Previously: We looked at fragmented trade and regulatory divergence.
The Munich Security Conference’s 2025 Report argues that multipolarization does not only reshape diplomacy and trade; it also transforms the security environment. For businesses, the shift is profound. Security is no longer the domain of states alone. It has become a contested space where cyber operations, disinformation, critical infrastructure sabotage, and grey-zone coercion affect companies directly.
Executives can no longer assume that security risks are contained to battlefields or foreign ministries. In a multipolar world, businesses themselves are targets, conduits, and in some cases unwilling participants in geopolitical conflict.
The New Security Landscape
For much of the post-Cold War era, corporate security meant physical protection, compliance with export controls, and occasional concern about terrorism. Today’s environment is more complex. The report highlights the rise of hybrid threats – operations that blur the line between war and peace, state and non-state, military and civilian.
Cyber intrusions, supply chain sabotage, ransomware, and coordinated disinformation campaigns are increasingly common. They are often unattributed, operating in the grey zone where traditional rules of deterrence do not apply. In this environment, businesses face risks that are harder to detect, harder to attribute, and harder to insure.
Cybersecurity as Geopolitical Fault Line
Multipolar rivalry intensifies cyber threats. States sponsor or tolerate hacking groups that target companies in rival jurisdictions. Intellectual property theft, disruption of operations, and ransom demands are no longer isolated criminal activity; they are often entangled with geopolitical agendas.
For sectors such as energy, finance, logistics, and health, the risk is acute. Critical infrastructure is seen as a legitimate target in hybrid competition. Attacks may be designed not only for financial gain but to undermine confidence in an entire system. A successful attack on a European port, for example, would ripple through global supply chains, serving strategic aims as well as economic disruption.
Disinformation and Reputation as Security Risks
The report also highlights the role of information warfare. In a fragmented order, narratives are weaponised. Businesses can find themselves accused of complicity in environmental damage, corruption, or political bias – not always through organic activism but via orchestrated campaigns designed to undermine their legitimacy.
This poses dual risks. First, reputation: loss of trust among consumers, investors, and partners. Second, regulation: governments under pressure from disinformation campaigns may impose sanctions, revoke licences, or tighten scrutiny. Companies must treat disinformation as a security risk, not just a communications challenge.
The Vulnerability of Critical Supply Chains
Multipolarization has made supply chains a battleground. States exploit chokepoints – whether in rare earth minerals, semiconductors, or energy flows – as instruments of coercion. Criminal networks and proxy actors also target supply chains for smuggling, sabotage, or political leverage.
For business, this means security is not confined to the factory gate. Vulnerabilities exist across the value chain, from mines in Africa to data centres in Asia to logistics hubs in Europe. Mapping and securing these dependencies is becoming as essential as financial risk management.
Private Sector as Frontline Actor
One of the report’s implicit messages is that businesses are no longer bystanders. In cyber defence, disinformation resilience, and infrastructure protection, the private sector often sits on the frontline. Technology companies, for instance, are gatekeepers of information flows. Energy firms manage assets that are strategic for states. Logistics and finance firms provide the connective tissue of globalisation.
This blurring of roles has two implications:
- Responsibility: Companies are expected to contribute to resilience, not just for themselves but for society.
- Exposure: As frontline actors, they are more likely to be targeted by adversaries seeking to pressure governments indirectly.
What Business Leaders Must Do
Adapting to this security environment requires a new mindset. Security can no longer be siloed within corporate security departments. It must be integrated into governance, strategy, and risk management at the highest levels.
- Cyber Resilience as Core Strategy: Boards must treat cybersecurity not as an IT issue but as a business continuity priority. Investment in detection, response, and recovery capabilities is essential.
- Information Integrity: Companies should monitor disinformation threats, build rapid response capacity, and cultivate trusted relationships with stakeholders who can validate their narratives.
- Supply Chain Defence: Firms must map dependencies, identify chokepoints, and develop contingency plans for disruptions – whether caused by natural disaster, state action, or hybrid attacks.
- Public-Private Partnerships: Businesses should engage with governments and international organisations on security cooperation. Sharing intelligence, aligning standards, and contributing to resilience frameworks are no longer optional.
The Risk of Inaction
Failing to adapt leaves firms exposed to cascading risks. A cyberattack that shuts down operations can destroy shareholder value. A disinformation campaign that undermines trust can erase years of brand-building. A supply chain disruption can stall production and breach contractual obligations.
In each case, the reputational and legal consequences may extend beyond immediate losses. Regulators, investors, and courts are increasingly willing to hold boards accountable for failures of foresight.
Security as a Board-Level Imperative
Multipolarization has dissolved the boundaries between state security and corporate security. Businesses are not spectators; they are participants, willingly or not, in the struggles that define the global order.
For executives, the lesson is clear: treat security as a board-level imperative. Cyber resilience, information integrity, and supply chain defence are as fundamental to competitiveness as capital structure or market strategy.
In a world where power is fragmented and interdependence is weaponised, companies that invest in security will not only survive disruption but may gain advantage from it. Resilience against hybrid threats is no longer defensive – it is a source of trust, stability, and leadership in the multipolar era.
Next: We explore how companies must embrace corporate diplomacy and broaden stakeholder engagement in a multipolar landscape.
