Elisabeth Braw, a senior fellow at Willis Research Network and the Atlantic Council, warns in a new report that “grey zone aggression” — ambiguous, deniable, strategically crafted tactics that fall somewhere between peace and war — has evolved into a significant threat to businesses.
The report, titled “Hidden Threats, Real Impact: Gray Zone Aggression,” highlights the shifts in the market. While just five years ago these strategies were seen as niche issues in aviation and shipping, they are now disrupting markets and testing the resilience of every major industry.
Given this unstable environment, companies must recognize that they no longer meet standards, the report said. Analysts emphasize that to strengthen corporate defenses and maintain business profitability, executives need to anticipate, adapt and collaborate.
“Our society is only as resilient to gray zone attacks as its weakest link. The corporate sector must not be that weak link,” said Sam Wilkin, director of political risk analysis at WTW firm Willis.
“The gray zone attacks in Europe over the past few months have shown us that strategic foresight, operational preparedness and specialized solutions designed to resolve ambiguity must be integrated into enterprise risk management programs across business units. I hope businesses will use these scenarios to challenge traditional boundaries of risk ownership and identify unexpected connections between risks.”
The report outlines several key steps for risk and insurance leaders to strengthen their defenses. This includes the need to reassess policy wording, triggers and limits, as Willis warns that legacy conflict definitions can leave “gaps” in coverage when dealing with the ambiguity of gray area events.
The report also advises businesses to view supply chains from a geopolitical perspective, focusing on diversification and friendly outsourcing to avoid chokepoint disruptions.
Additionally, the report recommends that gray zone attacks should be considered enterprise-level risks, requiring continuous monitoring and frequent scenario refreshes.
Additionally, crisis management teams must be trained to make decisions under uncertainty, especially when the source of the disruption is unclear.
“Today’s gray zone tactics exploit the interconnectedness of our economy, which puts the private sector directly in the line of fire,” said Elisabeth Braw, senior fellow at the Atlantic Council. “Adversarial nations target businesses precisely because doing so creates disruption and uncertainty, while offering two distinct advantages: reasonable deniability and minimal risk of retaliation.”
“This research clearly shows that viewing gray zone attacks as a temporary nuisance is a mistake. Organizations that fail to treat gray zone activity as a significant business risk will find themselves reacting too late, with real consequences for business operations, confidence and resilience.”
Willis, who first published an article on ReinsuranceNew.ws, said businesses now face significant threats from growing gray zone attacks.