EUROPEAN BUSINESSES: How vulnerable are we?

EUROPEAN BUSINESSES: How vulnerable are we?

EUROPEAN BUSINESSES: How vulnerable are we?

This connecting the dots episode aims to briefly highlight the increasing number of security incidents that Western EU nations’ infrastructure is experiencing. Admittedly, incidents of varying magnitudes occur throughout wider Europe and, indeed, the world. However, this analysis will focus on significant incidents experienced in Western EU nations since April 2022, given the considerable number of incidents recorded in the region and the extraordinary attacks on the Nord Stream pipeline in September 2022, which commanded extra attention to be paid to critical energy infrastructure by stakeholders.

There appears to be a concerted effort to disrupt critical European infrastructure, not only with technologically advanced cyber-attacks but a combination of more traditional sabotage and espionage attacks.

Despite not knowing who the perpetrators of many attacks are, many have suspicions. Nevertheless, critical European infrastructure vulnerabilities have been thrust to the fore and have forced nations to ask themselves, ‘How vulnerable are we?’.


Current geo-political muscle flexing by state actors (e.g. countries, and or power block) express themselves in a wide range of effect-based initiatives of which full force military confrontation is only one of the tools in the toolbox. A combination of overtly and covertly subversive activities will result in imploding effects on western core values and institutions like democratic orders, freedom of speech, essential services availability like gas, water, electricity, and social cohesion within countries. This so called Hybrid Warfare has long and short term effects and approaches. One of main effects is to confuse defence and security by incidents that seem to stand alone, however, they are part of a larger plan that aims to destabilise the Western countries.

This list is not exhaustive, but it does convey the chronology and geographical collection of nations affected by attacks on Western European critical infrastructure.


If national critical energy or communications infrastructure was to be disrupted, a plethora of consequences could be realised, including:

Increased deaths among the vulnerable. If energy infrastructure were to be targeted amid severe climate phenomena, such as extreme draughts, heatwaves or intense winters, vulnerable individuals would likely die, with much more likely to suffer. Similarly, if communication nodes were disrupted, this demographic would become increasingly vulnerable, seeing their situation deteriorate in prolonged periods of service outage.

Large-scale economic damage. As most businesses increasingly operate in various countries all over the world, at the same time, internet connectivity and power supply has never been so critical to business operations. Significant disruption would not only realise great economic damage to MNCs but would likely imperil the existence of many smaller businesses as they would feel the downturn more acutely on their bottom line.

Increased national security vulnerability. If significant disruption to critical energy or communication infrastructure happened, nations would become increasingly vulnerable as the ability to communicate emergencies to populations via national emergency broadcasts would be impeded, as would the ability for military personnel to be recalled from leave.

Business decreased profitability. The longer your assets are non-operational, the harder it hits your profitability. Damage to assets, the duration of assets being non-operational, repair costs and the increased protection that one must implement will all combine into a significant sum. If you are not fortunate enough to benefit from having substantial amounts of readily available capital, it is advised to exercise the mantra, prevention is better than cure. Next to this developing additional redundant capacity to ensure busniness continuity will drive costs and stimulate inflation that can lead to social dissatisfaction

Reputational damage. The longer your services are offline, the greater the chance potential customers will look elsewhere. If your company becomes associated with poor risk and security measures, the likelihood of recapturing your lost customers or gaining new ones will fall dramatically. Other service providers likely enjoy a better reputation due to practising quality risk and security measures that effectively mitigate risk and convey that their method of working is robust and able to withstand emergencies.


Most likely

Short-term – significant disruption to state or state-associated entities will continue to be experienced, especially those operating in the critical energy infrastructure sector.

Medium to long term – As long as the war in Ukraine continues, and EU and NATO members continue their support of Ukraine against Russian aggression, it is almost certain that the targeting of Ukraine’s allies will persist. Moreover, nations that seek to further the capabilities of Ukraine or state sectors that directly aid the Ukrainian state will have a heightened likelihood of being targeted.


Most dangerous

A critical node of a domestic or international network is technically disrupted or physically destroyed, resulting in disastrous consequences for critical energy infrastructures for one or more nations. If nuclear power plants’ infrastructure was to be sabotaged or disrupted in any way, the consequences could be catastrophic.

Similarly, the disruption of a critical node of national security communication systems could have extremely dangerous consequences, notably not being able to mobilise critical stakeholders/decision-makers in the military/private sectors who are out-of-office when an emergency incident occurs or alert civilian populations via national alert systems of an emergency as communication network infrastructure has been targeted.


As the conflict in Ukraine correlates with an increase in critical infrastructure being targeted in Western European nations, and there being no immediate end of hostilities in sight, it is essential for businesses that are involved in critically important sectors to act immediately in order to safeguard their business continuity, company reputation, and ultimately the unhindered operation of the nation to which they provide service.

To mitigate the types of incidents that are becoming increasingly common across Western Europe, it is necessary for business leaders to actively explore some of the ways in which they can ensure business continuity and national security. This can be done by implementing one or a combination of the following:

  • Streamline communication between or centralise the decision-making capacity of involved entities under one or as few authorities as possible to avoid delays in decision-making processes. In doing so, businesses will reduce incident response and repair times, effectively circumvent multiple organisations’ bureaucracies, and, resultantly, ensure the protection of critical assets.
  • Clearly define the areas of responsibility between stakeholders of critical infrastructure in order to effectively react and repair any damage caused in the event of an emergency. As seen with the location of the Nordstream attack, events occurring on the limits of Exclusive Economic Zones will impede response times as the involved will conflict over whose area of responsibility it is and, therefore, whose assets should be deployed in reaction.
  • Conduct comprehensive risk and site assessments of critical infrastructure assets to identify vulnerabilities and enable the quick address of these vulnerabilities with specialist assistance.
  • Instruct risk and security professionals to conduct initial threat mapping and constant, all-source monitoring of specified threat landscapes in order to receive timely and actionable intelligence-based recommendations so as to mitigate potential threat actors.
  • Collaborate with risk and security specialists to create tailored ERP (Emergency Response Plans) for your business.

Proximities can help you gain these key insights and turn them into tangible material. Using our ‘What?’, ‘So What?’, ‘What if?’ and ‘What Now?’ narratives, we help partners and clients not only understand the importance of trends and events but, more specifically, to understand what it means for you and your business from strategic to operational consequences. Curious and interested to see how we could help you? Don’t hesitate to contact us; we will gladly support you.

Security Risk Assessment

Understanding your company’s threat exposure is the key to successful business operations.

Integrity Due Diligence

Enhancing your ventures and future business endeavours by making them ‘frontpage proof’.

Fraud Investigations

Fraud is the bane of business.