Eight questions every company should be asking itself

North Korea on 4 July successfully tested an inter-continental ballistic missile (ICBM) for the first time. Though the range would not reach the US lower-48 states, this is the latest – and one of the most provocative – steps in an escalating situation on the Korean peninsula. Talk of US pre-emptive strikes remains premature and Control Risks maintains a ‘low’ security risk rating for Korea. Yet risks are rising, and the pace of weapons development and policy flux make the situation more uncertain than in the past.

As any company with Korea experience knows, periodic geopolitical crises are a familiar feature of the environment and are rarely cause for alarm. Yet desensitization can lead to inadequate attention and planning for scenarios which – while highly unlikely – have nonetheless major impacts. Businesses in the region must take these threats seriously, and address potentially severe implications for both the security of their people and assets, and their ability to continue business operations amid major disruption. 

Asking these eight questions is a good starting point to help identify and address gaps in readiness:

  1. Have you conducted a risk assessment providing a comprehensive understanding of the current situation, the different conflict scenarios that could play out, and how each would impact your business, given your specific footprint in Korea?
  2. Do you have a systematic monitoring and analysis capability, to provide early warning and inform decisions when faced with alarming headlines or events in Korea? Does it offer a systematic framework to identify escalation triggers and indicators, and access to the necessary expertise to distinguish between media hype and major escalations?
  3. Do you have evacuation and security programs in place that are realistic for a Korean conflict situation, and provide options for multiple scenarios where evacuation and workforce relocation options may be severely constrained?
  4. Does your communications strategy focus on managing both external media and customer inquiries, and internal communications, including proactively managing the expectations and concerns of employees and their families?
  5. Do you have baseline crisis management and business continuitycapabilities, teams and plans that are up to date and robust enough to respond to scenarios such as severely disrupted infrastructure, supply chains and communications?
  6. Are your plans and capabilities tested and adapted? When did you last train crisis and business continuity teams on their roles, responsibilities and in extremis decision making capabilities? Have you conducted an exercise using a Korean conflict scenario and testing your triggers (cautious ones could mean frequent activation, aggressive ones may mean moving too late)?
  7. Have you prepared for scenarios with wider regional impacts beyond the Korea, particularly in China and Japan, to evaluate response capabilities and give global teams a safe environment to practice using response protocols? Do your plans factor in jurisdictional compliance obligations?
  8. If your key vendors are disrupted by this crisis, do they have the level of contingency planning necessary to ensure your operations will not be significantly disrupted?

These questions highlight common areas where gaps exist and where many companies have traditionally underinvested. The good news is that while some of these areas require significant planning (such as supply chain continuity), many baseline capabilities needed to build resilience can be developed in simple, practical ways. These focus on giving an organization the right mix of information, governance, planning, training, tools and practice necessary to enable it to feel confident that it can tackle any crisis.