Global Supply Chains Brace for Russian-Ukrainian Conflict – Four Major Risks

As tens of thousands of Russian troops continue to mass along the Ukrainian border and diplomatic talks between the United States and Russia have yet to bear fruit, the threat of a Russian invasion into the next few weeks seems to be growth.

A Russian invasion of Ukraine has the potential to cause significant and debilitating disruptions to global supply chains, leading to increased input costs and an increased threat of cyberattacks (see below).

Today, thousands of American and European companies do business with suppliers in Russia and Ukraine, which could be at risk during a prolonged military conflict. Global Relationship Data Analysis Interos platform reveals the main results:

– More than 1,100 companies based in the United States and 1,300 European companies have at least one direct supplier (level 1) in Russia.

-More than 400 companies in the United States and Europe have Tier 1 suppliers in Ukraine.

– Computer software and services account for about 12% of supplier relationships between US and Russian-Ukrainian companies, compared to 9% for trading and distribution services and 6% for oil and gas. Steel and metal products are other common items purchased in both countries.

While the proportion of US and European supply chains that include Russian or Ukrainian Tier 1 suppliers is relatively low, at around 0.75%, this figure increases significantly when indirect relationships with Tier 2 and Tier 2 suppliers 3 are included.

-Over 5,000 companies in the US and Europe have Russian or Ukrainian suppliers at Tier 3 (representing 2.76% and 2.37% of their respective supply chains).

-More than 1,000 companies in the United States and Europe have Tier 2 suppliers based in Ukraine, of which approximately 1,200 depend on Tier 3 suppliers.

Supply chain and information security leaders in US and European organizations should review their reliance on Russian and Ukrainian vendors at multiple levels as a key first step in their efforts to assess the risk exposure in the region and ensure operational resilience.

Four major risks for global supply chains

In the event of a Russian invasion of Ukraine, there are four main areas where global supply chains could be negatively affected:

1. Commodity prices and supply availability

2. Company-level export controls and sanctions

3. Collateral damage to cybersecurity

4. Wider geopolitical instability

1. Rising commodity prices. Energy, commodities and agriculture markets are all facing uncertainty as tensions escalate. Russia provides more than a third European Union (EU) natural gas supply and threats to that supply could drive up prices at a time when businesses and consumers are already facing higher energy bills. Natural gas supply pressures peak volatility in other energy markets as well. By a estimate, an invasion could push oil prices up to $150 a barrel, cut global GDP growth by almost 1% and double inflation. Even lower estimates of $100 per barrel lead to soaring input costs and consumer prices.

Food inflation is another risk, with Ukraine poised to become the world’s third largest corn exporter and Russia the world’s largest wheat exporter. Ukraine is also a leading exporter of barley and rye. Rising food prices would only be exacerbated by additional price shocks, especially if Ukraine’s main agricultural areas are seized by Russian loyalists.

Metals markets can also Continue be in a hurry. Russia controls around 10% of the world’s copper reserves and is also a major producer of nickel and platinum. Nickel is trading at a 11 year old topand further increases in aluminum prices are likely in the event of a supply disruption caused by the conflict.

2. Company-level export controls and sanctions. Pressures on commodity prices could be exacerbated by targeted controls on US and European exports. The use of such controls to restrict certain companies or certain products in supply chains has skyrockets during the last years. While many were targeting Chinese companies, a growing number of Russian companies have been assigned to export controls for “acting contrary to the national security or foreign policy interests of the United States”.

Among the top Russian companies already on a list of US restrictions are Rosneft and subsidiaries and Gazprom. The extension of export controls and sanctions to Gazprom subsidiaries, other energy producers and major mining and steel companies could further impact supply availability and input costs. Predictably, American businesses and business groups are urging the government to be careful in how it applies the new rules.

US and EU export controls would also likely target the Russian financial sector – including state-owned banks – in the event of an invasion, and could also act as a deterrent tactic. US officials noted that any sanctions would be aiming to the Russian financial sector for “a rapid and high-impact response”.

3. Collateral damage to cybersecurity. Entities related to malicious cyber activity could also face other repercussions from the United States and its partners. Ukraine is certainly no stranger to Russian cyberaggression. Russia has disrupted Ukraine’s electricity grid twice, the first in December 2015 leaving hundreds of thousands of Ukrainians out in the cold, then again next year. But destructive attacks on the country’s infrastructure could also cause significant collateral damage in global supply chains.

In 2017, the NotPetya attack on Ukrainian tax filing software spread across the world within hours, disrupting ports, shutting down manufacturing plants and hampering the work of government agencies. The Federal Reserve Bank of New York estimated that the victims of the attack, including companies such as Maersk, Merck and FedEx, lost a total of $7.3 billion.

This figure might pale in comparison to the global supply chain impact of a Russian-Ukrainian military conflict, which would inevitably include a cyber element. Whether Russia would target its cyber warfare playbook at US or European targets in retaliation for any support for Ukraine remains hotly debated. But the Cybersecurity Infrastructure and Security Agency (CISA) has been urging U.S. organizations must prepare for possible Russian cyberattacks, including data erasure malwareillustrating how the private sector risks becoming collateral damage of geopolitical hostilities.

4. Geopolitical instability. Just as cyber warfare is unlikely to stay within Ukraine’s borders, the destabilizing effect of a Russian invasion could have wider geopolitical ramifications. In Europe, a refugee crisis could emerge, with three to five million refugees seeking safety from the conflict. In Africa and Asia, rising food prices could fuel popular uprisings. Of the 14 countries that matter over 10% of their wheat imports to Ukraine, the majority are already facing food insecurity and political instability.

China is look closely to see how the world reacts if Russia invades Ukraine. The superpower has its own aspirations to seize territory and expand its sphere of influence. Taiwan’s defense minister remarked that tensions over Taiwan were the worst in 40 years. A Russian invasion could further embolden China to enlist military tactics against Taiwan — something that, along with its far-reaching geopolitical implications, would have a significant impact on electronics and other global supply chains.

***

Although many of these risks do not materialize and represent a worst-case scenario, leaders should consider now the potential impact of a Russian-Ukrainian military conflict on their operations in the coming months. These same leaders must ensure that appropriate contingency plans are in place for their most critical supply chains and riskiest suppliers in the region.

Risk mitigation strategies include:

-evaluate the required levels of inventory and manpower in the short and medium term;

-discuss business continuity plans with key suppliers; and

– prepare to switch to alternative sources or qualify for essential products and services.

With proper analysis, planning and execution, it is possible to mitigate significant risks and ensure operational resilience.