November 29, 2021
Crisis management in Ukraine – what you should know about doing business in a zone of potential armed conflict.
Recently, media reports have been reporting increased Russian military activity close to the borders of northeastern Ukraine. The situation is dynamic, and there are so many areas that tension between Russia and Belarus on the one hand, and Ukraine, Poland, and EU and NATO countries on the other, all of which have different interests, could lead to an escalation of the conflict. How should businesses behave in this situation? What should companies with representative offices or production facilities in Ukraine do? What procedures should they have in place and what should they pay attention to? NaviRisk expert – Mateusz Tarasiuk – writes about the short and long-term consequences of a potential armed conflict for business.
A story that likes to repeat itself
In Ukraine, after the detachment of the lands of Crimea and Donbas from the state, the awareness of the military threat from Russia has increased, and the state is increasing the financial outlay for the army year by year. Therefore, The Ukrainian army, experienced in border conflicts, is relatively well trained and is a more difficult challenge for Russia today than it was in 2014, but still taking into consideration the gap in manpower, modern equipment, and mobilization capabilities, probably will not be able to stop the full Russian attack in the long term.
The aforementioned issues raise a concern about how businesses in Ukraine should prepare as part of crisis management activities in the event of war. In order to present possible scenarios about how to manage risk, we do not specify a particular territory that could potentially be occupied by the Russian forces in Ukraine and we do not consider which companies specifically could suffer from the change. We assume that part of Ukraine’s territory will be a war zone and that the problems of foreign companies in Ukraine are a broad problem, not related to one company or the industry.
Photo: Rotislav Artov, Unsplash
In the short-term perspective we can see that there are several risk factors we should consider preparing the crisis risk management recommendation:
PROBLEM: There is a risk of conscription and calling company employees, especially men, into the army. The companies potentially may be out of the staff. Also, what is worth noting, there will be a problem with securing business facilities, like those employed in security, whether in-house or through an external service provider, and with access to weapons, will be taken for conscription, while the weapons themselves, owned by the security company, may be taken for the army.
SOLUTION: Although no crisis manager can impede conscription, prior awareness of such an eventuality prompts measures such as hiring external (based outside Ukraine) security companies to save the company’s assets. At least, if no work can be continued due to the lack of staff, we are minimizing the risk of the company being robbed or destroyed by securing the business. If the conflict is ongoing in the close neighborhood of the entity, the evacuation of the company’s resources, with a help of the external company, will be needed. Adequate agreements to ensure a company’s response to a crisis or conflict should be made in advance.
PROBLEM: The important risk factor is that in the face of danger all company’s employees will be forced, because of the immediate threat to health and life, to leave assets in place, without a crisis management plan, order, or composition. Therefore, all company’s assets will be highly vulnerable to plunder or suffer from direct military acts.
SOLUTION: It is necessary to prepare a company evacuation plan in advance, secure vehicles and any possible assets, and provide coaches and other vehicles to the company to evacuate its employees and valuable resources. In order to make this plan properly, a recommendation will be to use a company located outside the zone of the potential military conflict, with whom the contact will be available 24/7 with a dedicated crisis manager.
PROBLEM: If some strategic companies are located close to the border and the army of the enemy, the risk of influence by industrial spies seeking to destabilize the company’s work is growing, and this needs to be considered very carefully.
SOLUTION: To mitigate the risk of being vulnerable to the activity of industry spies, a special approach needs to be taken including enhanced background checks on people potentially being suspected of this kind of activity.
PROBLEM: In the face of danger and a tense situation on the border, and the general feeling that the offensive was about to begin, it is highly possible to experience all sorts of fraud (of money, materials, vehicles, computers, and other assets) committed by employees or management who, after stealing, will flee suspecting that there will soon be conflict anyway.
SOLUTION: Constant monitoring and additional security measurements, as well as the scenario of sudden changes that prevent key managers and employees from accessing the company’s valuable assets, should be taken in advance in order to set off an established business protection plan to prevent money from being stolen from the company as well as minimizing the risk of theft of materials and other assets.
Photo: Max Kukurdziak, Unsplash
In the long-term perspective of the conflict, several strategic risk scenarios should be taken into consideration, for example, such as the following:
PROBLEM: Foreign companies will be forced, e.g. as a result of international pressure or for pragmatic-tax reasons, to move from the conflict area. Therefore, the plan for moving the company’s assets and employees will arise, but the decision will be to stay in the country, but outside the region of war, or to move abroad – outside Ukraine.
SOLUTION: An analysis of potential places to do business further should be taken in advance, with a consideration of the preliminary costs and preparation of the carryover plan. The decision to move the business outside Ukraine would probably be safer in the long run if we assume that the threat from Russia will be constant, but we lose more on moving and starting many things from scratch.
PROBLEM: There will be a threat to the continuity of the supply chain, perhaps the planned sales will not be realized or products and components necessary for the operation of the company will not be purchased due to the ongoing conflict.
SOLUTION: Even before the crisis hits, it is important to continually expand the sphere of contacts and networking and initially discuss the possibility of change with third parties, potentially responsible for the new supply chain, which will allow conducting the business uncrushed. In order to choose the right partners just at the moment the crisis hit, prior due diligence to determine the risks of working with third parties should be done.
Photo: Marjan Blan, Unsplash
As we can see, to secure business stability and mitigate the risk, it is needed to take into consideration several possibilities of events that would influence the business in Ukraine if the military struggles begin. To counteract these risks an updated crisis management plan should be prepared, taking into account possible losses and ways to prevent them. As a risk management consultancy company, NaviRisk recommends considering a few elementary risk management rules to reduce the risks for business in Ukraine in the event of conflict:
1. List all identified risk elements.
2. Identify the consequences of each risk.
3. Eliminate irrelevant issues.
4. Assign probability.
5. Assign impact.
6. Determine risk for the element.
7. Rank the risks.
8. Develop mitigation strategies.
9. Develop contingency plans.
10. Monitor your risks.
Of course, risk management can and even should take place internally, but sometimes it can be even more important to hire an outside consultant to take an independent look at various business security issues, even more so in the face of the threat of conflict in Ukraine.
At NaviRisk we always highlight that it is definitely better to prevent than to cure, and to prepare adequate risk mitigation plans to measure and identify potential threats, as well as to prepare remedies even before a crisis occurs. Our consultants are ready to assist you with implementing risk management solutions 24/7, both before and during the crisis.
Mateusz Tarasiuk, NaviRisk
May 30, 2023
Asked why he’d robbed banks, a notorious American gangster from the Great Depression era famously replied: ‘If they kept money in candy stores, I would rob candy stores.’ Is there any connection between old-style robbers and the plight of modern l law firms? On the surface, not really. After all, what can you steal from […]
April 25, 2023
Phishing Awareness Training – Simulating Phishing Attacks
Phishing training for employees is one of the most effective ways to strengthen your company’s defences against malware, ransomware, data loss and Business E-mail Compromise (BEC) attacks. Experience shows that awareness campaigns result in a significantly reduced click-through rate after each subsequent campaign. An employee who has made a mistake becomes more vigilant and more resistant […]
April 25, 2023
Phishing – how to deal with it?
Phishing is a form of social engineering where attackers deceive people into revealing sensitive information or installing malware such as ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries […]