Defence & Security

Security... The New "S" in ESG?

Published on
November 14, 2023

Identifying and mitigating commercial exposure to geopolitical risk

The significance of recognising and mitigating commercial exposure to geopolitical risks is becoming increasingly evident in today's evolving business landscape. According to ESG data provider ESG Book, ASML Holdings (a manufacturer of semiconductor chip manufacturing equipment) holds the highest environmental, social, and governance (ESG) rating globally.

This high rating implies that investors can confidently support the company, knowing it adheres to sustainable practices, maintains social responsibility, and upholds transparent accounting and employment policies. However, recent geopolitical events have demonstrated the vulnerability of even the most socially conscious and well-governed enterprises.

For instance, ASML faced challenges when a geopolitical dispute between the West and China led to a ban on exporting its products to a significant customer. The subsequent impact on ASML's share price is evident in the graph below.

A screenshot of a graphDescription automatically generated
Graph showing the share price of ASML over the past year. Credit: Google.

For context, the red line denotes the date when Reuters reported that the Netherlands and the US were planning to restrict exports of some ASML products to China.

Why is this significant? It highlights that even the most socially conscious enterprises, or strictly governed organisations, can go from B-Corp to corpse in a relatively short space of time following an unexpected geopolitical event. Consequentially, industry leaders including Goldman Sachs and McKinsey & Company have begun to promote the necessity for a geopolitical strategy, and why CitiGroup’s CEO Jane Fraser told a panel at a recent business forum that security was the new “S” in ESG.

Assessing geopolitical security

So how do you ensure your company, or a company you are considering investing in, is geopolitically secure? The best way to do this is to undertake a geopolitical security assessment of the company in question. To do this thoroughly, there are three major factors that need to be considered:

  1. The constituent parts of the business and their locations
  1. The geopolitical risks relevant to those locations
  1. The company’s resilience to those risks

The constituent parts of a business

When conducting a geopolitical security assessment, it is important to understand what and where all the constituent parts of the business are. Be aware that this is not simply limited to where the bricks and mortar assets of the company are located:

    Any shops, production facilities, or offices etc that are located away from the company headquarters.
    The routes by which resources essential for the company to operate (raw materials, energy, communication) are delivered to it, and the routes by which its goods and services are delivered to market.
    Any location from which a significant proportion of the company’s labour force comes from. Often, this will be in the vicinity of its headquarters or branches, but some companies and industries rely heavily on overseas labour (almost 45,000 UK NHS staff come from India, for instance).
    Where the customers receive the company’s goods or services.
    “That’s not a real location” I hear you cry. Correct, but if a company wants its online material to be accessible in a given location, it can be impacted by political decisions taken in that location (as Elon Musk recently found out).

Geopolitical risks faced by businesses

The exact geopolitical risks faced by a business will depend on the industry and location it operates in. Below are some of the more common geopolitical risks faced by businesses.


The potential for damage to the physical location of one or more of a business’s constituent parts.

Climate change is already one of the most prominent causes of this, with record levels of flooding, extreme heat, and drought being recorded on a regular basis. For instance, the US has already recorded a record 25 natural disasters causing over $1bn damage each this year, surpassing the previous record of 22 which was set in 2020.

traffic light sign underwater
Photo credit Kelly Sikkema

The geopolitical risks posed by climate change are almost certain to get worse before they get better (if they ever do), with rising sea levels and incidences of extreme weather events putting an increasing strain on all manner of industries. Those likely to be particularly affected include the insurance, agriculture, and energy industries.

Other major environmental disruptors include non-climate change-related natural disasters such as earthquakes and volcanic eruptions, and man-made disasters such as the Chernobyl and Fukushima nuclear disasters and the plethora of armed conflicts around the world.


The potential for a reduction or complete loss of access to resources vital for the business’s operation.

The first thing most people would think of when considering supply risk is the geopolitical threat to the availability of physical resources such as materials and energy that are vital to the production of goods. The impact of the Covid-19 pandemic on the availability of semi-conductor chips and of Russia’s invasion of Ukraine on energy prices are two very prominent examples of this.

However, it is also important to consider the geopolitical threat to the supply of other vital resources such as labour (check out the impact of Brexit on the hospitality trade), and communication (rising incidents of grey zone warfare between the West and hostile nations are posing an increasing security threat to undersea communications infrastructure).

Threats to the supply of goods essential for living must also be considered – no matter how many potential workers there are they won’t be doing any work if they don’t have food, water, or medicine. Political instability can seriously disrupt the supply of these essential goods, due to a lack of security (Haiti) or sanctions imposed by other nations (Niger).


The risk posed to a business’s bottom line by the state of the economy.

Many businesses’ performance will be somewhat of a reflection of the state of the economy it operates in. if the economy is doing well, most businesses will tend to do better, and visa-versa.

For example, high levels of inflation can wreak havoc on profit margins (rising petrol costs have given many driving instructors concerns over whether they will manage to break even let alone make a profit), low levels of disposable income can cause a reduction in demand for luxury goods and services, and financial crises such as the 1989 Savings and Loan Crisis have the power to wipe out multi-million dollar corporations.

However, there are exceptions to this rule. For instance, businesses which position themselves as budget or economy options can over perform when the economy is struggling, as customers turn to them in an attempt to reduce their outgoings.


The risk posed to a business’ ability to communicate or by a business’ communications.

In the military there is a saying: “no comms, no bombs”. This stands to highlight how difficult it is to operate as an effective fighting force without reliable communication – something just as true in business as it is in conflict.

In a great example of how these risks are intersectional, communications risk can be directly impacted by supply risk (i.e. the grey zone activities we have already mentioned), environmental risk (research published in Earth-Science Reviews highlighted a further risk to undersea cables posed by climate change), and political risk (deliberate internet shutdowns by governments cost the global economy $24bn in 2022).

While being unable to communicate is an obvious threat to businesses, sometimes what they communicate can be just as damaging. Bud Light failed to consider the political views of their main customer base in a recent marketing campaign, which ultimately saw sales by its parent company AB InBev to US retails fall by 17% and led to the resignation of its Chief Marketing Officer.

Similarly, promoting something which would gain a company virtue signalling points in one location could see it lose goodwill or even prosecuted in another (hence the double standards in the image below):

A screenshot of a phoneDescription automatically generated
Twitter handles of US companies during Pride Month alongside the handles of those companies’ Middle Eastern branches.


The risk posed to a business by the decisions of governments and the opinions of populations.

We have already mentioned how political decisions and stances can see labour forces reduced, access to the internet and essential goods restricted, and impact sales.

Additionally, it can see the ability to sell certain goods restricted (the tobacco industry is in a terminal decline akin to many of its customers due to the impact of public health legislation aimed at reducing sales).

It is not all doom and gloom from a business point of view though – some legislation can cause a massive increase in demand for certain goods and services (which is why the Covid-19 pandemic must have felt like a lottery win for PPE manufacturers).

The attitudes of a population can have just as big an impact on a company’s success as the political decisions of their government, both directly (such as the Bud Light boycott), and indirectly (for instance due to the impact of civil unrest on the wider economy, as highlighted in the graph below).

A graph of a graph showing the impact of new unrestDescription automatically generated with medium confidence
Graph showing the long-term effects of social unrest on GDP. Credit: International Monetary Fund.


The risk posed to a business by violent activities.

War and terror can be catastrophic for business. They have the potential to destroy its environment, physical assets, supply lines, labour force, and customer base. For example, it is estimated productivity in Ukraine will reduce by 7% by 2035 due to the impact of Russia’s invasion.

The aforementioned direct effects of war are relatively obvious, but what also needs to be considered when looking at the conflict/terror risk to businesses is second or third order effects. For example, terror attacks can cause a reduction in demand for a service or popularity of a location in their aftermath due to the fear they create (hence “terror” attacks”).

A graph showing the growth of oil and gas pricesDescription automatically generated
Graph showing the impact of 9/11 on the aviation industry. Credit: International Civil Aviation Organisation.

Additionally, as we have seen with Western companies operating in Russia following its invasion of Ukraine, conflict can see businesses forced to withdraw from a location either due to pressure at home or because authorities in their host state decide to commandeer their assets.

Assessing resilience to geopolitical risk

To understand how resilient a company is likely to be in the event any of the risks listed above (or any that aren’t) come to fruition, there are three factors to consider:



The protective measures and policies employed by the company to mitigate the threats posed by geopolitical risk.

The most obvious example of this measures taken to protect itself from hostile physical actions. If the company is located in an area prone to conflict or terror attacks, has it employed protective measures such as armed guards, bunkers, or physical barriers?

However, it is important to also assess the measures it has taken to protect itself from other types of geopolitical risk, for instance:

  • Supply: Do the cargo ships it’s supplies arrive on employ maritime protection? Does the company work on a just-in-time production policy or has it got a few weeks of supplies to rely on in the case of a shortage?
  • Economic: Is the company liquid? Have its finances it been assessed by an independent auditor?
  • Communications: Does it have a fall-back option (such as satellite communication) if its internet connection is cut-off? Does it employ a dedicated agency to send out its social media posts or is it getting a bored, unpaid intern to do it?
  • Political: Has the company employed someone to analyse the potential impact of any incoming legislation, and has it acted upon that analysis to protect itself?


Is the company one of the few suppliers or the most affordable provider of specific goods or services?

This aspect primarily pertains to communications and political risk. Companies can exploit their market position if customers are left with no alternative but to purchase from them.

Although not directly related to geopolitical risk, Ryanair's social media team frequently handles complaints from dissatisfied customers by responding abrasively rather than attempting to appease them. They can act in this manner because Ryanair is often the sole carrier or significantly more economical than alternatives for many destinations, compelling people to choose them even if they disapprove of the airline's attitude.


The ability of the company to adapt to changes in circumstance.

As someone who was not Charles Darwin once said:

It is not the strongest of the species that survives, nor the most intelligent. It is the one most adaptable to change.”

Often it is impossible to prevent geopolitical risk from turning into geopolitical damage. In this case, companies that are able to adapt to the changes caused by this damage will be the most successful. Three main areas where adaptability will aid a company’s survival in this case are:

  1. Diversity of Offering: Does it have other products or services it can rely on to generate revenue in the event its main offering is restricted from sale? And if not, could it diversify into other offerings?

Tobacco companies have been getting smashed with legislation aimed at reducing their ability to sell their main product by governments across the globe for decades, and this is only likely to continue. To reduce the impact of this legislation on their bottom line, they have diversified into selling vapes.

  1. Ability to relocate: Can it “lift and shift” its operation elsewhere in the event it can no longer operate in its current location?

China has been the “factory of the world” for four decades, but now, due to a combination of its faltering economy and geopolitical tensions, companies are being forced to reassess their reliance on it as a manufacturing hub. Some of these companies, including Apple, Mazda, and chip-manufacturer TSMC, are now relocating their production centres to other countries.

  1. Logistical flexibility: If one of its major supply lines was blocked or otherwise disrupted, are there other viable routes, and how much time and cost would using these routes add to the shipping process?

When the Suez Canal was blocked by the Ever Given container ship in 2021, it reduced global trade by 12% at a cost of over $9bn per day.

Protecting your assets

To protect either your investment or your company from geopolitical threats, getting a geopolitical security assessment is highly recommended. Increasing numbers of ESG agencies are beginning to offer this as a service alongside their traditional ESG products as the importance of geopolitical risk becomes wider known, and there are also dedicated geopolitics consultancies that can help with this.

If the assessment suggests there is a high to severe threat of terror or conflict in the location of one or more of the company in question’s constituent parts, it may be prudent to also commission a dedicated security professional to assess its physical security, as it is unlikely an ESG or geopolitical risk consultancy will have the ability to provide a physical security assessment you can be fully confident in.

Finally, be aware that any assessment you do receive, even if it is 100% accurate at the time of delivery, will begin becoming less accurate as soon as you receive it. Geopolitics is fluid: even without the spectacular black swan events like 9/11 or Covid-19, the security state of countries and regions across the globe is constantly changing. Therefore, it is a good idea to keep yourself abreast of significant geopolitical activity (and not just in the country your interests are located: geopolitical events in one country frequently have knock-on effects on others). To do this, I would recommend subscribing to some kind of geopolitical update, be that a free weekly or daily newsletter or some kind of paid service.

Written by
Oliver Wright
Oliver is an accomplished geopolitical and open-source intelligence expert with a decade of industry experience spanning the Royal Marines, private sector, and UK Cabinet Office. He now runs his own geopolitics and open-source intelligence agency, OSINT Ltd, and produces the OSINTSUM; a highly regarded geopolitical risk intelligence summary. To subscribe to the OSINTSUM for free, or for more information about OSINT Ltd’s services, head to
Read more
Subscribe to Karve's quarterly roundup newsletter

Including market trend insights, company updates and info on innovation funding streams, growth strategies and other helpful scale-up tactics for your organisation.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Share this post