“Gray zone aggressions” – ambiguous, deniable and strategically choreographed tactics that sit between peace and war – has evolved into a material threat for businesses, warns a new report from The Willis Research Network and Elisabeth Braw, a senior fellow with the Atlantic Council.
The report, titled “Hidden threats, real impacts: gray-zone aggression”, highlights a shift in the market. While these tactics were viewed as niche concerns in the aviation and shipping sectors only five years ago, they are now disrupting markets and testing the resilience of every major industry.
Given this volatile environment, businesses must recognise they are no longer by standards, according to the report. In order to strengthen corporate defences and maintain business profitability, executives need to anticipate, adapt and collaborate, analysts highlight.
Sam Wilkin, Director of Political Risk Analytics at Willis, a WTW company, said: “Our societies are only as resilient to gray-zone attacks as their weakest link. The corporate sector must not be that weak link.
“The past few months of gray-zone attacks in Europe have shown us that strategic foresight, operational readiness and specialty solutions designed to address ambiguity must be baked into corporate risk management programs across business sectors. I hope companies will use the scenarios to challenge traditional boundaries of risk ownership and identify unexpected connections between risks.”
The report outlines several critical steps for risk and insurance leaders to strengthen their defences. This includes a need to re‑evaluate insurance wordings, triggers and limits, as Willis warns that legacy definitions of conflict may leave “gaps” in coverage when dealing with the ambiguity of gray zone events.
The report also advises businesses to view supply chains through a geopolitical lens, focusing on diversification and friendshoring to avoid chokepoints disruptions.
Additionally, gray-zone aggression should be treated as an enterprise-level risk, the report advises, requiring continuous monitoring and frequent scenario refreshes.
Moreover, crisis management teams must be trained to make decisions under uncertainty, particularly when the source of the disruption is not immediately clear.
Elisabeth Braw, Senior Fellow, Atlantic Council, stated: “Today’s gray-zone tactics exploit the way our economies are connected – and that puts the private sector directly in the line of fire. Hostile countries are targeting companies precisely because doing so creates disruption and uncertainty while at the same time having two distinct advantages: plausible deniability and minimal risk of retaliation.
“This research makes clear that treating gray-zone aggression as a temporary nuisance is a mistake. Organisations that fail to recognise gray-zone activity as a material business risk will find themselves reacting too late, with real consequences for business operations, confidence and resilience.”
