Russia and the Ukraine: How Geopolitical Events Impact Resilience Management


When it comes to business continuity planning, a lot of organizations think about anticipated event types and make plans to adequately address them. And some of the best programs take this one step further—they imagine other plausible scenarios and create plans that are flexible enough to address those types of events, too.

But the strongest and most resilient organizations don’t focus on single event response. Instead, they develop plans that are flexible and adaptable to multiple scenarios, known and unknown.

In the last several years, geopolitical events have moved closer to the top of many organizations’ concerns and planning efforts. However, even with event horizon scanning, few may have been well prepared to deal with the challenges that have already arisen from the recent Russian invasion of Ukraine.

From government sanctions to cyber-attacks, we are likely just now beginning to see the potential scope of this conflict and what it means for business around the world.

That’s what we talked about recently with Michael Bratton, a director of consulting at Castellan, during our fifth episode of season two of Castellan’s podcast, “Business, Interrupted.”

While the war in the Ukraine may or may not be a distance from the heart of your operations, the consequences of the conflict are likely to be widespread and lingering. It highlights for business continuity and resilience management professionals just how important it is to plan for these severe, yet, plausible scenarios to ensure operational resilience, regardless of disruption type.

Get The Plausible Scenario Builder


Social Media Influence and Real-Time Decision-Making

These issues highlight the need for contingency planning during and after disruption response.

For example, in this scenario, it’s about taking a closer look at what happens when you temporarily suspend operations, but:

  • What do you do if the government seizes your assets?
  • What happens to your employees during this time?
  • Will they return to work if you decide to resume operations?
  • What impact might the conflict have on their abilities to do so?
  • What will you need to do to return to normal?

That’s why contingency planning is so important. It forces your teams to think about all of the considerations before you, not just in terms of suspending operations, but also in terms of how to resume operations and how to operate under new and changing laws and restrictions.

Third-Party Risks and Sanctions

Government sanctions are already putting some strains on third-party suppliers and we can likely expect this to compound across the supply chain the longer the conflict continues. And it’s not just about what’s limited by sanctions in Russia, but also what’s no longer moving out of and through the Ukraine now and in the future.

From a business continuity perspective, this forces organizations, many of whom were already struggling with pandemic-related shortages and other supply issues, to think about temporarily or permanently replacing those suppliers.

One of the good things coming out of pandemic response, however, is many organizations were already moving toward more geographic diversification among suppliers to strengthen their supply chain.

But that doesn’t come without a different set of risks. While an organization may have successfully found another supplier, we may not yet know what impacts the conflict and other issues will have on the replacement, especially as issues compound across the supply chain, stretching beyond the borders of Russia and Ukraine.

We must also think about whether or not more sanctions are coming—and where—and what that will look like, as well as how widespread sanction impact may be. For example, if you moved from a third-party based in Russia to one in China, what might happen if China supports Russian efforts? Could potential sanctions against China eliminate that supplier as a realistic alternative for your needs?

Increasing Cyber-Attacks

As a result of the conflict, we may also see increased nation-state sponsored cyber-attacks against governments and private entities and what that may mean from a resilience perspective. Critical infrastructure could be at a higher risk; however, all organizations should consider and plan for potential cyber events.

Already organizations are reporting increased scanning activities, which haven’t yet resulted in successful attacks, but we’re well aware of the looming potential, especially in terms of the potential for increased ransomware attacks, some of which have been linked to the Russian government.

At Castellan, we have long been encouraging our clients to shift thinking from what might happen if a cyber event happens to what the response plan is when one occurs. The conflict in the Ukraine definitely highlights the increased likelihood of these types of events.

And that’s not just about response planning for what might happen if a network goes down or for data loss. It’s about a much larger picture organizations should think about. What happens if critical infrastructure is impacted? How will we be able to continue operations as normal? What happens if other necessary public services are impacted?

Plausible Scenarios to Consider

These types of “what-if” questions bring into focus why it’s important for organizations to consider and plan for plausible scenarios that could have potentially severe consequences, for example, loss of critical infrastructure.

And that goes beyond just thinking about how to respond to and recover from a specific event, but going deeper and considering what might happen further downstream as a result. Some key points to think about in this example:

  • How would this disruption directly affect my employees?
  • Are all employees affected or just those in certain geographical areas?
  • Will they be safe?
  • Will they be able to work?
  • Do we have a means to communicate with these employees?
  • How will related expenses, for example, rising gas prices, affect their abilities to meet their work requirements?

Working with plausible scenarios helps organizations ensure they have plans in place to address where their team members are and how to address operational challenges as they arise.

But beyond focus on those plausible scenarios, organizations must also take into account event-based assumptions, as well as dependencies and capabilities, regardless of event scope and breadth.

And we can’t overlook potentially catastrophic events and their impact, so it’s important to consider:

  • If a catastrophic event were to occur, how would it affect resources?
  • What would and wouldn’t be available?
  • Which resources does your organization need to deliver critical products and services?

Want to hear more from Michael Bratton and how the conflict in the Ukraine is impacting business continuity and what that means for resilience management today and in the future? Listen to “Ukraine and Russia: Geopolitical Impacts and Plausible Scenarios with Michael Bratton,” which is available on the Castellan website or wherever you listen to your favorite podcasts.

Get The Plausible Scenario Builder


Goodbye, uncertainty. Hello, confidence.
Castellan brings every aspect of resilience management – from readiness to response – together in one place, so you can stop hoping and start knowing.

Now you’re ready.TM

Ready for some hands-on help? Let’s discuss how to best achieve your resilience goals.