein it in. This may force the acceptance of the increased level of risk (with formal board approval). The hard alternative may be to exit a market, change product mix, or alter operating models to avoid the risk altogether. Engage in robust discussion on why those boundaries were set in the first place and adjust accordingly.
Scenario planning and operational resilience
The nature of geopolitical risk is that it is both fast-moving and hard to predict. Organizations should identify a handful of plausible high-impact geopolitical events and model their effects. This can include longer-term trends (scenario planning), or short-term shocks (operational resilience scenario testing).
What happens if a key country is suddenly subject to export controls? What if conflict escalates in a region where a business has operations or customers? What if cyber retaliation disrupts infrastructure? The answers to these questions form the basis for response plans and contingency measures.
Operational resilience and scenario testing also help surface operational vulnerabilities. For example, discovering that multiple suppliers are clustered in one politically unstable region might prompt proactive diversification. Likewise, identifying a potential loss of banking access due to sanctions could lead to building relationships with alternative providers.
Beyond planning, resilience is about agility. It's about empowering teams to act quickly when geopolitical events unfold, with pre-agreed roles, communication plans, and escalation paths. Training exercises, playbooks, and executive simulations can build this muscle.
Conclusions and next steps for your organization
You can’t predict, but you can prepare. The geopolitical shocks of 2025 are not a passing storm. They are a signal of a new operating environment – one where international affairs, economic nationalism, and political risk are inextricably linked to business performance.
Protecht ERM is uniquely positioned to help organizations navigate this environment.
- Build business objectives and risk appetite directly into your risk management framework
- Risk and control self-assessments, supported by risk bow tie analysis to identify key drivers of risks, including geopolitics
- Track common causes to monitor interrelated risks
- Track risk metrics aligned with risk appetite
- Map controls and assurance to your key drivers
- Scenario exercises as part of our operational resilience solution
- Vendor risk management to conduct due diligence on your third parties, fourth parties and beyond
Find out more and book a personalized demo now:
