Illustration of a hand moving a chess piece shaped like a king wearing an orange tie on a purple-and-white chessboard. Other dark chess pieces are scattered across the board, with a faint world map in the background, symbolizing global strategy and decision-making. — Illustration by iStock; *Security Management*

Geopolitical Resilience in Times of Uncertainty

By Youssef Kchiere, MA, CPP

1 November 2025

In a time of increased uncertainty, unpredictability, and political instability, organizations cannot realistically aspire to resilience without understanding the challenges and opportunities a multipolar world brings about. Geopolitical awareness, then, becomes an essential tool in the quest for understanding an organization’s operating environment as well as protecting its interests against the threats and shocks that the interconnected and unpredictable character of such an era might throw its way.

Beyond being an instrument for pitting risks against opportunities, geopolitical resilience offers a platform for both business and security practitioners to speak the same language and a means for reconciling their often diverging goals and conflicting priorities toward an improved state of overall resilience for the business.

Geopolitical Resilience

Geopolitical resilience should be considered an additional, outermost layer of organizational resilience. It advances resilience by looking beyond immediate risks into the underlying conditions that influence risk factors, including probability and impact. Geopolitical resilience aims at improving an organization’s adaptive, absorptive, and reactive capacity by fundamentally expanding the well-established concept of the risk-versus-opportunity equation.

Resilience is achieved through a set of measures and controls at the policy and process levels to manage identified risks and develop proper incident and crisis response tools that are aimed at bringing those identified risks within acceptable proportions. Ordinarily, risks are identified through assessing the probability and impact of the threats, which is accomplished by analyzing the operating context, procedures, and tools within the organizational context. While common and, to a certain extent, effective, this approach has significant flaws.

First, the focus on the immediate environment centers on identifying vulnerabilities, threat actors, and attack vectors with little regard to the underlying circumstances that bring such threats to prominence in the first place. For example, identifying a rise in state-sponsored cyberthreat activity could necessitate a recalibration of an organization’s perspective on the cyberthreat landscape and its cybersecurity posture. However, understanding the trend as part of a global struggle for influence in a multipolar world elicits complementary information about the capabilities and motivations of threat actors. This analysis can provide more accurate explanations about the timing and targeting of attack patterns.

Additionally, the traditional approach to resilience disregards the contextual connections that are fundamental features of our complex world. In practice, security experts scan the environment to identify specific risks, but scarce attention is given to understanding the varied connections and complications emerging from similar conditions.

Consider again the context of the global struggle for influence. Geopolitical units have resorted to a mixture of means—below and above the threshold of use of force—to maximize their outcome and undermine the power of their competitors, including through economic espionage and regulatory policy. Geopolitics, social factors, economics, legislation, and technology all present different means and methods for these struggles. Risks encompass virtually every area of security, from supply chain to physical security, and from insider threats to access to energy, raw materials, and target markets.

In the conventional approach to resilience, internal organizational connections are often ignored as well. Security practice traditionally prioritizes expertise that focuses on identifying and matching specific security gaps to specific risk treatment measures in a siloed manner. Connections or spillovers from one security area to another remain challenging to identify and manage, as seen in the persistent challenge of managing the convergence of cyber and physical security.

This gap is often more pronounced when security personnel attempt to develop common understanding of the risk picture with counterparts on the business side. Within the normative security approach, experts in different domains are often pitted against each other in a zero-sum struggle for resources, with little attention paid to connections and implications beyond their silos or consideration of what could be achieved if they worked together.

Geopolitical resilience should encompass the ability to forecast, adapt to, absorb, and recover from disruptions caused by geopolitical shifts. It rests on the organization’s understanding of the connections between political dynamics and their legal, economic, social, and technological translations—not to mention the ways they impact the threat landscape and windows of opportunity.

Geopolitical resilience, then, consists of a set of short-, medium-, and long-term measures that integrate collective and complementary controls acting on the technical, operational, and strategic levels. The goal is to maximize outcomes in the face of risk and opportunities brought about by the impact of geopolitical shifts on the operating environment.

Geopolitical resilience offers a platform for both business and security practitioners to speak the same language and a means for reconciling their often diverging goals.

Importance of Geopolitical Resilience

Geopolitical resilience matters because unprecedented shifts underway could render any form of predictability and status quo obsolete. Together, the return of great power competition, the growth of interstate volatility, and the velocity of cascading events define the current global geopolitical context. The impact of these shifts on the risk landscape is multifaceted. The following are four relevant components.

Economic and regulatory exposure. As a consequence of the global struggle for influence, a protectionist wave has been on the rise for the past few years. This change puts for-profit organizations on the center stage, but its effects extend to virtually every aspect of foreign soft power.

Protectionism was previously expressed through targeted amendments to legal frameworks and regulations, vilification of foreign products, or campaigns for encouraging consumption of local products. However, protectionism spiked with the full-fledged tariff war that started between the United States and China in 2018 and expanded to the rest of the world in the past year under the second Trump administration.

Any organization that may think itself too small or too remote to be affected should think again. Businesses as diverse as wine companies, fishing wholesalers, electronic kit designers, and pipe manufacturers have all sued the Trump administration for the severe harm they claim tariffs have caused to their ability to meet their business objectives.

Supply chain vulnerabilities. Another area of concern is the supply chain. Having consistently been an effective and secure way of keeping costs under control, the offshoring and integrated character of supply chains is becoming even more challenging in the current geopolitical climate.

Supply chains are interconnected in ways that might escape the grasp of untrained professionals. COVID-19 was instrumental in showing the fragility and vulnerability of common economic models. Shortages affected every subsector of goods, from everyday products to critical medical equipment and electronic chips.

Now, the persistent fragilities and vulnerabilities of the supply chain are turning into a preferred geopolitical tool of pressure. Maritime choke points—such as the Strait of Hormuz, Suez Canal, and Panama Canal—and reliance on key strategic suppliers are vulnerabilities that remain susceptible to political actors that may choose to weaponize them.

To that end, international players have resorted to overtaxation, restrictions, or bans on imports and exports. Some have even turned to proxies, such as the Houthis in Yemen, to increase the uncertainty of the supply chain and to damage the financial and reputational capital of various organizations.

Geopolitical resilience matters because unprecedented shifts underway could render any form of predictability and status quo obsolete.

Cyber and information threats. Information systems and cyber have also seen the threat landscape shift dramatically due to geopolitics. The critical nature of information, data, and associated technologies—layered with the complex ways in which they connect and expose organizations to their external environment—has positioned cyberspace as an area of active conflict.

The increase in state-sponsored cyberattacks stands out as one of the most significant shifts in the threat landscape. For example, in its 2025 Global Threat Report, CrowdStrike estimated that cyberattack activity with a nexus in China increased 150 percent in 2024. Access to state-backed funding and protection has supplied various cyberthreat actors with substantial means—including the use of powerful computers and advanced artificial intelligence. Those tools have added a layer of sophistication and velocity to cyberattacks, thereby increasing both their potential likelihood and impact.

Hacktivists, on the other hand, take advantage of global interconnections to target organizations based on their activity, business partners, and expressed (or unexpressed) political affiliation and opinions.

Beyond an organization’s own infrastructure and assets, these threats extend to suppliers, business partners, and the shared critical infrastructure on which organizations rely. Moreover, these threats constitute significant risk to the organization’s operational capacity and ability to meet its objectives.

Socioeconomic pressures and public perception. Organizations operate in strained social, economic, and geopolitical contexts that impact both threats and opportunities. Additional layers of complexity arise from the current state of inflation, high interest rates, the increasing cost of essential products and services, and uncertainty around the future of social safety net programs.

While already challenging for an organization’s ability to do business, these socioeconomic factors aggravate other risks: for workforce dissatisfaction, employee turnover, insider threat, and targeted demonstrations and boycotts from the customer base and the larger public.

Combined with state-sponsored or grassroots-led misinformation and disinformation campaigns over social media, this climate of tension invariably leads to real-world consequences. Examples are slower stock growth, damage to reputation, and even vandalism and targeted violence. In their targeting of U.S. and European assets, China and Russia display well-documented campaigns leveraging social networks. The attacks on Tesla in March 2025 were a classic example of how virtual social media movements can cross over into real-world public safety and security risks.

Resilience, then, relies on two considerations. One is the ability to stay attuned to the complex ways these different factors impact an organization’s risk posture. The second is to understand how the processes through which disparate forces like social media and armed conflicts can change the velocity of cascading effects, thus amplifying out of predictable proportion the likelihood and impact of threats.

Success Factors for Geopolitical Resilience

Geopolitical considerations are a powerful lens that can transform the traditional approach to security. By emphasizing the interconnected nature of risk, geopolitical analysis applied to the risk domain holds the promise not only of breaking up established silos around different areas of expertise but also of building consensus around the perceptions of the risk, the integration of treatment measures, and formulation of opportunities.

Breaking security silos. Geopolitical analysis identifies global trends and ties them in a coherent narrative to security risks across different organizational security areas. This constitutes a first step in removing silos of expertise and enhancing geopolitical resilience. The collective realization that different symptoms might stem from common triggers should foster cooperation.

Perhaps the most important outcome to emerge from this shift would be agreement on the need for more robust risk insights that lead to the building and consolidation of channels of communication as well as to cooperation between the business and physical and technological sides of security. The practice of geopolitical resilience should enable security professionals to assess risk in broader and more accurate terms, making their analysis more relevant to decision-making executives. As such, regional geopolitical tensions should induce enhanced vigilance regarding risks of shortages of some local commodities, increases in cyberattacks, loss of customer confidence, drops in price per share, or reduction in global market share.

Shifting concepts of risk management. Consciousness of the interconnectedness of risk warrants a shift in the unidimensional representation of opportunities tied to risk.

Practitioners are familiar with common formulas like:

(Estimated cost of a risk business impact – the cost of remediation measures [opportunity] = savings [benefit]).

This framing focuses attention on improving processes as the main outcome of resilience discussions. These calculations are most commonly applied to single processes across specific areas of concern, rather than analysis of the diverse effects of a given risk across multiple organizational and business concerns. This simplified, siloed approach often misrepresents the cost of both the risk and the remediation measure. It also creates confusion around priorities, because each siloed environment dictates its own sense of urgency as seen through a singular lens.

In the practice of geopolitical resilience, the benefit of remediation should exceed the savings, and the interest in risk management should surpass a specific security domain to include other operational areas.

Improving the capacity to recognize and express opportunities. In geopolitically resilient organizations, the perception of opportunities goes beyond the sole focus of remediation. Once connections and complexities are tied to the general operating context, the focus shifts to organizational resilience, as opposed to area-specific resilience (e.g., information or physical security). Priorities no longer conflict when risk management—at different levels (strategic, operational, and tactical) and across multiple fronts (market, physical, operational, or cyber)— becomes part of a coherent plan addressing concerns at the root cause, not just the symptomatic manifestations. In this model, opportunities are expressed not only in terms of process improvement but also in terms of driving down risk exposure in real ways.

Resilience professionals in this model become more explicitly engaged in creating growth and adding to the value chain. In addition to their operational and technical acumen, such professionals should be able to express opportunities in terms of divestment or investment, diversification of suppliers or assets, engagement in intensive communication campaigns, or targeting new or emerging markets. As they work with their business counterparts toward common objectives, resilience professionals should see less conflict on priorities. Resources are no longer diverted to bridge gaps: They are allocated in concert with the wider strategy to adapt to geopolitical imperatives.

Organizations exist in a constantly evolving operating environment. Their ability to absorb shocks and meet objectives rests on their capacity to decipher and adapt to social, economic, and geopolitical factors. The practice of security, however, is still carried out by experts capable of identifying and matching risks to risk treatment measures—yet, unfortunately, with scant attention paid to connections and implications beyond the silos of their area of expertise. There can be friction between security practitioners from different fields of expertise as well as rifts between security practitioners and their counterparts from different operational areas across the organization. Such conflict leads to all parties persisting in believing that goals are divergent and that fighting for resources is inevitable.

Geopolitical analysis offers the opportunity to refocus the practice of resilience by contextualizing specific threats, identifying complexities, and finally connecting the impacts across areas of the organization. The real potential of geopolitical resilience resides in practitioners’ ability to read and analyze trends, foresee risk, and—most importantly—build cross-disciplinary bridges between organizational functions.

Youssef Kchiere, MA, CPP, is a global security and risk management professional with more than 18 years of experience advising international organizations on resilience, crisis management, and geopolitical risk. A former major in the Moroccan Royal Armed Forces, he has served with the United Nations and NATO and now focuses on strengthening enterprise security and business resilience in a rapidly changing global landscape.