Skip to main content
Opens in a new tab External site

September 2022 / 5 Min Read

Risk Implications of The Russo-Ukrainian Conflict: Digitization, Talent & ESG


How can organizations manage risks resulting from the Ukraine crisis and make better decisions amidst constant volatility?


Key Takeaways

  1. The growing digitalization of the world and increased cyber activity because of the Russia-Ukraine conflict raises concerns of how cyber attacks may influence operating models.
  2. Businesses are looking for ways to support impacted employees in the best way possible, including having open lines of communication, focusing on mental health, and championing total rewards.
  3. Organizations are being scrutinized for corporate action (or inaction) around environmental and energy concerns, helping displaced Ukrainians, and conducting due diligence in governance when doing business in the conflict zone.

The Russo-Ukraine conflict has given rise to a complex set of interconnected risks. For instance, regulatory and compliance issues have led to supply chain disruptions, which in turn have led to business interruptions.

Businesses worldwide are faced with more challenges in the near future, including cyber threats, human capital concerns and ESG considerations. How can organizations manage these risks and make better decisions amidst constant volatility?

Cyber Threats

There has been, and will continue to be, an increase in cyber attacks from the outset of the Ukrainian and Russian conflict. There are indications that the number of attacks may continue to rise. Russia is likely expected to continue to mobilize its cyber arsenal as the rest of the world braces by planning its own defenses, which are currently inadequate.

Nearly 80 percent of senior IT and IT security leaders believe their organizations lack sufficient protection against cyberattacks – despite the increased IT security investments made in 2020 to deal with distributed IT and work-from-home challenges. Moreover, it can take a half a year to detect a data breach Although all industries have exposure, the top five reported industries facing a successful cyber threat include:

  1. Education
  2. Telecommunications and Technology
  3. Financial Services
  4. Manufacturing
  5. Retail

Other industries targeted – education and government entities as well as COVID-19 research, election organizations, healthcare and pharmaceutical, defense, energy, gaming, nuclear commercial facilities, water, aviation, and critical manufacturing.

The average number of daily attacks globally, is about 65 million, with spikes in late January, February, and early April.

Source: Check Point Live Threat Map

Several options are available for businesses to holistically understand their cyber risk profile,” says Ladd Muzzy, Director, Enterprise Risk Management, Aon. “The approach includes understanding the triggers to a cyber event, the technology and asset impacted, and the outcomes (e.g., financial, reputation, compliance, etc.).”

By quantifying first- and third-party financial impacts and understanding the extent to which current risks are insurable and retained on the balance sheet, organizations can better manage their cyber risk profile, thereby improving the Total Cost of Risk (TCoR).

Businesses will also be able to develop effective risk financing and insurance solutions and provide clarity to management on the optimal investment in cyber risk mitigation and transfer, thereby protecting stakeholder value.

Steps to increase employee and vendor awareness around cyber threats and exposures

  • Use a strong password, either generated automatically by some operating systems or 12 to 15 characters in length, including special characters and symbols
  • Use dual-factor-authentication either through email, text, or a combination of both
  • Ensure that your anti-virus is current
  • Use a VPN (Virtual Private Network)
  • Only use trusted Wi-Fi sources

“The prevailing mindset is that it’s not just a case of if you are susceptible to a cyber-attack, but rather when the attack will occur,” Muzzy advises. “Ensure that there is an understanding of the causes to a cyber threat and its implications to ensure that your organization, and those critical to its success, are protected.”

Human Capital

The Russo-Ukraine conflict is taking a toll on employees. On top of unexpected challenges such as the two-year pandemic and economic uncertainty, the Ukraine crisis has added to the woes of employees. Many are directly impacted by the humanitarian crisis, experiencing migrations and lack of basic necessities in Ukraine. Others have become unemployed as companies including Starbucks and McDonald’s have halted operations in Russia.

  • 29% of the workforce is relocating to another country
  • 43% of the workforce is relocating within Ukraine
  • 40% remain in their home location

Source: Aon's March 2022 Ukraine Pulse Survey

Organizations are responding by providing:

  • Salary advances to employees
  • Paid temporary accommodation for employees and immediate families (housing allowance)
  • Assistance to relocate, transportation, and visa/tax
  • Security assistance
  • Relocation assistance to employees who have family in Ukraine, even though the employee may not physically reside there
  • Hardship allowance
  • Financial loan(s)

In addition to managing employee wellbeing in the face of geopolitical turmoil, businesses are grappling with the Great Resignation, Quiet Quitting, and other such phenomena. “Organizations are already facing difficulties in not only finding employees with the right skill sets but also to find individuals who are willing and able to work in positions that are in greatest demand,” explains Tony Adame, Business Continuity and Enterprise Risk Management, Aon. “There is also the risk that employees are being asked to perform in an unfamiliar capacity.”

Rising inflation is also affecting overarching costs to attract, retain, and develop capable employees worldwide. Pay rates have increased dramatically, in some instances by 50 percent for hourly workers. “In rare cases, some individuals are even getting offers from competing firms without an interview because their skill set is in high demand,” says Adame. Moreover, attrition remains high at many levels, albeit at less senior levels.


Attrition remains high at many levels, albeit at less senior levels.

Source: Gartner

All these factors are leading to an increase in the cost of talent globally. Some ways to overcome this challenge include:

  • Evaluate and adjust overall benefit packages and be creative in attracting talent. Examples include a car allowance and onsite day-care.
  • Offer or pivot to a remote working environment. Giving employees the right to work from home, or anywhere in the world for that matter, can be a lucrative benefit. This needs to be balanced with the increased likelihood of cyber risk, potential reduction in productivity, and the loss of community that typically comes with everyone working in an office.
  • Provide training to develop individuals. The curriculum may include job-specific skills but also those necessary to upskill the employee in support of succession planning initiatives.
  • Consider profit sharing or equity-based rewards. Developing a program that rewards individuals for achieving longer term goals can be a lever to pull. However, it is important to build in the management mechanisms such that employee actions are not exposing the organization to unacceptable risks such as product mis-selling, creating contracts without counsel, and taking activities with the sole intent of beefing up the top line.

Environmental, Social, Governance (ESG)

Although the impact of the conflict on ESG matters is still not clear (e.g., Russia exposure could become a factor in the future computation of ESG scores), it warrants consideration. This is especially true given the heightened interest in the subject by stakeholders, including very explicit expectations by regulators.

The US Securities and Exchange Commission’s (SEC) has proposed new ESG disclosure rules, while the EU is adopting the Corporate Sustainability Reporting Directive (CSRD). In Asia, Singapore Exchange’s (SGX) has launched a new ESG reporting portal for corporates.

Understanding how organizations are identifying and responding to ESG-related risks continue to be top of mind, and the conflict is only providing further impetus to this aim.”

Ladd Muzzy
Director, Enterprise Risk Management, Aon


For Environmental aspect of ESG, the most obvious concern relates to the potential delay in net zero commitments given the choke points in gas distribution and supply.

“Time will tell whether the climate commitments will halt the ongoing reduction in fossil fuels usage,” says Adame. “Organizations will need to evaluate whether and how their carbon footprint may be impacted. There may be opportunities to accelerate the adoption of other renewable sources of energy especially in light of strained gas and fossil fuels.”

WTI Crude

Source: CNBC WTI Crude

The conflict is also highlighting the Social aspect of ESG. In particular, the humanitarian crisis as millions of Ukrainians are being forced from their homes. While many organizations with operations or businesses in Ukraine have already taken steps to try and lessen the impact of this disruption (see Human Capital section above), employees, customers, and other stakeholders are closely watching organizations to see how they align with societal expectations and “doing the right thing”.

In fact, according to a 2020 report by LendingTree, 38 percent of Americans said they believe it is their responsibility to withhold their dollars from companies whose values or actions are not in alignment with their own. “This is putting heightened interest in organizational actions, not only in the conflict zone, but the public philosophies and actions across the value chain,” says Muzzy.

“These organizational decisions and actions are part of the maturing governance practices of ESG,” says Adame. “Topics such as ethics, sanction compliance, instability in manufacturing and distribution, and transparency of decision making are front and center — both in the broader media but also in other social media mediums.”

Organizations that have yet to establish ESG risk management processes can consider:

  • ESG risk identification through internal and external sources. Internal opinion can be captured through tested activities such as surveys, interviews, or workshops. Additionally, mining “data” from call centers, letters, and social media posts can prove to be insightful of future exposures. External inputs include outside counsel, consultants, performing sentiment analysis, vendors and suppliers, customers, and advocacy groups offer insights that may be good complements to internal data to remove inherent biases typically fraught with risk identification.
  • Assessment and prioritization. Develop measures and variables that can be used to evaluate ESG-related exposures. This would include the potential for assessing risk against each of the ESG categories. In particular, the process used for risk assessment should become a part of Governance activities. Once the measures for risk assessment have been created, a discussion should take place to understand the assessment criterion and the conclusions from this exercise (see the diagram below as one (uncomplicated) way to perform this evaluation). The outcomes of these activities help determine which risks to address in the near, medium, and long term.

  • Actions and responses. Extrapolate the event and its implications on the business, operations, and the organization as a whole. Depending on the criticality of the risk and its effects on organizational strategies, objectives and its mission, a determination of the capital, resources, and time available to effectively address the risk should be considered. This would include the creation of additional or more robust controls, management activities and risk financing solutions. For example, Aon is pioneering the concept of a green captive to specifically address ESG risks.
  • Monitoring and reporting. Develop the metrics and measures to monitor identified risks and how they may change over time. Identify stakeholders who should receive risk management training and risk-taking activities to understand how the ESG and risk profile is changing.
  • Sustain. Ensure that the governance of ESG risks has the same internal oversight from appropriate committees, audit, leadership, and the board. Align ESG risk taking in tandem with other business and operational goals to ensure that the topic receives the appropriate attention in strategy setting and the budgeting process.

Navigate volatility with better-informed decisions

With no end-date yet in sight for the Russo-Ukraine conflict, organizations must buckle down, mobilizing resources to constantly evaluate the implications of the long-standing conflict. “Cross-functional teams should be put in place to proactively assess risks, swiftly identify potential business impact, and recommend the most ideal action based on sound analysis such as that of scenarios through a framework,” Adame advises.

The team should report its analysis, findings, and recommendations to a risk, audit and/or executive committee to ensure that capital, resources, and requisite time is properly allocated to the most salient concerns.

“Any issues can be dealt with swiftly, efficiently, and effectively to minimize unwanted financial, regulatory, or reputation exposure. This will provide the confidence to stakeholders that, should an event occur, the organization will act on its feet and stay sharp on its strategies.”

Tony Adame
Business Continuity and Enterprise Risk Management, Aon


For more information about how we work with C-suite and risk managers on managing organizations’ risk profiles that are in constant flux, please contact the authors or write to [email protected] or [email protected].

General Disclaimer
The information contained herein and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

Terms of Use
The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.