Tactics known as “grey-zone aggression”, including state-directed intimidation and cyber operations, are becoming more frequent and risk significantly disrupting businesses and global trade, a report has found.
Businesses’ assets, data, logistics routes and technology platforms are becoming “deliberate targets of grey-zone campaigns” aimed at unsettling markets and generating geopolitical leverage, it said.
“Every industry carries meaningful exposure,” the report explained, pointing to recent incidents targeting energy networks, ports, logistics hubs, defence manufacturing and retail supply chains, among others.
The report, authored by the Willis Research Network and Elisabeth Braw, a senior fellow with the Atlantic Council, found that five years ago the concern “barely registered” on corporate risk radars and was thought to be confined to the aviation and shipping sectors.
Now, the risk is a “material threat” that is impacting companies’ appetite for geopolitical risk and straining insurance coverage, which is typically based on binary distinctions between acts of war and sabotage.
Recent examples of grey-zone attacks include the damage to the Nord Stream subsea pipelines transporting Russia gas to Germany in 2022, and Houthi rebels cutting Red Sea cables in 2024, which affected internet traffic between Asia and Europe.
If it is unclear who to attribute the damage to, as in the Nord Stream case, this can impact whether coverage is triggered.
Braw said: “Today’s grey-zone tactics exploit the way our economies are connected – and that puts the private sector directly in the line of fire.
“Hostile countries are targeting companies precisely because doing so creates disruption and uncertainty while at the same time having two distinct advantages: plausible deniability and minimal risk of retaliation.”
These tactics are low cost and high impact, the report noted.
Rupert Mackenzie, global head of natural resources at WTW, added: “As critical infrastructure, natural resources companies carry immense geopolitical leverage and extraordinary economic value — which makes them vulnerable to hostile, grey‑zone tactics.”
The report looked at plausible potential scenarios, based on trends and real-world case studies.
These included disruption to shipping in the English Channel caused by the sanctions-busting shadow fleet, which show how “targeted groundings and automatic identification system manipulation can trigger global logistics paralysis”.
European authorities recently warned that deceptive behaviour by Russia’s shadow fleet, including manipulating location signals and sailing under flags of convenience, is endangering maritime safety.
The research also highlighted the use of “gig workers” recruited online to carry out grey-zone attacks, with their fleeting employment making it even more difficult for authorities to detect them.
“This research makes clear that treating grey-zone aggression as a temporary nuisance is a mistake. Organisations that fail to recognise grey-zone activity as a material business risk will find themselves reacting too late, with real consequences for business operations, confidence and resilience,” said Braw.
Sam Wilkin, director of political risk analytics at Willis, said: “Our societies are only as resilient to grey-zone attacks as their weakest link. The corporate sector must not be that weak link.
“Strategic foresight, operational readiness and specialty solutions designed to address ambiguity must be baked into corporate risk management programs across business sectors.”
The report recommended that businesses review their insurance wordings, triggers and limits, and consider policies for trade disruption, as standard business interruption cover might be limited to physical damage.
It also suggested businesses should categorise grey-zone aggression as enterprise-level risk and continue to stress test supply chain resilience using a geopolitical lens.
“Diversification, route alternatives and friendshoring considerations should be embedded into operational and financial planning,” it noted.
Potential grey-zone incidents also often resemble “‘accidents’ until patterns emerge”, it added.
“Organisational resilience will be tested by decision making under uncertainty. Where attribution is incomplete, public narratives diverge and regulatory environments shift at speed.”
GTR reported at the end of last year that political risk has re-emerged as a priority for boardrooms as a result of trade tensions, wars and populism.
