Global stability is entering a new phase – one defined not by clear lines of conflict, but by the ambiguous, deniable and strategically choreographed tactics that sit between peace and war – known as ‘gray-zone aggression’. That’s the key finding of a new report from The Willis Research Network and Elisabeth Braw, a senior fellow with the Atlantic Council.
Gray-zone aggression has rapidly evolved into a material threat for businesses; disrupting markets, undermining confidence and creating political leverage. The report, titled “Hidden threats, real impacts: gray-zone aggression”, highlights that five years ago, this challenge barely registered on corporate risk radars and was largely viewed as confined to the aviation and shipping sectors. Today, it is shaping geopolitical risk appetite, testing insurance policy wordings and the resilience strategies of every major sector. In this volatile environment, the private sector is no longer a bystander, the report says. Executives need to anticipate, adapt and collaborate to strengthen corporate defences and maintain business continuity.
The report highlights further findings for risk and insurance leaders:
• Re evaluate insurance wordings, triggers and limits: as geopolitical tensions rise, gaps can emerge in the gray-zone between peace and war. Specialist review of policy language is critical to ensure coverage aligns with the emerging risk environment rather than legacy definitions of conflict.
• Elevate gray-zone aggression as an enterprise-level risk: review risk registers and strategy for gray-zone threats. Continuous geopolitical monitoring, scenario refresh cycles and dissemination of intelligence are essential.
• Stress test supply chain resilience through a geopolitical lens: complex interdependencies mean a single chokepoint disruption can generate outsize ripple effects. Diversification, route alternatives and friendshoring considerations should be embedded into operational and financial planning.
• Strengthen crisis management for ambiguous events: gray-zone incidents often resemble ‘accidents’ until patterns emerge. Organisational resilience will be tested by decision making under uncertainty. Where attribution is incomplete, public narratives diverge and regulatory environments shift at speed.
• Integrate scenario thinking into strategic planning: scenarios challenge assumptions and reveal unexpected exposures. They help leadership teams test investment choices, supply chain dependencies, geopolitical footprints and insurance adequacy across a range of plausible futures.
Sam Wilkin, Director of Political Risk Analytics at Willis, said: “Our societies are only as resilient to gray-zone attacks as their weakest link. The corporate sector must not be that weak link. The past few months of gray-zone attacks in Europe have shown us that strategic foresight, operational readiness and specialty solutions designed to address ambiguity must be baked into corporate risk management programs across business sectors. I hope companies will use the scenarios to challenge traditional boundaries of risk ownership and identify unexpected connections between risks.”
Elisabeth Braw, Senior Fellow, Atlantic Council, said: “Today’s gray-zone tactics exploit the way our economies are connected – and that puts the private sector directly in the line of fire. Hostile countries are targeting companies precisely because doing so creates disruption and uncertainty while at the same time having two distinct advantages: plausible deniability and minimal risk of retaliation. This research makes clear that treating gray-zone aggression as a temporary nuisance is a mistake. Organisations that fail to recognise gray-zone activity as a material business risk will find themselves reacting too late, with real consequences for business operations, confidence and resilience.”