Interview: Cvete Koneska, International SOS
Cvete Koneska, Global Security Director, Information and Analysis, at International SOS, talks to Michelle Royle about geopolitical fragmentation, climate hazards, and technology risks
The International SOS Risk Outlook 2026 highlights that volatility is now ‘the operating environment’ rather than the exception – how should security leaders fundamentally rethink their strategies in this new normal?
Volatility is no longer episodic, and our Risk Outlook report sets out how organisations are operating in a permanently disrupted environment where risks intersect, interact, and escalate faster than traditional planning cycles can absorb.
This requires an ever-more agile and flexible risk posture and response. Security leaders need to move beyond linear planning, and adopt continuous, intelligence-led decision-making models so that preparedness becomes a strategic enabler of business continuity and competitive advantage.
In practice, this means three things. First, organisations must invest in comprehensive situational awareness, integrating geopolitical, security, health, and operational intelligence into a single view. Second, they must better manage the delicate balance between speed of response and completeness of information. And third, they must embed flexibility into operating models, allowing rapid reconfiguration of supply chains, workforce deployment, and travel policies.
The Middle East conflict illustrates this shift clearly. Airspace closures, maritime disruptions in the Strait of Hormuz, and rapidly evolving ceasefire dynamics all occurred simultaneously and with little warning. Organisations that were able to respond most effectively were those with pre-established contingency pathways, such as a range of potential evacuation routes (air, road, maritime) and decentralised decision-making structures.
Ultimately, security leadership in this environment is less about predicting specific events and more about building systems that can absorb and adapt to constant disruption.
With geopolitical tensions identified as the top driver of uncertainty, how can organisations better anticipate and prepare for rapid escalation across multiple regions simultaneously?
Geopolitical risk is increasingly cross-regional and interconnected, and we are seeing a rise in geopolitical fragmentation, with geopolitical rivalries driving escalations concurrently across regions.
To prepare for this, organisations need to shift from region-specific risk planning to portfolio-level risk management. This involves understanding not just individual hotspots, but how disruptions in one region cascade into others – through supply chains, energy markets, or regulatory responses.
Organisations must invest in comprehensive situational awareness, integrating geopolitical, security, health, and operational intelligence into a single view
A critical capability here is scenario-based planning at scale. Rather than planning for a single crisis, organisations should model concurrent disruptions, as a security crisis in one region could be combined with cyberattacks and political unrest elsewhere. The war in Iran is an example of how even a geographically contained conflict generates global business impacts, including energy price volatility and supply chain disruptions.
Early warning intelligence is equally important. This includes forecasting and monitoring not just hard indicators like troop movements or sanctions, but softer signals such as political rhetoric, alliance dynamics, and economic stressors.
Proportionate communication is also key for employers. Headline-driven fear can spread fast, so providing employees with accurate context helps to prevent misinformation from filling gaps.
And finally, organisations need pre-approved response playbooks that can be activated across regions simultaneously – covering evacuation, business continuity, communications, and stakeholder engagement. The ability to act in parallel, rather than sequentially, is now essential.
The report emphasises the convergence of risks – cyber, geopolitical, climate, and social. What does effective integrated risk management look like in practice for global organisations today?
Integrated risk management is about recognising that risks no longer occur in isolation, and that interrelated risks often amplify each other. We advise our clients to anticipate a convergence of pressures from geopolitical fragmentation to climate hazards and misinformation.
This means breaking down traditional silos between leadership, security, IT, HR, and operations, as effective organisations operate through unified risk functions that combine expertise across domains.
The defining characteristics of integrated risk management today include obtaining a common operation picture, coordinating a crisis response team that involves representatives from across the business, and prioritising employees’ physical and mental safety.
Having a common operation picture means all risk data – including cyber threats, physical incidents, health alerts, geopolitical developments – are aggregated into a single platform, enabling leaders to see interdependencies and prioritise responses.
Crisis response teams should also include representatives from across security, cyber, legal, communications, and business operations. The Iran war presents an example of why this is critical, as aviation disruptions, maritime risks, and infrastructure impacts requires a coordinated response across multiple functions, not just security teams.
Prioritising workforce wellbeing and employees’ mental health continues to grow in importance. Integrated risk management needs to not only consider operational continuity, but also employee safety and how stress and decision fatigue plays a significant role.
Integrated risk management is ultimately about decision coherence and ensuring that responses in one domain (e.g. cyber) do not create vulnerabilities in another, such as physical security or employee safety.
Given that 57% of organisations say risks are emerging faster than they can manage them, what capabilities or structures are most critical to close this preparedness gap?
Closing the preparedness gap requires both capability upgrades and structural change.
First and foremost, organisations need enhanced intelligence capabilities. This includes early warning and predictive analysis, artificial intelligence (AI)-enabled monitoring, and access to expert analysis. AI can act as a ‘force multiplier’ for real time risk detection, especially when combined with human expertise and contextualisation.
Organisations also need decentralised decision-making structures. In fast-moving crises, centralised approval processes can create delays, so empowering regional teams with clear authority and thresholds for action is critical.
We also advise organisations to invest in operational readiness. This includes regular crisis simulations, stress-testing of evacuation plans, and rehearsals of multi-risk scenarios. As an example, our recent evacuation operations across the Middle East involved both coordinated ground movements and air evacuations in order to quickly adapt to the escalations and safely mobilise thousands of people. This level of operational readiness and adaptability can only be achieved by regularly pre-testing logistics and building strategic partnerships.
So, preparedness is not just a function, but rather an organisational mindset that needs to be instilled. Leaders must prioritise readiness, allocate resources accordingly, and embed risk awareness into everyday decision-making.
Cybercrime continues to rank among the top global risks – how should security teams balance traditional physical security priorities with rapidly evolving cyber threats?
Cyber and physical risks are intertwined. Cyberattacks can disrupt physical infrastructure, while geopolitical crises can trigger both physical threats and coordinated disinformation campaigns.
Security teams must therefore adopt a converged security model, where cyber and physical security functions operate in close alignment. This includes shared intelligence, joint risk assessments, and coordinated response protocols.
By combining real-time data feeds with expert analysis, organisations can identify risks before they fully materialise
From a cybersecurity perspective, organisations must also address the challenge of mis/disinformation. In our Risk Outlook report, we highlight the growing challenge of misinformation and the erosion of trust, referred to as the ‘truth gap’. In crisis situations, false narratives can spread rapidly, influencing employee behaviour, reputational risk, and even operational decisions. So, security teams need capabilities to detect, assess, and counter information threats, working closely with communications and legal teams.
At the same time, physical security priorities remain critical – particularly in volatile environments where evacuation, travel risk management, and asset protection are immediate concerns.
The most effective organisations are those that treat cyber and physical security as two sides of the same risk landscape, rather than competing priorities.
The shrinking decision-making window is a key theme in the report – how can organisations improve decision speed without compromising on accuracy or governance?
Speed and accuracy are often seen as competing priorities, but they can be aligned. Organisations can extend the decision-making window by focusing on three areas: anticipatory intelligence, streamlined decision-making processes, and iterative decision-making.
Forward-looking, anticipatory intelligence is critical. By combining real-time data feeds with expert analysis, organisations can identify risks before they fully materialise, shifting from reactive to proactive decision-making and effectively buying valuable time.
Streamlining the decision-making process is equally important. Pre-defined thresholds and triggers, such as criteria for evacuations or travel restrictions, remove ambiguity and enable immediate action when conditions are met. This must be supported by adaptive governance, with clear accountability and escalation pathways, combined with flexibility in how decisions are implemented.
Embracing iterative decision-making ensures organisations can maintain accuracy in fast-moving situations. Decisions should be continuously revisited and refined as new information emerges, rather than treated as final.
In today’s environment, perfect information is rarely available. The objective is not certainty, but informed and timely action.
Looking ahead, what are the ‘weak signals’ or emerging threats that security leaders may still be underestimating as they plan for 2026 and beyond?
Several weak signals stand out.
Technology, and specifically AI, is a driver of risk. It is essential to monitor and stay abreast of the latest technological developments and innovation in application of emerging technologies. Technology has fundamentally changed the security landscape over the past decade and these changes will only accelerate its impact. Whether this is through the use of ever-more sophisticated AI models and tools to wage war, or by piloting quantum computing communications in handling large digital flows, organisations need to become fluent in technological developments to avoid missing the early warnings to their business.
While digital risks are not new, the vulnerability of digital supply chains is a signal worth tracking over the coming years. With many organisations unable to fully map or monitor their extended digital supply chains, they are taking on risk that is difficult to quantify – and therefore mitigate. As governments move to increasingly regulate digital supply chains and software provenance, this is a key signal to track and prepare.
Beyond technology, we advise companies to monitor long-term social, political, and security trends to detect emerging threats relevant to their sector, geography, and organisation. From changing societal attitudes towards businesses and their role in society to the decline of international norms that underpinned the globalisation of business in the past three decades, and the generational and demographic trends that shape consumption, voting, and lifestyle preferences, the risk landscape is always changing. The challenge for organisations is to remain alert and continue to question their assumptions about the threat environment.
Leaders may underestimate the speed at which these weak signals can converge into major disruptions. The defining feature of the current risk landscape is not just complexity, but acceleration.
In summary, our analysis points to a world where resilience is defined by adaptability, integration, and speed. Organisations that invest in these capabilities will not only manage risk more effectively, but they will also gain a decisive strategic advantage.
Cvete Koneska, Global Security Director, Information and Analysis, International SOS
Cvete leads the organisation’s global team of security analysts. Under her leadership, the team delivers timely, actionable, and strategic insights to support clients operating in complex and high-risk environments around the world. With a distinguished career in the risk and intelligence sector, Cvete has built and managed high-performing analyst teams, helping multinational organisations navigate geopolitical uncertainty and operational challenges. Her work is grounded in rigorous analysis and a deep understanding of global security dynamics.
July 2026
Issue
Welcome to your July issue! This month we look at how artificial intelligence solutions are changing the way in which travel risk information is gathered and communicated, plus we ask whether providers should do more to educate their customers, ensuring they understand the products they are buying and using them appropriately.
Michelle Royle
Michelle is Editor of ITIJ.