Executive Summary
Advanced hybrid attacks threaten to disrupt global supply chains, change market dynamics, and destabilize financial systems and national economies.
States increasingly rely on non-state actors to inflict harm through disinformation, interference, cyberattacks, or economic threats, often in a synchronized fashion.
A greyzone has emerged in which agile groups can avoid detection and attribution, thus making the defense more difficult – yet, also more vital.
Implications for International Business
Hybrid threats will become part of the normal business environment, requiring a shift from reactive to proactive risk mitigation through the protection of infrastructure, diversification of supply chains, and dynamic monitoring.
Beyond economic cost, hybrid attacks can inflict reputational damage, so firms need to take protection measures and develop their crisis communication.
State of Play
Agile, combined, and efficient – and geopoliticized
Europe has become ever more exposed to hybrid threats, creating risks not just for governments and public institutions, but also for companies and individuals. Primarily deployed by authoritarian states such as Russia, China, Iran, and North Korea, hybrid tactics aim to weaken democracies by targeting political, societal, or technological vulnerabilities. They can serve to, for example, discredit their political model, produce instability or uncertainty, influence political decision-making, or do actual damage or otherwise gain tangible advantages.
In recent years, the methods used for hybrid attacks have greatly evolved: For one, a combination of tactics – such as “hack and leak”, or simultaneous cyber-attacks and the use of ransomware – is increasingly utilized. Similarly, forced migration into Western countries is employed concurrently with disinformation campaigns. For another, there is greater involvement of non-state actors and economic entities. The former provides additional human resources and expertise while enabling better concealment. The latter receive support to strategically invest in an adversary’s key industries to hinder economic or technological progress.
Finally, the cyber and information space is increasingly used as an operational domain, especially through social media and cyberattacks. Moreover, new hybrid tactics have gained in importance, such as the use of sanctions or espionage in the economic and financial sector ("tradefare") or the weaponization of democratic norms and standards against democracy itself ("lawfare").
Key Issues Hybrid attacks challenge state sovereignty…
Hybrid threats remain below the threshold of armed conflict. They can lead to regional instability by disrupting society and the economy, thus jeopardizing state security without creating an interstate conflict. The tactics employed focus on a greyzone in which detection and attribution are difficult, such as at the interface between war and peace, internal and external security, or local, national, and international jurisdictions. Hybrid threats therefore challenge state sovereignty without impairing their territorial integrity.
The tactics used do not always have immediate implications for diplomatic relations between countries. State actors like military, intelligence and security services, and non-state actors such as militias, terrorist groups, or criminals, both exploit the lack of clear attribution to avoid immediate consequences, even if they have different goals: While state actors often strategically pursue their national interests to gain geopolitical influence or weaken their foes, non-state actors deploy hybrid tactics for short-term immediate economic benefits or ideological intentions.
Combatting hybrid threats requires a holistic approach, which is why EU and NATO member states have set up a joint Centre of Excellence to promote a whole-of-government and whole-of-society approach to counter them. In addition, the EU has enacted regulations to enhance the digital and physical protection of critical infrastructure, such as the Network and Information Security Directive 2 (NIS 2) and the Resilience of Critical Entities Directive (CER). To curb the spread of disinformation, the Digital Services Act (DSA) allows for the fast removal of illegal content and manipulated information from online and social media platforms.
…as much as entire economies and individual firms
A range of hybrid measures specifically target economic activity. These include the imposition of sanctions against other countries or entities, the use of trade restrictions to protect domestic industries, or the manipulation of exchange rates or interest rates to influence economic conditions. As companies adjust their commercial partnerships and investment decisions in response to such measures, these tactics can disrupt global trade patterns and supply chains, alter market dynamics (risk perceptions, investments, capital flows), or destabilize financial systems or national currencies. Eventually, such actions can lead to slower growth, significant market volatility, and political destabilization.
For developing economies such as Ukraine, Turkey, Kenya, South Africa, Nigeria, Argentina, Brazil, Colombia, and Georgia, these influences have significant impact. They face economic instability, investment uncertainties, restricted access to markets and resources, environmental damage, and social or political tensions. It will be crucial for them to pursue a sustainable development strategy, promote regional market integration and diversification, establish clear investment guidelines, and ensure legal certainty and political stability.
Businesses, too, should implement a set of strategic approaches to effectively address hybrid threats and strengthen their resilience and readiness. First, they should conduct a comprehensive risk analysis and assessment. This involves deploying early warning systems and scenario analysis to proactively identify potential risks before they escalate. Moreover, collaboration with authorities and other businesses is crucial. This means fostering information exchange on threats and best practices and engaging in joint defense measures to bolster resilience against hybrid threats.
In addition, prioritizing cybersecurity and data protection is essential. Businesses should implement safety measures, backup plans, and resilience structures to safeguard critical assets and maintain operational continuity in the face of cyber threats. Finally, legal readiness is key. Understanding legislative frameworks relevant to hybrid threats is important for compliance and preparedness. Establishing uniform security standards across the supply chain through a code of conduct and creating emergency plans for contingencies can enhance a firm's ability to respond effectively to complex threats.
Companies should in particular focus on cyberattacks and disinformation campaigns in their geopolitical risk analysis and monitor the respective actors and methods. By implementing an early warning system, such as live tracking of disinformation campaigns on social media and establishing a threat analysis unit, they can identify risks early on. EU-based companies should assess whether they fall within the scope of the regulations such as NIS2, CER, or soon, CRA, and take the required measures.
International cooperation and partnerships between states and companies are becoming increasingly important for minimizing damage risks and maintaining economic stability. Companies should collaborate with national security authorities and international organizations, regularly exchanging their experiences and information on threat developments in international public-private partnerships, such as the Partnership Training and Education Centers (PTECs) recognized by NATO or the Joint Cyber Defense Collaborative (JCDC).
In the emerging geopolitical rivalry, hybrid attacks by authoritarian actors target democracies at the core. To counter them, companies relying on free markets, legal certainty, and open societies need to collaborate with elected governments.
Comments