Gray-zone aggression now a material threat for businesses: Willis report
Arlington, VA (Feb. 25, 2026) – Global stability is entering a new phase – one defined not by clear lines of conflict, but by the ambiguous, deniable and strategically choreographed tactics that sit between peace and war – known as ‘gray-zone aggression’. That’s the key finding of a new report from The Willis Research Network and Elisabeth Braw, a senior fellow with the Atlantic Council.
Gray-zone aggression has rapidly evolved into a material threat for businesses; disrupting markets, undermining confidence and creating political leverage. The report, titled “Hidden threats, real impacts: gray-zone aggression”, highlights that five years ago, this challenge barely registered on corporate risk radars and was largely viewed as confined to the aviation and shipping sectors. Today, it is shaping geopolitical risk appetite, testing insurance policy wordings and the resilience strategies of every major sector. In this volatile environment, the private sector is no longer a bystander, the report says. Executives need to anticipate, adapt and collaborate to strengthen corporate defences and maintain business continuity.
The report highlights further findings for risk and insurance leaders:
- Re‑evaluate insurance wordings, triggers and limits: as geopolitical tensions rise, gaps can emerge in the gray-zone between peace and war. Specialist review of policy language is critical to ensure coverage aligns with the emerging risk environment rather than legacy definitions of conflict.
- Elevate gray-zone aggression as an enterprise-level risk: review risk registers and strategy for gray-zone threats. Continuous geopolitical monitoring, scenario refresh cycles and dissemination of intelligence are essential.
- Stress test supply chain resilience through a geopolitical lens: complex interdependencies mean a single chokepoint disruption can generate outsize ripple effects. Diversification, route alternatives and friendshoring considerations should be embedded into operational and financial planning.
- Strengthen crisis management for ambiguous events: gray-zone incidents often resemble ‘accidents’ until patterns emerge. Organisational resilience will be tested by decision making under uncertainty. Where attribution is incomplete, public narratives diverge and regulatory environments shift at speed.
- Integrate scenario thinking into strategic planning: scenarios challenge assumptions and reveal unexpected exposures. They help leadership teams test investment choices, supply chain dependencies, geopolitical footprints and insurance adequacy across a range of plausible futures.
Sam Wilkin, Director of Political Risk Analytics at Willis, said: “Our societies are only as resilient to gray-zone attacks as their weakest link. The corporate sector must not be that weak link. The past few months of gray-zone attacks in Europe have shown us that strategic foresight, operational readiness and specialty solutions designed to address ambiguity must be baked into corporate risk management programs across business sectors. I hope companies will use the scenarios to challenge traditional boundaries of risk ownership and identify unexpected connections between risks.”
Elisabeth Braw, Senior Fellow, Atlantic Council, said: “Today’s gray-zone tactics exploit the way our economies are connected – and that puts the private sector directly in the line of fire. Hostile countries are targeting companies precisely because doing so creates disruption and uncertainty while at the same time having two distinct advantages: plausible deniability and minimal risk of retaliation. This research makes clear that treating gray-zone aggression as a temporary nuisance is a mistake. Organisations that fail to recognise gray-zone activity as a material business risk will find themselves reacting too late, with real consequences for business operations, confidence and resilience.”
Download the report: Hidden threats, real impacts: gray-zone aggression.
Hidden threats, real impacts: gray-zone aggression
Amid a surge in gray-zone aggression acts, WRN partner Elisabeth Braw shares key insights and three scenarios to help risk leaders take action in 2026.
Gray-zone aggression has surged in recent years, revealing a critical trend: states engaging in this form of coercion are constantly innovating – making defence a moving target. Unlike traditional military aggression, gray-zone tactics exploit economic, technological, and reputational vulnerabilities. This means resilience cannot rest solely with governments; the private sector is increasingly in the crosshairs.
Businesses are becoming more concerned about these risks, yet awareness remains low. Understanding what gray-zone aggression is – and how such events might unfold – is essential. Willis Research Network partner Elisabeth Braw, shares key insights and three new scenarios to help risk leaders take action in 2026.
Organizations must anticipate, adapt, and collaborate to strengthen their defenses and maintain continuity. In WTW’s 2025 Political Risk Survey [1], 77 per cent of executives interviewed expressed concern about the threat of economic retaliation as the method of gray-zone aggression of greatest concern, while 64 per cent were focused on state-sponsored cyber and 44 per cent on attacks on infrastructure. Five years earlier, gray-zone threats barely registered on corporate radars.
To understand gray-zone aggression as an emerging driver of geopolitical risk, the Willis Research Network, have partnered with Elisabeth Braw since 2019 to explore the topic and identify what global businesses can do to manage these threats proactively.
The findings from these discussions are shared in a report providing:
- An overview of gray-zone aggression, covering: what gray-zone aggression is, how the risk has evolved, why it’s so effective and why it’s so challenging to identify.
- Examples of suspected gray-zone aggression acts across key industries, highlighting why each industry is targeted, existing and potential methods and suspected precedent examples to inform executives as they challenge their risk and strategy plans; and
- Best practice guidance in five key areas to support executives navigate this growing threat, including challenge questions to test readiness.
Gray‑zone aggression is an enterprise‑level risk that spans departmental responsibilities; if there are knowledge gaps in the answers to those diagnostic questions, risk and strategy will need to be aligned to act.
Key findings for risk and insurance leaders
- Elevate gray-zone aggression as an enterprise-level risk: Review your risks register and strategy for gray-zone threats. Continuous geopolitical monitoring, scenario refresh cycles and intelligence dissemination are essential.
- Stress-test supply-chain resilience through a geopolitical lens: Complex interdependencies mean a single chokepoint disruption generates outsize ripple effects. Diversification, route alternatives and friendshoring considerations should be embedded into operational and financial planning.
- Strengthen crisis management for ambiguous events: Gray-zone incidents often resemble accidents until patterns emerge. Organizational resilience will be tested by decision-making under uncertainty. Where attribution is incomplete, public narratives diverge and regulatory environments shift at speed.
- Integrate scenario thinking into strategic planning: Scenarios challenge assumptions and reveal exposure asymmetries. They help leadership teams test investment choices, supply-chain dependencies, geopolitical footprints and insurance adequacy across a range of plausible futures.
- Reevaluate insurance wordings, triggers and limits: As geopolitical tensions rise, gaps can arise in the gray-zone between peace and war. Specialist review of policy language is critical to ensure coverage aligns with the emerging risk environment rather than legacy definitions of conflict.
To learn more, download the full report: Hidden threats, real impacts: gray-zone aggression.
About WTW
At WTW (NASDAQ: WLTW), we provide data-driven, insight-led solutions in the areas of people, risk and capital. Leveraging the global view and local expertise of our colleagues serving 140 countries and markets, we help organizations sharpen their strategy, enhance organizational resilience, motivate their workforce and maximize performance. Working shoulder to shoulder with our clients, we uncover opportunities for sustainable success—and provide perspective that moves you. For more information, visit www.wtwco.com.
SOURCE: WTW