Hello 👋 get a brew on because these are the top emerging risks between April 22nd, and May 6th, 2026…

Review our report’s terminology here ↗

Our main risk this fortnight is…

1. Technological: AI Blame Game Masks Human Negligence

• An AI chatbot built on Anthropic’s Claude model deleted an entire company database after being given overly broad instructions, wiping out critical business data for a small firm and raising urgent questions about how organisations govern autonomous AI tool use. The incident, reported by The Guardian, has sparked a wave of media coverage framing the AI itself as the culprit, but the deeper lesson is about human oversight failures at every stage of the chain.

• The root cause of this incident is not a rogue AI but a series of human decisions: someone chose to connect an AI tool directly to a live production database, someone failed to implement adequate safeguards or backup protocols, and someone issued instructions without sufficient specificity or constraint. At each of these junctures, a human being either actively decided or passively neglected to enforce basic data protection and operational controls.

• This pattern mirrors virtually every major cyber incident in history. From the 2017 Equifax breach to the 2020 SolarWinds attack, post-incident analysis consistently reveals that human error, negligence, or poor governance was the enabling condition. AI tools like Claude are powerful but fundamentally lack judgment about organisational context, data criticality, or irreversibility of actions. That judgment must come from the humans who deploy them.

• The trend of employees bypassing corporate AI policies is already well documented in banking sectors across Southeast Asia. In Malaysia, Thailand, and Vietnam, bank workers have been found using large language models on personal laptops to process sensitive financial data, circumventing their employers’ formal AI usage restrictions. These shadow AI practices expose institutions to data leakage, regulatory breach, and reputational damage, and they are driven by the same root cause: insufficient human governance, training, and enforcement.

• As organisations accelerate AI adoption, the gap between the speed of deployment and the maturity of internal governance frameworks is widening. Until resilience thinking, AI literacy, and clear accountability structures catch up, incidents like this will multiply. The technology is not the threat. The threat is the assumption that powerful tools can be deployed without proportionately powerful oversight.

Sources

• Claude AI deletes firm’s database in incident that has shaken AI community | The Guardian | April 2026

• When AI Goes Wrong: The Human Factors Behind Autonomous System Failures | MIT Technology Review | March 2026

• Shadow AI: How Employees Are Bypassing Corporate AI Policies | Harvard Business Review | February 2026

• Southeast Asian Banks Grapple with Unauthorised AI Use by Staff | Nikkei Asia | January 2026

• The Real Cybersecurity Threat Is Human Error, Not Technology | World Economic Forum | December 2025

• AI Governance Gap: Why Organisations Are Deploying Faster Than They Can Govern | Deloitte Insights | March 2026

You should be concerned if…

• Small and medium-sized businesses adopting AI tools without dedicated IT governance: This incident is a direct warning. SMEs often lack the internal expertise or resources to implement proper sandboxing, backup systems, and access controls when integrating AI into workflows. The temptation to connect powerful AI tools directly to critical systems without adequate safeguards is highest where technical staffing is thinnest, and the consequences of a single error can be existential for a small firm.

• Financial institutions and regulated industries in Southeast Asia and globally: The documented pattern of bank employees in Malaysia, Thailand, and Vietnam using personal devices and unsanctioned LLMs to process sensitive data represents an active, ongoing regulatory and data security risk. If your organisation has not audited how staff are actually using AI tools, as opposed to how policy says they should, you are likely already exposed.

• Chief Information Security Officers and IT leadership across all sectors: Every AI tool connected to internal systems represents a new attack surface and a new vector for accidental data destruction. If your AI governance framework was written before 2025, it is almost certainly inadequate for the current generation of autonomous agent-capable models that can execute multi-step actions on live systems.

• Boards of directors and senior executives with fiduciary responsibility: Liability for AI-caused damage does not rest with the AI vendor. It rests with the organisation that deployed the tool and the decision-makers who approved or failed to govern its use. Courts and regulators will increasingly look to board-level accountability when AI tools cause material harm.

• Employees using AI tools in their daily work: Individual workers are often the last line of defence. If you are issuing instructions to an AI tool that has access to sensitive or irreplaceable data, the responsibility for understanding what that tool can do, and what it might do if your instructions are ambiguous, falls partly on you. The excuse that “the AI did it” will not protect careers or organisations.

These items are generic assumptions. We recommend considering your own unique risk landscape against your critical dependencies. If you don’t know what they are, get in touch.

Preventative actions

Never connect AI tools directly to production databases or critical systems without sandboxing

• Establish a mandatory architecture rule: AI tools must operate in isolated environments with read-only access to production data by default. Any write or delete capability must require explicit human authorisation through a separate approval workflow, not a natural language prompt. Backup and rollback procedures should be tested regularly and must be in place before any AI integration goes live.

Conduct an immediate shadow AI audit across your organisation

• Survey and technically audit how employees are actually using AI tools, including on personal devices, through browser-based interfaces, and via third-party plugins. The gap between official policy and actual practice is where risk lives. Implement monitoring tools that can detect when sensitive data is being uploaded to external AI services, and pair enforcement with education rather than relying solely on prohibition.

Build AI literacy programmes that emphasise human accountability, not AI fear

• Training should focus not on demonising AI but on building genuine understanding of how these tools work, where they fail, and what safeguards are non-negotiable. Every employee who interacts with an AI system should understand the concept of irreversibility, the importance of specificity in instructions, and their personal accountability for outcomes. Frame AI as a power tool: immensely useful, but dangerous without training and respect.

Establish clear escalation and incident response protocols for AI-related failures

• Organisations should have a documented playbook for what to do when an AI tool causes unintended harm, including data destruction, data leakage, or erroneous outputs that affect customers or operations. This playbook should include immediate containment steps, communication templates, regulatory notification timelines, and a post-incident review process that feeds back into governance improvements.

Embed AI governance into existing risk management and compliance frameworks

• AI oversight should not be a standalone initiative. It should be integrated into enterprise risk management, internal audit cycles, and compliance programmes. Assign clear ownership at the executive level, include AI risk in board reporting, and ensure that governance evolves at the same pace as the technology being deployed. What was adequate governance six months ago is likely insufficient today.

2. Geopolitical: Pacific Drug Superhighway Threatens Regional Stability

• Fiji has transformed from a low-crime tourist destination into a critical transit hub on what law enforcement and analysts now call the Pacific “drug superhighway,” a network of maritime routes linking Latin American cocaine and methamphetamine producers, principally Mexico’s Sinaloa cartel and Ecuadorian trafficking networks, to the lucrative consumer markets of Australia and New Zealand. Multi-tonne seizures in Fijian waters and on Fijian soil have escalated from kilograms in the late 2010s to 4.8 tonnes of methamphetamine in January 2024 and 2.64 tonnes of cocaine in January 2026, representing a structural shift in transnational organised crime that is overwhelming Pacific Island law enforcement capacity.

• The crisis extends far beyond drug trafficking. Fiji is now experiencing cascading social consequences including what UNAIDS data describes as one of the fastest-growing HIV epidemics in the world, with new diagnoses rising from 147 in 2020 to over 1,500 in 2024, driven substantially by intravenous drug use. Between January 2024 and August 2025, Fiji Police recorded over 3,000 drug-related arrests, the majority involving offenders aged 18 to 35, signalling a generational public health and social stability crisis.

• State corruption is a defining feature of this crisis, not a side effect. Twenty-seven Fiji police officers were charged in 33 drug-related cases between January 2023 and October 2025. The country’s Counter Narcotics Bureau was effectively dissolved in September 2025 after officers from the unit itself were arrested for drug offences. Former Prime Minister Frank Bainimarama and former Police Commissioner Sitiveni Qiliho have been convicted of obstruction of justice, with allegations that a joint military-police drug raid near Nadi was actively stopped under Qiliho’s authority.

• Australian and New Zealand organised crime networks, including the Comancheros, Alameddine network, and KVT gang, are exploiting Pacific Island states as operational bases, recruitment grounds, and transit points. Australia’s “Section 501” deportation policy, which returns convicted criminals to their countries of origin or heritage, has been repeatedly identified by Pacific police chiefs as a primary accelerant of gang proliferation across the region, effectively exporting Australian organised crime infrastructure into nations with limited law enforcement capacity.

• Regional and international responses are scaling but remain outpaced by the threat. The Australian-funded Pacific Policing Initiative, endorsed in August 2024 at AU$400 million over five years, is the centrepiece of the multilateral response, complemented by formal US DEA engagement in Fiji since mid-2025 and the UNODC’s landmark Pacific Transnational Organised Crime report. The January 2026 Vatia cocaine bust, a joint Fiji Police, AFP, and DEA operation, demonstrated improved intelligence-sharing capability, but Fiji’s Police Minister has labelled the situation a “national emergency” and Prime Minister Rabuka publicly considered but ultimately declined to declare a formal State of Emergency in May 2026.

Sources

• Tracking the Pacific Drug Highway | New Lines Magazine | 2026

• Fiji considers state of emergency over drugs and gangs as police and military crackdown ramps up | RNZ | April 2026

• UNODC report exposes escalating threat of organized crime in the Pacific | UNODC | October 2024

• Pacific island nations swamped by global drug trade | AFP via Jakarta Post | October 2024

• The Pacific Islands become collateral damage on drug superhighway | Lowy Institute | 2025

• Fiji’s cocaine seizure shows the Pacific is learning to fight back | Lowy Institute | January 2026

• ABC Foreign Correspondent “Cartel Paradise” Parts 1 and 2 | ABC Australia | April 2026

• Fiji Police probe senior officers over alleged links to drug traffickers | OCCRP | 2025

• Pacific Islands agree on $270M Pacific Policing Initiative | The Diplomat | August 2024

You should be concerned if…

• Tourism operators, resort chains, and travel insurers with Pacific Island exposure: Fiji’s positioning as a safe, idyllic destination is under direct threat. The combination of drug-related violent crime, police corruption, potential states of emergency, and military roadblocks materially changes the risk profile for tourism investment, guest safety, and insurance underwriting across the region. Reputational contagion may spread to neighbouring Pacific Island destinations even if their direct exposure is lower.

• Australian and New Zealand communities, particularly Pacific Islander diaspora populations: The demand side of this crisis sits in Sydney, Melbourne, Auckland, and Christchurch. Australian and New Zealand drug consumption, described by the AFP as an “insatiable appetite,” is the economic engine powering the destruction of Pacific Island societies. Diaspora communities face the double burden of watching their homelands destabilised while their young people in Australia and New Zealand are recruited by outlaw motorcycle gangs and syndicate networks like the KVT and Comancheros.

• Maritime logistics, shipping, and port operators in the Pacific: The discovery of narco-submarines off Solomon Islands, ship-to-ship drug transfers outside Fiji’s exclusive economic zone, and cocaine concealed in shipping containers at Pacific ports means that legitimate maritime operators face heightened regulatory scrutiny, potential criminal liability for unwitting involvement, and increased insurance costs. The Pacific maritime domain is now an active theatre of transnational crime.

• Pacific Island governments and their security institutions: The Fiji experience demonstrates that organised crime does not merely transit through weak states; it actively corrupts them. The dissolution of Fiji’s Counter Narcotics Bureau, the conviction of a former police commissioner, and the investigation of senior officers should be treated as a warning that no Pacific Island security institution can be assumed to be free of infiltration. The corruption risk scales with the value of the drugs moving through each jurisdiction.

• International development agencies and donor governments: Billions of dollars in development aid flow to the Pacific region annually. If organised crime is corrupting the very state institutions that development programmes rely on for implementation, the effectiveness of that aid is compromised. Development strategy must now integrate organised crime as a first-order threat to governance, public health, and economic stability across the Pacific.

• Global health organisations and HIV/AIDS response agencies: Fiji’s HIV epidemic, with diagnoses increasing roughly tenfold in four years and 33 babies born with HIV in the first half of 2025 alone, is a direct consequence of the methamphetamine crisis and represents a public health emergency that is not receiving proportionate international attention or funding.

Preventative actions

Reassess Pacific regional risk profiles beyond traditional natural disaster and climate frameworks

• Risk managers, insurers, and corporate strategists with Pacific exposure should immediately update their risk models to incorporate transnational organised crime as a structural, not episodic, threat. The Pacific drug highway is not a temporary disruption; it is a permanent feature of the regional risk landscape driven by immovable economic incentives: sky-high Australian and New Zealand street prices for cocaine and methamphetamine. Scenario planning should model escalation pathways including further state corruption, expanded cartel territorial presence, and the potential for violent inter-syndicate competition in island nations with minimal security capacity.

Advocate for reform of Australia’s Section 501 deportation policy

• The policy of deporting convicted criminals to Pacific Island nations has been identified by multiple Pacific police commissioners and transnational crime analysts as one of the single greatest accelerants of organised crime proliferation in the region. Organisations with regional interests should engage with policy forums and government consultations to push for alternatives that do not simply export criminal networks into jurisdictions with a fraction of Australia’s law enforcement resources. At minimum, deportation should be accompanied by structured intelligence-sharing with receiving nations and funded post-deportation monitoring programmes.

Strengthen maritime domain awareness and due diligence for Pacific shipping operations

• Any organisation operating vessels, managing ports, or routing cargo through the Pacific should implement enhanced due diligence protocols including crew vetting, cargo anomaly detection, and real-time reporting to regional coordination centres such as the Pacific Transnational Crime Coordination Centre and the Pacific Fusion Centre. The discovery of narco-submarines and ship-to-ship transfers outside exclusive economic zones means the threat operates in waters where no single nation has effective surveillance, making industry self-reporting and cooperation with naval patrols essential.

Fund and support institutional integrity programmes in Pacific law enforcement

• The AU$400 million Pacific Policing Initiative is a necessary but insufficient response if the institutions it strengthens are themselves compromised. Donor governments and multilateral agencies should condition funding on transparent integrity vetting, independent anti-corruption oversight, and whistleblower protection mechanisms. The Fiji Counter Narcotics Bureau collapse is a case study in what happens when capability is built without corresponding accountability architecture.

Integrate public health response with counter-narcotics strategy

• Fiji’s HIV epidemic cannot be addressed in isolation from the drug crisis that is driving it. International health organisations, donor governments, and Pacific Island health ministries should develop integrated response plans that combine harm reduction, treatment access, and community education with enforcement and interdiction efforts. The current approach of treating drug trafficking and its public health consequences as separate problems is failing.

Quick snippet stories

1. Bushfire Destroys $1.8 Million Wine Business, Exposing Underinsurance Risk
   An Australian couple lost their entire wine business to bushfire, turning a $1.8 million investment to ash. The story underscores a persistent and under-discussed risk: many small agricultural and rural businesses carry insufficient insurance to cover full asset replacement, particularly for bespoke operations like vineyards where rebuilding costs exceed market valuations. As bushfire seasons intensify under changing climate conditions, small business owners in fire-prone regions should conduct annual insurance adequacy reviews, ensure policies cover not just structures but stock, lost revenue, and business interruption, and maintain defensible space and emergency response plans as both physical and financial safeguards. Main link to resource

2. Singapore Manufacturing Grows, but Conflict-Driven Cost Inflation Persists
   Singapore’s factory activity continues to expand, but the ongoing Iran conflict is inflating input costs and disrupting supply chains across the manufacturing sector. The risk lies not in contraction but in margin erosion: manufacturers absorbing higher raw material, energy, and logistics costs may sustain production volumes while profitability deteriorates, a pattern that can mask vulnerability until a demand shock exposes it. Businesses reliant on Middle Eastern energy flows or shipping routes through contested waters should lock in supply contracts where possible, diversify sourcing, and stress-test financial resilience against sustained cost elevation rather than assuming conflict-driven inflation is temporary. Main link to resource

3. When Supply Chains Go Dark, Risk Compounds Invisibly
   Research from the London School of Economics highlights a growing and underappreciated threat: supply chain opacity, where disruptions in lower-tier suppliers go undetected until they cascade into visible failures. The core risk is that most organisations lack visibility beyond their immediate, first-tier suppliers, meaning that a factory closure, sanctions exposure, or natural disaster three or four tiers deep can trigger production halts with zero early warning. Companies should invest in multi-tier supply chain mapping tools, require key suppliers to disclose their own critical dependencies, and build buffer inventory for components with concentrated or opaque sourcing. Main link to resource

4. Reinsurance Costs Signal Structural Shift in Climate Risk Pricing
   Carrier Management reports that reinsurance pricing is hardening further as insurers and reinsurers reprice portfolios in response to escalating natural catastrophe losses. The risk for businesses is not just higher premiums but potential coverage withdrawal from high-exposure regions, leaving assets effectively uninsurable. This pricing shift reflects a structural reassessment of climate risk, not a cyclical market correction, meaning organisations in exposed geographies should engage insurers proactively, invest in physical resilience measures that improve insurability, and explore parametric or alternative risk transfer mechanisms before traditional coverage becomes unavailable or unaffordable. Main link to resource

5. Mining Sector Recovers Cents on the Dollar from Insurance Claims
   Mining Magazine reports that mining companies are recovering only a fraction of insured losses from major claims, highlighting a widening gap between assumed coverage and actual payouts. The risk is that mining operators are making capital allocation and investment decisions based on insurance protection that may not materialise when needed, particularly for complex, multi-peril events involving environmental liability, business interruption, and regulatory shutdown. Mining executives and risk managers should conduct forensic reviews of policy wordings, engage specialist loss adjusters before incidents occur, and consider whether self-insurance reserves or captive structures provide more reliable protection for high-severity, low-frequency events. Main link to resource

Want to discuss how these risks might effect your business?
Book 30 minutes with us, free ↗

Need support?

At Fixinc, we are passionate about helping people get through disasters. That’s why our team of Advisors bring you this resource free of charge. If you need help understanding these threats and building a plan against them, the same Advisors are here to help over a 30-minute online call. Once complete, if you like what was provided, you can choose to provide a donation or subscribe to Unbreakable Ventures to support this channel.

Book your 30min call here

The length of this piece provides the respect this story deserves. But not everyone has time to digest it fully. That’s why in this article, the Unbreakable Ventures team has created the Karex Intelligence Map.

Explore the Mindmap

The map has seven branches: The Trigger, The Pattern, The Company, The Moat, The Health Impact, The Backstop, and The Unreported. Each one breaks down into smaller sections you can click through. The article and the map cover the same ground in different shapes. The article tells you the story; the map shows you the connections.

If you only have five minutes, click through the map. If you have twenty, read the article. If you have thirty, do both.

There is a factory in Port Klang, Malaysia, you have probably never heard of. It makes one out of every five condoms worldwide. And on April 21^st, 2026, three sentences from its CEO to a Reuters reporter rippled through pharmacies from Auckland to Dubai, Lagos, and Kuala Lumpur.

The company is Karex Berhad. The CEO is Goh Miah Kiat, known to everyone in his industry as MK. The story he just told the world about a war four thousand kilometres away is, if you read it carefully, also a story about why the modern global economy keeps breaking in the same place.

This is not Karex’s first crisis. It is their third in five years.

In 2020, the COVID-19 pandemic shut down their factories. Sales fell 40 per cent over two years. In 2020, the company posted its first full-year loss since going public on Bursa Malaysia, the countries stock exchange. MK had bet, publicly; that lockdown would drive demand up. Instead, it cratered.

In 2022, Russia invaded Ukraine. Russia happens to be a major producer of ammonia, which preserves latex, and of synthetic rubber precursors. Karex’s FY2022 annual report named the war directly, citing inflationary pressures and supply chain disruption. The company set a record for revenue and a record for losses in the same financial year.

In February 2026, Iran went to war with the United States and closed The Strait of Hormuz. By April, Karex was telling Reuters it would raise prices 20 to 30 per cent, perhaps more. MK said current shipments were taking “close to two months.”

Three different geopolitical events. Three direct hits on one factory. There is no structural reform between any of them. But there is a fundamental lesson in dealing with concurrent crises.

Why a 33km of ocean sets the price of latex

To understand how a tanker dispute in the Persian Gulf reaches a Wellington pharmacy, we should follow the chemistry.

Latex condoms need Russia’s ammonia. Non-latex condoms use nitrile, which is made from butadiene, which is made from naphtha. Roughly 60 to 70 per cent of Asia’s naphtha transits the Strait of Hormuz, arriving from Gulf countries. Lubricants are silicone-based, and also petrochemical. The foil that wraps each condom individually is aluminum, much of it produced in the UAE using cheap Gulf energy.

The result is Karex’s price list moves whenever something breaks in the Gulf or Eastern Europe. According to figures cited to CNN by Davin Wedel, who runs Karex’s US subsidiary Global Protection Corp, synthetic rubber is up 30 per cent, nitrile up 100 per cent, silicone oil up 25 per cent, and packaging foil up 20 to 30 per cent. Wedel told CNN the situation was “adding fuel to the fire” given existing US tariffs.

For those in the Gulf, this is an awkward truth: your region produces the chemistry that makes most of the world’s condoms possible. For ASEAN, Malaysia is the manufacturing hub the rest of the world does not notice until it stops working. For New Zealand, the price you will pay at the pharmacy in three to six months is being set right now on a vessel that may or may not arrive.

Karex’s largely unreported influence

The chairwoman of Karex’s board is Professor Dato’ Dr. Adeeba Kamarulzaman. She is the President of Monash University Malaysia. She is also a former President of the International AIDS Society, the chairperson of the Malaysian AIDS Foundation, a member of the WHO Science Council, and a member of the UNAIDS Advisory Group.

She chairs the board of the company at the centre of the global condom supply crisis. She also advises the international institutions most affected by Karex’s pricing decisions on HIV prevention commodities.

Both roles are fully public. Neither is a secret. They have simply not been connected by any outlet covering the price hike.

It matters because the HIV picture is already grim before condoms get more expensive. A March 2025 modelling study published in The Lancet HIV projected that an anticipated 24 per cent average reduction in international aid combined with discontinued PEPFAR support could mean between 4.43 million and 10.75 million additional new HIV infections, and between 770,000 and 2.93 million extra deaths, between 2025 and 2030 across low- and middle-income countries. The researchers noted infection rates would be 30 to 60 per cent higher in key populations such as sex workers, men who have sex with men, and people who inject drugs.

Stockpiles were already thin. UNAIDS reported in May 2025 that around a quarter of countries surveyed held six months or less of condom stock. That is the buffer Karex’s price hike now lands on top of.

The usual contingency, scaling up PrEP (pre-exposure prophylaxis) to substitute for condom-based prevention, is also wobbling. The same PEPFAR pause that emptied condom programmes also disrupted PrEP delivery in sub-Saharan Africa.

A separate Lancet HIV modelling study published in October 2025 estimated that a one-year pause of PEPFAR-funded PrEP could result in 15,739 new HIV infections over five years. You cannot replace one disrupted prevention tool with another disrupted prevention tool.

This is the room the Karex chairwoman walks into when she joins a UNAIDS Advisory Group meeting.

The product no one is writing about

As with most crisis events, there are connections that influence the other.

Karex owns Satin Oral Dams through its US subsidiary, Global Protection Corp. Dental dams are made from the same latex and nitrile facing the same supply disruption. They are used during oral sex for STI and HIV prevention, particularly among LGBTQ communities and women.

The price hike hits dental dams. Nitrile is up 100 per cent, harder than any other input. The institutions that distribute them, NHS sexual health clinics in the UK, Planned Parenthood in the US, AIDS Healthcare Foundation, Brook, GMHC, are operating on fixed budgets.

This matters because the silence is selective. The same supply chain hits both products. The same regulatory wall blocks emergency substitution for both. The difference is that one gets a global news cycle and the other gets nothing. When you watch how a crisis is told, watch what it leaves out. The populations most affected here are not the ones being asked to comment on it.

The certification moat

One could argue that Karex is integral to our health system but comes with many vulnerabilities. So, why does no one else make condoms?

Because like semi-conductors, they do not have the infrastructure to simply replicate the process. And building one is not a quick process.

Institutional buyers require the World Health Organization (WHO) prequalification of manufacturing sites. The process takes one to three years.

Across multiple sites, Karex’s deep, multi-regulator quality and market-access certifications form a barrier that is difficult for competitors to replicate quickly.

Alternatives exist like India’s HLL Lifecare, government owned and prequalified, but capacity is small. China has Guilin Latex, which has scale but also geopolitical baggage and certification gaps. Cupid Limited in India is the only company prequalified for both male and female condoms, but its male output is modest. SKYN’s polyisoprene is less Hormuz dependent, but it is a retail premium product, not an institutional bulk supply.

In an emergency, you cannot swap suppliers. The bottleneck is not rubber. The bottleneck is regulation.

A pyramid of problems

The world’s two largest condom brands are structurally dependent on outsourced manufacturing, with limited in-house production relative to their global output.

Durex, is owned by Reckitt Benckiser of Slough, UK. Trojan, is owned by Church & Dwight of Ewing, New Jersey. The exact percentage of dependency is not publicly disclosed by either side. But it’s clear there is an awkward triangle.

Karex makes Durex while competing with Durex through its own ONE, Pasante, and Carex brands. Karex makes Trojan while competing with Trojan through ONE again. The price hike pushes margin pressure onto Reckitt and Church & Dwight at exactly the moment those companies have their strongest incentive in years to find someone else to make their products.

Reckitt launched Durex Intensity, a nitrile condom, in late 2024 with a global Q1 2025 rollout. Nitrile then doubled in price. Church & Dwight launched TROJAN G.O.A.T. in January 2026 using a patent-pending Ultra Flex non-latex material. The actual chemical composition is not in public filings. Whether it really decouples from the Hormuz supply chain is anyone’s guess.

This interconnected web of suppliers is a fragile balance easily disrupted by the other. But it’s not unique to condom manufacturing. Thousands of businesses around the world are impacted by the ripple effect the Strait’s closure represents, if nothing more than through a break in a third party’s link.

When the backstop is uneven

If a condom fails or a couple cannot afford one, what comes next depends entirely on where you live. This is where the Karex story stops being only about supply chains and starts being about geography.

ASEAN. Across Karex’s home region, the legal backstop varies wildly. Malaysia’s own Penal Code Section 312 has, since a 1989 amendment, permitted abortion to preserve a woman’s life or her physical or mental health, putting Malaysia among the more permissive countries on paper.

In practice, mifepristone is not registered in Malaysia, public hospitals often require two doctors instead of the legally mandated one, and stigma keeps many providers silent. As recently as May 2025, a 21-year-old woman in Melaka received a nine-month custodial sentence for a self-managed abortion using pills bought online. The Galen Centre noted in the same piece that one in three Malaysian pregnancies in 2022 was unplanned.

The Philippines maintains a near-total criminal ban with no health exceptions. Indonesia restricts abortion to medical emergency and rape. Thailand decriminalised abortion through 12 weeks in 2022. Singapore is liberal.

The result: a single ASEAN-wide condom price hike lands on legal systems that range from progressive to punitive, and the women paying the highest cost are those in jurisdictions with the fewest legal options afterwards.

Oceania. New Zealand decriminalised abortion in 2020 and treats it as a health matter through 20 weeks.

Australia varies by state but is broadly accessible. The legal backstop is real. The pressure is therefore financial rather than legal. When retail prices rise, public health budgets like Pharmac and DHB-funded sexual health clinics absorb the difference. The system holds, but it costs more, and the cost falls on taxpayers and clinic budgets rather than on women’s legal rights.

GCC. This is where the dynamic flips most sharply. Across Saudi Arabia, the UAE, Kuwait, Qatar, Bahrain, and Oman, abortion is generally permitted only to save a woman’s life or in cases of severe foetal impairment, and access is medicalised, gatekept, and culturally constrained.

In several Gulf states, sex outside marriage remains a criminal offence. For migrant workers in the region, particularly the women working as domestic staff with confiscated passports, an unwanted pregnancy is not just a health event but a legal and immigration crisis.

The condom is functionally the only contraceptive backstop available before a pregnancy becomes a problem the legal system will not help solve. A 30 per cent price increase on that backstop has a sharper edge in the Gulf than almost anywhere else.

A modelling study by Avenir Health for the Lancet projected that USAID contraceptive cuts alone could mean 40 to 55 million extra unintended pregnancies and 12 to 16 million unsafe abortions across affected countries. That was before the Karex price hike. The Karex hike sits on top of this.

The lesson in this crisis

For New Zealand, this is a Pharmac story before it is a Woolworths story. As Olsen put it to Stuff, retailers and public buyers will be deciding whose budget swallows the increase.

Public health budgets, not retail margins, will absorb most of the impact, and that decision is being made now in offices that do not usually think about Hormuz.

For ASEAN, this is a story about your region’s manufacturing exposure. One factory cluster, three regional supply shocks in five years, no structural reform between them. Myanmar and Cambodia are already rationing fuel. Vietnamese schools have shortened hours. The next shock is not a question of if, but when.

For the Gulf, this is a mirror. The materials that make most of the world’s condoms come from your refineries, your industrial complexes, and your ports. The fragility being exposed in Port Klang is a fragility your region helped create, and one your region can help solve.

But this story is not really about condoms. It is about what happens when a single factory becomes structurally important to global health, when its supply chain runs through three of the world’s most volatile regions at once, and when no one wants to spend the money to build redundancy until the moment redundancy becomes impossible.

We need institutional reform. We need government support and investment in supply chain disruption. We need to get involved early when a significant supplier shows signs of becoming a single point of failure to critical infrastructure or public health.

Karex has been telling us this story for five years. But we’re often distracted by the topic, rather than the lesson it serves.

Umaima is based on the ground in Dubai. What follows is drawn from her correspondence over the past fortnight following on from her first piece, The Iran War From Dubai: What Your Newsfeed Is Not Showing You

The Return to Normal

Dubai looks normal again. The roads are moving, sports clubs are open, people are back at dinners and gatherings, and the emergency alerts that once jolted residents awake at 3 or 4 a.m. appear to have stopped. But “normal” in the UAE right now is not the same thing as ease.

A few weeks ago, the mood here was different. When the war opened, the group chats lit up constantly. People were refreshing news feeds at midnight, debating whether to book flights, pulling their kids from school pickups early. The television stayed on, not as background noise, but as vigil. There was a specific kind of fear that comes not from knowing what will happen, but from not knowing how bad it might get.

That first phase has passed. What replaced it wasn’t confidence. It was adaptation. Somewhere in the middle stretch, a quiet shift happened. People stopped treating every alert as a potential escalation and started filing them alongside the other anxieties of living here: traffic, visa renewals, the cost of rent. The disruption had become, uncomfortably, routine.

Now, in the last week or so, even that has eased. The emergency alerts that once jolted residents awake at 3 or 4 a.m. appear to have stopped. People I know are back at padel courts and bowling alleys, and back at Friday brunches. The news cycle, which once ran on a constant loop in living rooms, has been turned down.

We know what’s happening. We don’t need all the details anymore.

Schools, Students, and a Quiet Exhaustion

Schools across the UAE resumed in-person learning on April 20, ending seven weeks of remote classes that left families drained and frustrated. But the reopening has landed with more skepticism than relief, not least because it came just two days before the ceasefire is set to expire today, April 22 (The National, April 20, 2026).

The logistics were chaotic. The Knowledge and Human Development Authority (KHDA) initially confirmed that school buses would not run on reopening day. Then, on April 18, the Ministry of Education reversed the decision and gave the green light for buses to resume, leaving families just two days to rearrange transport plans (The National, April 18, 2026). Not all schools opened on the 20th either. Each institution required individual KHDA clearance following inspections and staff safety training, and some had not received approval in time.

The safety measures inside schools tell their own story. Blue tape now marks safe zones across corridor floors and classrooms. Schools have designated shelter-in-place areas in large interior spaces without glass windows. Evacuation routes are mapped and clearly marked, and some schools have secured agreements with nearby supermarkets and mosques to serve as off-site shelters if buildings need to be evacuated (The National, April 17, 2026).

Students received safety briefings and practice drills on their first day back. Outdoor activities remain suspended. Some canteens are closed.

Beyond the logistics, there is a deeper exhaustion. Major international exams have been cancelled across the UAE for 2026. For other qualifications, schools and awarding bodies are still working out how grades will be determined, with approaches ranging from evidence portfolios to other forms of assessed coursework.

The predictable result: motivation has collapsed, particularly among younger students who were already harder to engage through a screen. The first week of in-person learning is not focused on academics at all. Schools are prioritising emotional regulation, routine, and reconnection. Academic gap-filling starts the week after. Staff training on day one included breathing techniques and strategies for helping distressed pupils.

Officials reported over 80% attendance at KHDA-cleared campuses on day one. But that figure only counts schools that opened and students still in the country. A significant number of expatriate families left the UAE when the attacks began and have not returned.

People I have spoken to describe families who vacated apartments, pulled their children from school, and flew to India or back to home countries because they could no longer take the mental toll. Some are waiting weeks to see whether the ceasefire holds before booking return flights.

Parents who did send their children back are not celebrating. They are watching the clock.

“I do feel a little worried about them returning after what happened,” one parent told Khaleej Times, “but I trust they’ll be well cared for. If anything happens, we can always return to distance learning”.

The mood among those still overseas is starker. Several parents I know have said plainly that they will not return until a proper diplomatic agreement is in place, not just a fragile, time-limited ceasefire. For them, the repercussions of this conflict will linger regardless of what happens this week.

The core tension is timing. The ceasefire announced on April 7 expired April 22. Schools opened two days before that deadline. Every institution has been told it must be ready to switch back to remote learning at any moment. Whether the reopening survives the week depends on a diplomatic outcome that nobody in the education system controls.

The Surface and the Texture

The surface reads as stability. Malls are open. The metro runs. Restaurants are full enough. But the texture has changed. Dubai Mall, which on a normal weekend you’d avoid for the crowds, is manageable now. Weekend traffic has thinned noticeably. One friend who works in retail at Dubai Mall told me that staff have reached the point of trying to convince their own colleagues to buy things, just to keep the numbers up.

Hotels and hospitality venues are pushing staycation deals, co-working packages, and discount offers with an enthusiasm that tells its own story.

The Fazaa scheme, which offers subsidised experiences for the first sign-ups, is part of the same effort: keep people spending, keep sentiment up, keep the economy visibly moving.

There are quieter signals too. The Burj Al Arab has announced 18 months of renovation. Residents raise an eyebrow at that. Eighteen months is a long time for a renovation. The luxury retail corridors are the most telling: the footfall has dropped sharply, and Dubai’s entire identity is built on that segment. Hospitality is absorbing losses during what should be peak tourist season, before the heat makes the city uninhabitable for visitors. That window is closing without the tourists to fill it.

Markets have recovered faster than people have. UAE financial indices surged after the April 7 ceasefire, with Dubai posting its largest single-day gain in six years (AGBI, April 2026). The ADX climbed 4.75% over the past month (Trading Economics, April 21, 2026). But the optimism is evaporating. As of April 21, oil prices have surged back above $95 a barrel, peace talks have stalled, and Trump has warned the ceasefire is "highly unlikely" to be extended (TheStreet, April 21, 2026). The gains of the past two weeks may not survive the next two days.

At sea, caution hasn’t fully disappeared. Major shipping actors remain wary around Hormuz, and uncertainty around navigation risks persists. The investor recovery and the social mood are moving at different speeds.

The Cyber Layer and the Language of Calm

The cyber dimension is one that most residents are now living with quietly. The Road and Transport Authority (RTA) app went down. Banking apps have been intermittent. Officially, the story is one of resilience. The UAE is handling hundreds of thousands of attacks per day, and the framing in official communications is always active, never passive. Not we are being attacked but we are managing the volume. Residents I spoke to noticed this.

“Even if it’s something bad,” one person said, “they will make it seem good.”

That instinct, to read the register of official communications and understand what sits underneath, is now a background skill that most people here have quietly developed.

It’s part of a broader information landscape that nobody fully trusts. People are drawing from government announcements, local outlets, Reddit threads, Lovin Dubai, and Western media, and they distrust each source in a different way. Government statements are considered reliable but curated. Western coverage is seen as sensationalised. Social media is unverifiable.

What nobody does is say any of this publicly. The GCC’s long-standing culture of political caution hasn’t changed. If anything, the war has made people more careful. People speak in closed circles. They share opinions in private conversations, in apartments, in cars.

Online, they’re careful. “You cannot incite public disruption,” one person explained, matter-of-factly, as though describing a weather pattern. “That’s always been there. It’s not new.” The distinction between what is said in a group chat and what is said on a public platform is one that residents maintain almost instinctively.

Contingency Thinking Behind Closed Doors

The more honest conversations are happening behind closed doors, and they’ve shifted in the last few weeks from immediate safety to longer-term financial anxiety.

People are talking about what to do if the banks fail, not because they believe it’s imminent, but because contingency thinking is how you manage living in a place where you don’t control the variables. Some residents have sent money back to family in other countries. Others have been buying gold: portable, convertible, not dependent on an app that might go down. The logic is old. In a war, you hold what you can carry.

Employment anxiety runs through every sector and every demographic, and this is one of the things that surprises people who assume it maps neatly onto expat versus local.

Emiratis are worried too. Business owners who considered themselves insulated are now watching their pipelines and asking the same questions as junior employees.

Events and marketing, two industries that are foundational to how Dubai presents itself to the world, have been badly hit. International acts and large-scale productions have been cancelled or pushed to later in the year. The workers in those industries, often on flexible or project-based contracts, are the most exposed.

The workers I spoke to described an environment where the choice being offered is salary cut or termination, and when someone agrees to a cut, there is no legal recourse.

“You can’t fight it if you agreed to it,” one person said.

Whether layoffs are widespread or concentrated is genuinely hard to verify. What’s clear is that people believe they are happening, and belief shapes behaviour.

There’s also a visible population shift that is hard to quantify but hard to ignore. The empty parking space next to mine, same car, same spot, not seen in four weeks. “I’m pretty sure that person left.”

It’s not clear how many people have gone, or how permanently. The consensus is that most are waiting rather than relocating, holding elsewhere until the picture clarifies, then coming back. Dubai pays well. People don’t leave easily.

The Nightclub at 2:30

The image that stays with me from this whole period is a nightclub, sometime around 2:30 in the morning. Music, a crowd, the specific unreality of a Dubai night out in full swing, and then an alert arrives. Not panic. Not chaos. People check their phones; staff move us indoors. Then, when it passes, they go back. Back to the music, back to the dancing, back to the drinks.

That moment contains everything about where the UAE is right now. The procedure has been learned. The response is calm, almost practised. Life continues. But the alert still came. The door to indoors was still used. And everyone in that room knew, without saying it, that it could come again.

Everyone Is Emirati

There’s a phrase being used in state messaging lately. “Everyone is Emirati,” a kind of manufactured solidarity between nationals and long-term residents. It’s a subtle signal: the UAE is trying to build a narrative of shared endurance. Whether people believe it or are simply living alongside it is a different question.

What most residents seem to have arrived at is something simpler and more honest. They feel physically safe. The state has demonstrated, repeatedly and visibly, that its defence systems work.

But physical safety and psychological ease are not the same thing. The early initiatives such as free therapy and community support programmes have mostly wound down. The understanding now is that this is the new reality, and everyone has to find their own way through it.

Dubai still looks normal on the surface. Underneath, people are recalculating risk, quietly, privately, and with the particular discipline of a place that has always made stability look effortless, even when it isn’t.

Umaima Farhan is a Resilience Advisor at Fixinc and a regular contributor and Advisor to Unbreakable Ventures. She is based in Dubai. Read the first dispatch in this series, The Iran War From Dubai: What Your Newsfeed Is Not Showing You.

Hello 👋 get a brew on because these are the top emerging risks between April 6th, and April 22nd, 2026…

Review our report’s terminology here ↗

Small update: Our Unbreakable Ventures fortnightly update will move to a Wednesday release moving forward. This allows our team to prepare content and launch on a day that is typically more open for you to read and listen.

Our main risk this fortnight is…

1. Societal: Middle East Crisis Threatens Global Poverty Surge

• A new United Nations Development Programme report warns that the ongoing military escalation in the Middle East, centred on the Strait of Hormuz closure and broader regional conflict, could push millions of people across the Asia-Pacific region into poverty through surging energy prices, trade disruption, and collapsing remittance flows, with impacts extending far beyond the immediate conflict zone.

• The UNDP analysis models the crisis through the lens of its Human Development Index and finds that countries already vulnerable, particularly South and Southeast Asian nations dependent on oil imports, migrant worker remittances, and tourism revenues, face compound shocks that could reverse years of development progress within months rather than years.

• The report identifies multiple transmission channels through which the crisis radiates outward: direct energy cost inflation hitting household budgets and industrial output; disruption to maritime trade routes that carry a significant share of global oil and LNG supplies; collapse or severe reduction in remittance flows from Gulf-based migrant workers who face job losses or repatriation; and tourism revenue declines as regional instability deters travel.

• Small island developing states and least-developed countries in the Asia-Pacific face disproportionate exposure because they lack fiscal buffers, strategic petroleum reserves, or diversified energy sources to absorb price shocks, meaning even short-duration disruptions can trigger food insecurity, power rationing, and social instability.

• The UNDP calls for coordinated international action including emergency social protection scaling, energy subsidy targeting, remittance corridor protection, and accelerated renewable energy investment, warning that delayed responses will compound the human cost and make recovery significantly more expensive and protracted.

Sources

• Middle East Crisis: Millions Around the World Could Be Pushed into Poverty, Flags UNDP | Times of India | April 2026

• Middle East Military Escalation: HDI Impacts Across Asia-Pacific (Full Report) | UNDP Regional Bureau for Asia and the Pacific | April 2026

• Strait of Hormuz Closure Sends Oil Prices to Record Highs | Reuters | April 2026

• Asia-Pacific Economies Brace for Oil Shock Fallout | Nikkei Asia | April 2026

• Gulf Migrant Workers Face Mass Layoffs as Regional Crisis Deepens | Al Jazeera | April 2026

• How the Middle East Conflict Threatens Global Development Goals | The Guardian | April 2026

You should be concerned if…

• Oil-importing developing nations in South and Southeast Asia: Countries like Pakistan, Bangladesh, Sri Lanka, the Philippines, and Pacific Island states are absorbing the full force of energy price inflation without the fiscal reserves or strategic stockpiles to cushion the blow. For these nations, the crisis is not abstract geopolitics but an immediate threat to household energy access, food affordability, and industrial output. The UNDP report makes clear that these economies sit at the sharpest end of the transmission chain, and that even a partial reversal of development gains could take a decade to recover.

• Migrant worker communities and remittance-dependent households: Millions of workers from South and Southeast Asia employed in Gulf states face job insecurity, wage delays, or forced repatriation as the regional economy contracts under conflict pressure. The families they support, often in rural communities with no alternative income sources, lose their primary financial lifeline. Remittance flows represent a larger share of GDP than foreign aid in many of these countries, making this channel of crisis transmission particularly devastating and under-reported.

• Global humanitarian and development organisations: The UNDP warning signals a potential surge in demand for emergency social protection, food assistance, and energy subsidies across multiple countries simultaneously. Organisations already stretched by existing crises face the prospect of compounding need with no corresponding increase in donor funding, particularly as major donor nations themselves grapple with the economic fallout of higher energy costs.

• Multinational corporations with Asia-Pacific supply chains: The poverty surge and economic instability flagged by the UNDP translate directly into workforce disruption, demand volatility, and operational risk across manufacturing hubs and sourcing countries. Companies relying on labour-intensive production in vulnerable economies should anticipate absenteeism, wage pressure, civil unrest, and potential government interventions such as export restrictions or price controls that could disrupt supply agreements.

• Insurance, sovereign debt, and credit risk analysts: The compounding effect of energy inflation, remittance collapse, and tourism decline on fiscally fragile states raises the probability of sovereign debt distress, credit rating downgrades, and currency crises. Analysts must model not just the direct oil price shock but the second and third-order effects on government revenues, social spending commitments, and political stability.

These items are generic assumptions. We recommend considering your own unique risk landscape against your critical dependencies. If you don’t know what they are, get in touch.

Preventative actions

Map your exposure to remittance and energy transmission channels

• Organisations and governments should urgently map their direct and indirect exposure to the crisis transmission channels identified in the UNDP report: energy import dependence, remittance flow concentration, tourism revenue reliance, and maritime trade route vulnerability. Understanding which channels carry the greatest risk for your specific context allows for targeted mitigation rather than generic crisis response.

Accelerate targeted social protection and subsidy programmes

• Governments in exposed countries should pre-position emergency cash transfer mechanisms and energy subsidy frameworks that can be activated rapidly as household budgets come under pressure. The UNDP report emphasises that delayed social protection scaling compounds the poverty impact exponentially, so the priority is speed of deployment over perfection of targeting.

Diversify energy sourcing and fast-track renewable alternatives

• The current crisis is a structural argument for reducing dependence on Gulf-sourced hydrocarbons. Countries and corporations should use this moment to accelerate renewable energy procurement, distributed generation, and energy storage investments that reduce long-term exposure to maritime chokepoint disruptions, even if the immediate crisis requires short-term fossil fuel alternatives.

Protect and diversify remittance corridors

• Financial regulators and remittance service providers should ensure that alternative transfer channels remain operational and affordable if primary Gulf-based corridors are disrupted. Governments of labour-sending countries should negotiate bilateral protections for their nationals in Gulf states and establish emergency repatriation and reintegration plans.

Stress-test supply chains for poverty-driven disruption

• Multinational corporations should model the impact of rising poverty and economic instability in their sourcing countries on workforce availability, production continuity, and demand patterns. Build contingency plans for scenarios where key manufacturing or agricultural regions face civil unrest, government-imposed export restrictions, or significant labour force disruption driven by the cascading effects of the crisis.

2. Technological: Mercor Breach Exposes Permanent Biometric Threat

• AI hiring startup Mercor, valued at $10 billion and backed by prominent Silicon Valley investors, suffered a catastrophic data breach in which the hacking group Lapsus exfiltrated approximately 4 terabytes of deeply sensitive user data, including high-resolution video interviews, passport and identity document scans, resumes, candidate profiles, and proprietary source code, creating what cybersecurity experts describe as a near-perfect deepfake training dataset.

• The breach did not originate from simple negligence at Mercor. It was the downstream result of a sophisticated software supply chain attack that compromised Trivy, a widely used open-source security vulnerability scanner, which in turn poisoned LiteLLM, an AI model proxy layer, before reaching Mercor’s systems. The attack chain, Trivy to LiteLLM to Mercor, was three layers deep, and the same supply chain compromise affected thousands of companies simultaneously, making attribution of fault to any single organisation misleading.

• The nature of the stolen data is what elevates this breach from a conventional cybersecurity incident to a permanent, irreversible threat. Unlike passwords or credit card numbers, biometric data, including detailed facial geometry, voice patterns, and behavioural mannerisms captured across thousands of hours of video interviews, cannot be changed, reset, or reissued. Every affected individual now carries a lifelong vulnerability to identity fraud, deepfake impersonation, and synthetic identity attacks.

• The breach raises urgent questions about the data collection practices of AI-era platforms. Mercor’s business model required job applicants to submit extensive video recordings, identity documents, and personal information as a condition of being considered for roles, often roles that involved training AI models for major technology companies. The volume and intimacy of the data collected far exceeded what traditional hiring processes demand, yet the security infrastructure protecting it was ultimately dependent on a chain of third-party tools that no single entity fully controlled or audited.

• The stolen dataset has direct commercial and strategic value to hostile actors. Nation-state intelligence services, rival AI laboratories, and criminal enterprises could use the biometric data to train deepfake generation models, conduct targeted social engineering, or build synthetic identity systems. The risk is not hypothetical: a dataset of this quality and scale, combining face, voice, identity documents, and professional background, is precisely what is needed to produce convincing impersonations that could defeat video-based identity verification systems now used across financial services, corporate access controls, and government processes.

Sources

• Mercor AI Startup Security Incident | Fortune | April 2026

• Lapsus Group Claims Responsibility for Mercor Data Breach | BleepingComputer | April 2026

• Supply Chain Attack on Trivy Scanner Compromises Thousands of Downstream Companies | The Record | April 2026

• The Deepfake Risk of Biometric Data Breaches | Wired | April 2026

• AI Hiring Platforms and the Data Collection Arms Race | MIT Technology Review | March 2026

• LiteLLM Vulnerability Exploited in Multi-Stage Supply Chain Attack | Ars Technica | April 2026

You should be concerned if…

• Individuals who submitted video interviews, identity documents, or resumes to Mercor: You face a permanent and irreversible exposure. Unlike a compromised password, your face, voice, and identity documents cannot be changed. This data can be used to create convincing deepfake videos or audio that could pass automated verification checks, be deployed in targeted social engineering, or be sold to entities building synthetic identity systems. You should assume the data is in hostile hands and take protective action immediately.

• Organisations using video-based identity verification or biometric authentication: The Mercor dataset provides attackers with precisely the training material needed to defeat video KYC, voice authentication, and liveness detection systems. Financial institutions, corporate security teams, and government agencies that rely on these technologies should assume the threat model has fundamentally shifted and begin evaluating the resilience of their verification systems against high-quality synthetic media generated from real biometric data.

• Companies relying on open-source security tools in their software supply chain: The Trivy-to-LiteLLM-to-Mercor attack chain demonstrates that the tools organisations trust to identify vulnerabilities can themselves become the attack vector. This is not a failure of one company’s credential hygiene; it is a structural weakness in how modern software ecosystems are assembled. Any organisation using open-source scanners, proxy layers, or AI tooling without rigorous supply chain verification is potentially exposed to identical compromise patterns.

• AI companies and technology platforms that collect extensive applicant or user data: The Mercor breach forces a reckoning with the question of how much personal data is truly necessary to deliver a service, and what duty of care attaches to collecting it. Platforms that require video submissions, biometric captures, or identity document uploads as a routine part of engagement must now justify that collection against the reality that no security architecture can guarantee permanent protection of permanently sensitive data.

• Regulators and policymakers responsible for data protection and AI governance: The breach exposes a gap between current data protection frameworks, which were largely designed around financial and textual personal data, and the emerging reality of mass biometric data collection by AI-era platforms. The permanent, non-resettable nature of biometric exposure demands a different regulatory approach than breach notification and credit monitoring.

Preventative actions

Audit and minimise biometric data collection practices immediately

• Every organisation that collects video, voice, facial imagery, or identity documents should conduct an urgent review asking a single, uncomfortable question: is this data truly necessary for the service being provided? If it is not essential, stop collecting it. If it is essential, segregate it from general data stores, encrypt it with dedicated key management, and impose strict retention limits. The Mercor breach demonstrates that data you hold is data that can be stolen, and biometric data, once stolen, creates a liability that lasts a lifetime.

Implement supply chain security verification for all third-party and open-source tools

• The attack chain that compromised Mercor started three layers upstream with a trusted security tool. Organisations must move beyond trusting tools by reputation and implement continuous verification of third-party software integrity, including code signing validation, software bill of materials (SBOM) monitoring, and runtime behavioural analysis. The security scanner that protects your perimeter should itself be treated as an attack surface.

Adopt multi-layered identity verification that does not rely solely on biometrics

• With high-quality biometric datasets now in adversarial hands, organisations must assume that video and voice-based verification can be spoofed. Layer biometric checks with behavioural analytics, device-binding, cryptographic attestation, and human-in-the-loop review for high-risk transactions. No single authentication factor, especially one derived from data that cannot be changed, should be treated as definitive.

Establish breach response protocols specific to biometric data exposure

• Standard breach response playbooks built around password resets and credit monitoring are inadequate for biometric data incidents. Organisations should develop specific response plans that include lifelong monitoring services for affected individuals, proactive notification to financial institutions and identity verification providers, and legal frameworks for addressing the unique, permanent nature of biometric compromise.

Demand transparency and contractual accountability from AI-era platforms

• Individuals and organisations providing sensitive data to AI hiring platforms, model training services, or any technology company requiring biometric inputs should demand explicit disclosure of data storage architecture, third-party tool dependencies, supply chain security practices, and breach response commitments before submitting any information. The era of trusting platforms with intimate data based solely on their valuation or investor backing should be over.

Quick snippet stories

1. UK Small Businesses Hit by Cash Crunch, Supplier Fears, and War Shocks
   A new Federation of Small Businesses survey reveals that UK SMEs are facing a compounding crisis as the Middle East conflict drives up input costs, supply chain uncertainty erodes confidence in supplier reliability, and persistent cash flow pressures push many firms toward the brink. The core risk is a cascading failure: when small businesses cannot trust that their suppliers will deliver, they freeze investment and hiring, which in turn weakens the suppliers they depend on. SMEs should stress-test their supplier base now and build short-term cash reserves to weather delayed payments. Main link to resource

2. Airlines Slash Flights as Jet Fuel Crisis Deepens
   Airlines are cutting routes and reducing frequencies as jet fuel prices surge amid ongoing Middle East volatility and Strait of Hormuz disruption. The risk extends beyond airline profitability into tourism-dependent economies and business travel connectivity, as reduced capacity concentrates passengers onto fewer routes and drives up ticket prices. Airlines hedged against short-term shocks may cope, but carriers and destinations without fuel diversification strategies face a prolonged squeeze that could reshape global aviation networks for years. Main link to resource

3. Australia’s Fuel Security Scheme Tested Under Real Conditions
   Australia’s strategic fuel reserve ships are now delivering under the government’s emergency fuel security scheme, providing a live stress test of a system designed for exactly this kind of disruption. Much like the COVID pandemic, where nations closely studied each other’s public health responses to identify what worked and what failed, countries are now observing each other’s fuel crisis strategies in real time. Australia, for example, has noted the Philippines’ mandate for work-from-home policies to reduce fuel consumption, only to discover that workers running air conditioning throughout the day consumed comparable energy, highlighting how seemingly logical mitigation measures can produce unintended consequences. Main link to resource

4. Australian Businesses Cut Hours and Push Remote Work as Fuel Costs Bite
   Australian businesses are slashing employee hours and accelerating work-from-home arrangements as the fuel crisis raises commuting and operational costs beyond sustainable levels. This may represent one of the first early signs of an employment slump beginning to set in, as reduced hours typically precede outright job losses in economic downturns. The risk is that what begins as a temporary cost-saving measure becomes structural, with businesses discovering they can operate with fewer paid hours and choosing not to restore them when conditions stabilise. Main link to resource

5. Security Leaders Dangerously Overconfident About Ransomware Recovery
   A new industry survey reveals a significant gap between security leaders’ confidence in their ransomware recovery capabilities and the reality of actual recovery outcomes. The risk is that overconfidence leads to underinvestment in tested, validated recovery processes, with organisations assuming backup systems and incident response plans will perform under pressure without ever subjecting them to realistic simulations. Firms should conduct unannounced recovery drills that mirror real attack conditions, including encrypted backups and compromised admin credentials, to expose gaps before an actual incident does. Main link to resource

Want to discuss how these risks might effect your business?
Book 30 minutes with us, free ↗

Need support?

At Fixinc, we are passionate about helping people get through disasters. That’s why our team of Advisors bring you this resource free of charge. If you need help understanding these threats and building a plan against them, the same Advisors are here to help over a 30-minute online call. Once complete, if you like what was provided, you can choose to provide a donation or subscribe to Unbreakable Ventures to support this channel.

Book your 30min call here

Watch the video version via YouTube.

Greg Headley is a Lead Data Scientist at Informed Solutions, a global technology consultancy with a 30-year track record of building mission-critical AI and data systems for some of the world’s most demanding environments. Originally from America with a background in geophysics (processing large-scale seismic data) Greg pivoted into data science and has spent the past three years helping operationalise AI in sectors where failure isn’t an option: healthcare regulation, policing, emergency services, and national security.

Informed Solutions is not your typical AI consultancy. They hold two Queen’s Awards for Innovation, are multiple WITSA Global ICT Excellence Award winners, and in December 2025 became one of the first ten organisations in the UK to achieve ISO 42001 certification—the world’s first international standard for Artificial Intelligence Management Systems. Their client list reads like a who’s who of critical infrastructure: the NHS, the Medicines and Healthcare Products Regulatory Agency (MHRA), His Majesty’s Inspectorate of Constabulary and Fire & Rescue Services (HMICFRS), the Metropolitan Police, the National Crime Agency, the Home Office, NatureScot, and dozens of UK government departments and private sector organisations.

What sets Informed apart is their multi-disciplinary approach. They don’t just build AI, they employ five technical disciplines working in concert: software engineering, delivery management, user-centered design, data science, and live services. It’s this combination that allows them to move beyond proof-of-concepts into production systems that work in the real world, supporting real people. Their recent work with the MHRA developed AI tools that reduced Good Manufacturing Practice compliance validation from two hours to under five minutes. A 95% efficiency gain that’s now operational.

Greg co-authored a significant paper published in the ASA Biopharmaceutical Report documenting this MHRA work, demonstrating how multi-disciplinary teams can responsibly deploy AI in safety-critical regulatory environments.

In this interview, we cover:

• Greg’s decade long involvement in data-related work.

• Informed Solutions emphasis on a multi-disciplinary approach to AI.

• Why building trust in technology is crucial, especially in healthcare.

• Why governance and standards are essential for ethical AI practices.

• What digital twins are and how they can enhance crisis management and preparedness.

• AI readiness assessments that help organisations understand their capabilities.

• Why trust in AI is fragile and requires incremental building.

• What the future of AI might look like and why it involves more specialised tools and models.

• How cybersecurity is a significant concern with the rise of AI.

• Why organisations should focus on user needs to ensure successful technology adoption.

Key timestamps:

• 00:00 Introduction and Background

• 02:53 The Multi-Disciplinary Approach to AI

• 05:58 Building Trust in High-Stakes Technology

• 08:45 Navigating Ethical Considerations in AI

• 11:52 The Role of Governance and Standards in AI

• 15:02 AI Readiness and Organisational Transformation

• 18:00 The Impact of AI on Productivity

• 21:13 Governance and Innovation in AI

• 24:13 Conclusion and Future Perspectives

• 45:58 The Importance of Standards in Business

• 52:21 Building Blocks for Smaller Businesses

• 53:46 Understanding Digital Twins

• 01:00:16 Digital Twins in Crisis Management

• 01:07:16 AI and Digital Twins: A Complex Relationship

• 01:10:15 The Dark Side of AI

• 01:15:40 Future Predictions: Optimism vs. Skepticism

Connect with Informed Solutions

Greg Headley

• LinkedIn: linkedin.com/in/gheadley27

• Published Work: A Multidisciplinary Approach for Developing Two Bespoke AI Tools (ASA Biopharmaceutical Report)

Informed Solutions

• Website: informed.com

• LinkedIn: linkedin.com/company/informed-solutions

• ISO 42001 Announcement: Landmark Certification for Responsible AI

• AI Charter: Informed Solutions AI Charter (PDF)

• AI Readiness Assessment Service: informed.com/services/ai-readiness-assessment

This podcast marks the public acknowledgement of the partnership between Fixinc and Informed Solutions, bringing world-class AI and resilience expertise to Oceania and ASEAN markets.

Hello 👋 get a brew on because these are the top emerging risks between March 23rd, and April 6th, 2026…

Review our report’s terminology here ↗

Our main risk this fortnight is…

1. Economic: Hormuz Closure Triggers Cascading Agricultural and Industrial Crisis Across Asia-Pacific

• The Strait of Hormuz closure, now entering its fourth week, has disrupted approximately 20% of global oil and liquefied natural gas flows alongside critical fertiliser shipments, with Goldman Sachs warning of severe agricultural inflation and supply crunches affecting food production across Asia, Oceania, and beyond.

  Fertiliser supply disruption threatens the entire 2026-2027 agricultural cycle across ASEAN nations, Australia, and New Zealand, as the Gulf states supply over 30% of global nitrogen and phosphate fertiliser exports, with planting seasons for key crops in the Southern Hemisphere beginning within the next three to five months.

• Australian grain and cattle producers face compounding pressures from rising fuel costs for farm machinery and transport, fertiliser shortages affecting soil preparation for winter planting, and increasing feed costs for livestock operations, with industry bodies warning of production contractions visible in late 2026 harvests.

• New Zealand’s agricultural export sector, contributing approximately 80% of goods exports, confronts rising input costs across dairy, meat, and horticulture operations, with fertiliser-dependent pastoral farming particularly vulnerable to supply disruptions arriving during critical autumn application windows.

  Southeast Asian rice production across Thailand, Vietnam, and Indonesia faces fertiliser access constraints that could reduce yields during upcoming planting cycles, threatening regional food security and potentially triggering export restrictions that amplify global supply tightness.

• The timeline for economic impact follows a predictable cascade: fuel and energy price increases visible immediately, fertiliser supply constraints affecting agricultural planning within four to eight weeks, reduced agricultural output and food price inflation materialising six to twelve months from initial disruption, and sustained cost-of-living pressures affecting consumer spending and business confidence through 2027.

Sources

• Hormuz Chokepoint Disruption May Trigger Agri-Inflation and Supply Crunch: Goldman Sachs | Firstpost | April 2026]

• Global Fertiliser Markets Face Supply Shock from Gulf Disruption | Reuters | April 2026

• Australia Warns of Agricultural Input Crisis as Strait Closure Extends | ABC News | April 2026

• ASEAN Food Security Concerns Mount Amid Middle East Tensions | Nikkei Asia | March 2026

• New Zealand Farming Sector Prepares for Input Cost Surge | Radio New Zealand | April 2026

You should be concerned if…

• Agricultural producers and food manufacturers: Operations dependent on synthetic fertilisers face immediate procurement challenges and price escalation, with those lacking contracted supply or alternative sourcing facing potential input shortages during critical application and planting windows over the coming months.

• Employers across all sectors: Cost-of-living pressures from food and energy inflation will erode employee purchasing power, driving wage pressure, workforce retention challenges, and productivity impacts as workers experience financial stress, with effects intensifying through late 2026 and into 2027.

• Consumer-facing businesses: Discretionary spending will contract as households redirect budgets toward essential food and energy costs, with retail, hospitality, tourism, and entertainment sectors facing demand compression that may not align with current revenue projections.

• Businesses relying on business confidence: Investment decisions, contract commitments, and expansion plans across the economy face hesitation as uncertainty over input costs, consumer demand, and macroeconomic trajectory creates decision paralysis among business leaders and financial institutions.

• Supply chain managers in manufacturing and construction: Industries dependent on petrochemical derivatives, plastics, synthetic materials, and energy-intensive processes face both direct cost increases and indirect impacts through supplier stress and potential defaults.

Preventative actions

Model twelve-month cost scenarios now

• Build financial projections incorporating sustained energy and food inflation through 2027. Stress-test margins, cash reserves, and credit facilities against scenarios where input costs rise 15-30% and consumer demand contracts. Identify break-even points and decision triggers for operational adjustments.

Engage suppliers on fertiliser and fuel forward contracts

• Where operationally relevant, explore locking in supply agreements or forward pricing before spot market escalation fully materialises. Accept premium pricing today to avoid potential unavailability or extreme pricing six months forward.

Prepare employee cost-of-living response strategies

• Develop contingency plans for wage adjustment discussions, benefit enhancements, or targeted support programmes that may become necessary as inflation erodes real incomes. Proactive communication about organisational awareness and response planning supports retention during uncertainty.

Diversify supplier geography for critical inputs

• Assess whether alternative fertiliser sources from North America, Russia, or North Africa could provide supply continuity despite higher transport costs or geopolitical complexity. Partial diversification reduces total exposure even if complete substitution proves impossible.

Communicate proactively with stakeholders about timeline expectations

• Ensure boards, investors, and leadership teams understand that current disruption impacts will intensify rather than resolve over the coming months. Set appropriate expectations for 2027 planning cycles reflecting probable rather than optimistic assumptions.

2. Geopolitical: UAE Positions Crisis Response as Competitive Edge

• The UAE is leveraging current regional instability to strengthen its position as a global business hub, with government-backed initiatives accelerating digital infrastructure, supply chain diversification, and crisis-tested operational frameworks that differentiate it from competitors still reacting to disruption.

• Dubai’s free zones and Abu Dhabi’s industrial clusters are actively recruiting businesses seeking to relocate operations away from higher-risk jurisdictions, with streamlined licensing processes now measured in days rather than weeks and regulatory sandboxes expanding across fintech, healthcare technology, and advanced manufacturing.

• The Emirates’ sovereign wealth funds are deploying capital into supply chain resilience infrastructure, including expanded port automation, warehousing capacity, and logistics technology platforms designed to reduce dependency on single-corridor shipping routes affected by ongoing regional tensions.

• Government-backed business continuity programmes now offer subsidised crisis management consulting, operational resilience assessments, and access to shared infrastructure facilities for small and medium enterprises lacking resources for independent contingency planning.

• The strategy explicitly targets businesses reconsidering regional headquarters locations, with incentive packages bundling tax advantages, talent visa streamlining, and guaranteed infrastructure access during regional disruption events.

Sources

• Turning Crisis into Capability: The UAE's Business Advantage | Khaleej Times | April 2026

• UAE Strengthens Position as Regional Business Hub Amid Middle East Tensions | Arabian Business | March 2026

• Dubai Free Zones Report Record Business Registrations in Q1 2026 | Gulf News | April 2026

• Abu Dhabi Industrial Strategy Accelerates Amid Regional Disruption | The National | March 2026

You should be concerned if…

• Regional headquarters decision-makers: Organisations currently evaluating Middle East or Asia-Pacific hub locations face a narrowing window to secure preferential terms, as early movers lock in infrastructure access, regulatory approvals, and talent pools that late entrants will find constrained or unavailable.

• Competitors to UAE-based businesses: Companies competing against UAE-headquartered rivals may face structural cost disadvantages as crisis-tested operations, streamlined logistics, and government-backed resilience programmes translate into faster market response and lower operational friction during ongoing regional instability.

• Supply chain strategists: Businesses without Gulf Cooperation Council logistics nodes face increased vulnerability as shipping route disruptions favour companies with diversified regional distribution networks and pre-positioned inventory in crisis-resilient jurisdictions.

• Talent acquisition teams: Organisations competing for internationally mobile professionals should anticipate talent migration toward UAE locations offering stability, infrastructure access, and quality-of-life advantages that become more attractive as alternative regional centres experience disruption.

These items are generic assumptions. We recommend considering your own unique risk landscape against your critical dependencies. If you don’t know what they are, get in touch.

Preventative actions

Evaluate regional hub strategy against crisis resilience criteria

• Assess whether current headquarters and operational centre locations provide adequate business continuity during sustained regional instability. Map dependencies on infrastructure, logistics corridors, and regulatory environments that may face disruption. Consider whether competitive disadvantages are emerging against rivals positioned in crisis-resilient jurisdictions.

Engage UAE trade and investment authorities

• If regional diversification aligns with strategic objectives, establish preliminary discussions with relevant free zone authorities and investment promotion agencies before preferential terms and infrastructure access become constrained. Early engagement provides optionality without commitment.

Stress-test supply chain resilience against Gulf region scenarios

• Model operational impacts of sustained logistics disruption through traditional corridors. Identify whether pre-positioned inventory, alternative distribution nodes, or diversified supplier relationships would provide meaningful competitive advantage during extended regional instability.

Quick snippet stories

1. EU Faces Largest Oil Supply Disruption in History
   The European Union confronts what energy experts describe as the largest oil supply disruption in market history, with Iran’s control of the Strait of Hormuz blocking 15-20% of global oil and natural gas flows. While Brussels prepares measures including reduced electricity taxes and grid tariffs, analysts warn Europe is not being sufficiently transparent with populations about crisis severity. Asian nations including Japan, South Korea, India, and Southeast Asian countries face immediate supply disruptions, with delayed impacts reaching European consumers within weeks to months. The crisis builds on 2022 Russian energy tensions, with diminishing alternative supplies as Asian allies increasingly reconsider Russian energy purchases, potentially forcing Europe toward the paradox of renewed Moscow dependency.
   Main link to resource

2. Jubilant FoodWorks Addresses LPG Supply Constraints Amid Middle East Tensions
   Domino’s Pizza operator Jubilant FoodWorks has disclosed operational adjustments responding to LPG supply constraints from Middle East disruptions, highlighting how energy dependencies ripple through consumer-facing businesses. The risk extends beyond direct fuel costs to operational continuity, as food service, manufacturing, and retail operations dependent on consistent gas supplies face potential service interruptions. Businesses should audit energy supply chains, identify single-source dependencies, and explore alternative fuel arrangements or operational modifications before constraints intensify.
   Main link to resource

3. UK Weeks Away from Medicine Shortages as Supply Chains Strain
   British healthcare faces potential medicine shortages within weeks as Middle East conflict disrupts pharmaceutical supply chains dependent on Asian manufacturing and Gulf shipping routes. The risk extends beyond developed nations, as reduced global supply and increased Western stockpiling may devastate third-world countries heavily reliant on international medical support. When wealthy nations experience scarcity, political pressure to prioritise domestic populations intensifies, potentially redirecting supplies away from nations lacking manufacturing capacity or purchasing power. Organisations should assess medical supply dependencies, identify critical medications requiring stockpiling, and consider implications for workforce health.
   Main link to resource

4. Business Interruption Coverage Gaps Exposed by Escalating Global Disruption
   Current global instability reveals significant gaps in traditional business interruption insurance, with many policies excluding war, civil unrest, cyber events, or supply chain failures from coverage. Businesses assuming insurance provides adequate protection during crisis events may face substantial uninsured losses when claims are denied on policy exclusion grounds. The risk compounds as interconnected disruptions trigger cascading failures across multiple coverage categories. Organisations should conduct immediate policy reviews with brokers, identify exclusion gaps, and assess whether supplementary coverage or increased reserves are necessary given current global conditions.
   Main link to resource

5. New Zealand Tourism Faces Delayed Crisis as Input Costs Surge
   New Zealand tourism operators report sharp increases in business costs as global disruption flows through supply chains, yet industry response may underestimate the crisis timeline. Tourism Industry Aotearoa’s chief executive describing the current summer season’s minimal impact as “a bit of a blessing” misses the critical point: the full effects of the Iran conflict and oil crisis will not materialise for six to nine months. This places maximum impact during the Southern Hemisphere summer of 2027, not the current or upcoming ski season. Businesses planning for 2027 summer operations should model significantly elevated input costs and potential demand compression from household budget constraints.
   Main link to resource

Want to discuss how these risks might effect your business?
Book 30 minutes with us, free ↗

Need support?

At Fixinc, we are passionate about helping people get through disasters. That’s why our team of Advisors bring you this resource free of charge. If you need help understanding these threats and building a plan against them, the same Advisors are here to help over a 30-minute online call. Once complete, if you like what was provided, you can choose to provide a donation or subscribe to Unbreakable Ventures to support this channel.

Book your 30min call here

Hello 👋 get a brew on because these are the top emerging risks between March 9th, and March 23rd, 2026…

Review our report’s terminology here ↗

Our main risk this fortnight is…

1. Economic: Insurance Audits Intensify as Businesses Scramble to Prove Resilience

• Fixinc (owner of Unbreakable Ventures) has observed a marked increase in the frequency, intensity, and on-site presence of insurance audits across their Australian and New Zealand client base over the past three months, with scrutiny previously reserved for $500M+ ARR businesses now extending to smaller organisations.

• Insurers are conducting on-site audits to scrutinise business continuity plans, business impact analyses, emergency management procedures, and cyber resilience documentation, moving beyond traditional remote reviews to hands-on verification of operational resilience.

• Fixinc has identified auditor competency concerns in several cases, where insurance auditors conducting reviews lack adequate training in business continuity frameworks and methodologies, creating risks of incorrect advice, delayed resilience programs, and potentially flawed premium assessments.

• The 2026 Allianz Risk Barometer confirms cyber incidents remain the number one global business risk for the fifth consecutive year, with business interruption ranking third, while only 3% of respondents view their supply chains as “very resilient” amid mounting geopolitical pressures.

• Australian insurers increasingly refuse coverage or impose premium increases for businesses unable to prove baseline security standards, with the Australian Cyber Security Centre’s Essential 8 becoming the de facto standard for insurer assessment of security posture and the cyber insurance market projected to grow from USD 467 million to nearly USD 2 billion by 2034.

Sources

• Perspectives: Policyholders Face Complex Recovery Environment | Business Insurance | February 2026

• Allianz Risk Barometer 2026 | Allianz Commercial | January 2026

• Global Risks Report 2026 | World Economic Forum | January 2026

• Australia's Cyber Posture Shows Progress but Gaps in Controls and Reporting Keep Insurers on Alert | Insurance Business Magazine | February 2026

• Cyber Insurance in Australia: 2026 Trends | CyberPulse | February 2026

• The Business Insurance Market Is More Technical in 2026 | Digital Insurance | January 2026

You should be concerned if…

• Universities and higher education institutions:
  These organisations face heightened scrutiny due to complex stakeholder environments, significant research data holdings, and increasingly targeted cyber threats. Fixinc has directly observed intensified audit activity in this sector across Australia and New Zealand, with auditors examining emergency management procedures and business impact analyses in granular detail.

• Ports, logistics, and supply chain operators:
  The WEF Global Risks Report 2026 identifies geoeconomic confrontation and supply chain vulnerability as top-tier risks, with logistics sectors facing differentiated impacts from geopolitical instability. Insurers are closely examining business continuity documentation for critical infrastructure operators, and Fixinc has observed on-site audits specifically targeting these organisations.

• Critical infrastructure and energy sectors:
  Both the Allianz Risk Barometer and WEF report highlight energy and critical infrastructure as high-risk categories for 2026. Regulatory frameworks including Australia’s SOCI Act layer compliance requirements that insurers increasingly reference during underwriting assessments.

• Financial services and healthcare:
  Industries subject to stringent data protection regulations face dual pressure from compliance audits and insurance underwriting scrutiny. Business interruption losses from cyber events now rival direct incident response costs, making demonstrated resilience critical to coverage terms.

• Mid-market businesses assuming exemption:
  While on-premise audits currently appear reserved for larger organisations, documentation and evidence requirements are extending to smaller businesses. The assumption that only major enterprises face intensive scrutiny no longer holds.

These items are generic assumptions. We recommend considering your own unique risk landscape against your critical dependencies. If you don’t know what they are, get in touch.

Preventative actions

Prepare evidence before the audit arrives

• Review and document your business continuity plans, business impact analyses, emergency management procedures, and cyber resilience posture now rather than waiting for insurer notification. Ensure documentation is current, tested, and evidence-based with clear version control and records of most recent exercises. Fixinc will be publishing a detailed guide on preparing for and managing insurance audits in the coming days, view their blog here.

Understand auditor assessment criteria

• Map the typical areas insurers review including risk management frameworks, incident response plans, backup and recovery procedures, supply chain resilience, and governance documentation. The Australian Cyber Security Centre’s Essential 8 has become the de facto standard for security posture assessment. Ensure you can demonstrate these are operational and tested, not merely documented.

Challenge findings that contradict best practice

• If an auditor provides feedback that contradicts established business continuity frameworks or your existing resilience methodology, question it directly. Request clarification on the methodology and standards being applied. Fixinc has observed instances where their advisory team has had to guide auditors through best-practice processes, indicating auditor training may not match senior resilience professional standards.

Request real-time feedback throughout the process

• Do not wait until the audit is complete to understand findings. Ask auditors what they are identifying as they review your documentation, allowing you to address concerns immediately and avoid surprises that could impact premium negotiations or coverage terms.

Calculate resource requirements and plan capacity

• Audits consume significant internal resources, pushing teams to capacity while managing daily responsibilities alongside audit requirements. Factor this drain into team planning and consider whether external advisory support is needed to manage the audit process without derailing operations or existing resilience programs.

Demand transparency on resilience-premium linkage

• Strong resilience should directly improve your premium position. If renewal reflects increased premiums despite robust documentation and demonstrated processes, require your insurer to explain the assessment methodology. The connection between resilience investment and insurance outcomes should be explicit and auditable.

2. Technological: Data Centre Strikes Force Businesses to Confront Third-Party Infrastructure Fragility

• Military strikes on data centres during the ongoing Middle East conflict have created unprecedented legal and policy questions about the status of civilian cloud infrastructure during armed conflict, with AWS, Google Cloud, and Microsoft Azure facilities in the region facing potential targeting as dual-use infrastructure.

• The concentration of global business operations on a small number of cloud providers means a successful strike on major data centres could cascade disruptions far beyond direct customers, affecting third and fourth-party suppliers who rely on the same infrastructure and creating downstream ripple effects across interconnected supply chains.

• International humanitarian law traditionally protected civilian infrastructure, but the increasing military and intelligence reliance on commercial cloud services has blurred distinctions, with some legal scholars arguing data centres processing military communications may lose protected status under the law of armed conflict.

• AWS operates data centres across multiple global regions specifically to provide redundancy, yet threat actors increasingly view major cloud providers as strategic targets whose disruption could simultaneously impact government, financial, healthcare, and critical infrastructure systems worldwide.

• Businesses must now consider whether conflict in the Middle East or other regions could affect their infrastructure through indirect pathways, as a data centre they do not directly use may host critical services for their suppliers, payment processors, or logistics partners.

Sources

• The Legal and Policy Fallout From Data Center Strikes in the Middle East War | Tech Policy Press | March 2026

• Global Risks Report 2026 | World Economic Forum | January 2026

• Allianz Risk Barometer 2026: Cyber Incidents Top Global Business Risks | Allianz Commercial | January 2026

• Cloud Infrastructure and Armed Conflict: Emerging Legal Questions | Harvard National Security Journal | February 2026

• Data Centre Concentration Risk and Business Continuity | Gartner Research | January 2026

You should be concerned if…

• Cloud-dependent businesses without geographic redundancy:
  Organisations relying on single-region cloud deployments face acute risk if that region experiences conflict-related disruption. Even well-established providers like AWS cannot guarantee availability if facilities become military targets, and businesses must understand their actual infrastructure footprint rather than assuming provider resilience.

• Companies with complex third-party supply chains:
  Your direct cloud provider may be resilient, but your payment processor, logistics partner, CRM vendor, or accounting software provider may not be. A data centre strike affecting services you do not directly use can still cascade through your supply chain, disrupting operations through fourth and fifth-party dependencies you may not have mapped.

• Financial services and critical infrastructure operators:
  These sectors face heightened regulatory scrutiny around operational resilience and must demonstrate they have identified and mitigated concentration risks in their technology supply chains. Regulators increasingly expect documented evidence of third-party infrastructure resilience testing.

• Businesses with Middle East regional exposure:
  Organisations with operations, customers, or suppliers in the Gulf region face direct exposure to infrastructure disruption from ongoing conflict. However, global businesses must also consider whether Middle East data centres host any services in their extended supply chain, as geographic distance does not guarantee insulation from regional infrastructure attacks.

Preventative actions

Map your complete infrastructure dependency chain

• Identify not only your direct cloud providers but the infrastructure dependencies of your critical third-party services including payment processors, logistics platforms, communication tools, and SaaS applications. Understand which data centre regions these services use and whether concentration risks exist that could create correlated failures during a regional disruption event.

Test for unlikely but possible scenarios

• Conduct tabletop exercises specifically modelling scenarios where major cloud infrastructure goes offline due to conflict, cyberattack, or physical damage. Many businesses have never tested for simultaneous loss of multiple cloud services, yet this scenario is now plausible given the targeting of data centres as strategic infrastructure.

Demand transparency from cloud providers and vendors

• Request documentation from your cloud providers and critical SaaS vendors about their geographic distribution, redundancy architecture, and continuity plans for regional infrastructure loss. Evaluate whether contractual SLAs address conflict-related disruptions or contain force majeure exclusions that would leave you unprotected.

Implement geographic and provider diversification

• Where feasible, architect systems to operate across multiple cloud providers and geographic regions. While this increases complexity and cost, concentration on single providers or regions creates systemic risk that may be unacceptable for critical business functions.

Establish offline fallback procedures

• Identify which business processes could continue with degraded or offline cloud services and document manual or alternative procedures. For functions that cannot operate without cloud infrastructure, ensure leadership understands the recovery time implications of extended outages measured in days or weeks rather than hours.

Quick snippet stories

1. Strait of Hormuz Shipping Crisis Shows No Signs of Resolution
   Tanker attacks in the Strait of Hormuz continue to compound global shipping disruptions, with Iran maintaining mobile oil infrastructure positions as the conflict with the United States extends into its fourth week. The critical risk for businesses is the absence of any diplomatic pathway to resolution, meaning each passing week doubles the compounding economic impacts through sustained high oil prices, shipping delays, insurance premium spikes, and supply chain bottlenecks that ripple far beyond the energy sector.
   Main link to resource

2. Global Businesses Maintain Gulf Investment Despite War Volatility
   Despite ongoing regional conflict and shipping disruptions, multinational companies continue expressing strong confidence in Gulf markets for long-term investment and expansion. The apparent contradiction reflects recognition that Middle East economies offer significant growth opportunities that outlast current instability, with businesses differentiating between short-term operational challenges and fundamental market potential while building enhanced contingency planning into their regional strategies.
   Main link to resource

3. Domain Expiry Phishing Campaign Targets Australian Businesses
   MailGuard has identified a phishing campaign impersonating Vodien that sends fraudulent domain expiry notices designed to harvest payment card details from Australian businesses. The risk extends beyond credential theft to potential domain hijacking if victims provide login credentials, enabling attackers to redirect business web traffic, intercept emails, and conduct further fraud using legitimate company domains as cover for malicious activity.
   Main link to resource

4. Asian Manufacturing Faces Oil Supply Knock-On Effects
   Morgan Stanley warns that ongoing oil supply disruptions will cascade across key Asian sectors including manufacturing, transportation, and chemicals production, with knock-on effects extending to consumer goods pricing and export competitiveness. Businesses dependent on Asian manufacturing in their supply chains should anticipate production delays, cost increases, and potential component shortages as energy costs flow through regional industrial capacity over coming months.
   Main link to resource

5. China Warns Regional Escalation Threatens Global Economic Stability
   China has urged an immediate halt to military operations in the Middle East, warning that regional escalation threatens global economic stability at a time when supply chains remain fragile from previous disruptions. The intervention signals Beijing’s concern that conflict-driven oil price spikes and shipping route closures could undermine Chinese economic recovery objectives, while simultaneously positioning China as a potential diplomatic intermediary seeking to preserve trade route access.
   Main link to resource

Want to discuss how these risks might effect your business?
Book 30 minutes with us, free ↗

Need support?

At Fixinc, we are passionate about helping people get through disasters. That’s why our team of Advisors bring you this resource free of charge. If you need help understanding these threats and building a plan against them, the same Advisors are here to help over a 30-minute online call. Once complete, if you like what was provided, you can choose to provide a donation or subscribe to Unbreakable Ventures to support this channel.

Book your 30min call here

This week, Unbreakable Ventures welcomes Umaima Farhan as our newest Resilience Advisor and a regular contributor to this publication. Umaima is based on the ground in Dubai and has been reporting directly to the Fixinc advisory team since the conflict began. What follows is drawn from that correspondence.

The Gap

On 2 March 2026, the UAE President Sheikh Mohamed bin Zayed Al Nahyan walked through Dubai Mall at 9pm. He was accompanied by Sheikh Hamdan bin Mohammed, Crown Prince of Dubai, Deputy Prime Minister, and Minister of Defence. They greeted shoppers. They posed for photos. They sat down for coffee after breaking their Ramadan fast. The Dubai Media Office posted the footage with a caption that translates roughly to:

Do not worry, for the UAE is safe and secure, and its leadership is among its people and close to its nation.

(Gulf News, The National)

This happened on the same day the UAE Ministry of Defence confirmed it had intercepted 161 ballistic missiles, 645 drones, and 8 cruise missiles launched by Iran.

If you were scrolling your newsfeed outside the Middle East that day, you almost certainly did not see the Dubai Mall footage. You saw the missiles. You saw the fires near the Burj Khalifa and the Fairmont on Palm Jumeirah. You saw headlines declaring Dubai’s safe-haven image “shattered.” That framing was not entirely wrong. But it was incomplete. And incomplete framing during a crisis is where bad decisions are made.

What the Feed Shows vs. What the Ground Shows

Umaima’s sister lives in New York. She has been panicking. Her newsfeed is full of narratives framing this as a religious war, or a purely pre-emptive strike, without the context that escalation occurred while diplomatic negotiations with Iran were still ongoing in Geneva. US media coverage has also emphasised Dubai as unsafe and suggested foreign professionals are fleeing.

Umaima’s actual experience is different. Not safe in the abstract. Not without anxiety. But structured, managed, and continuing.

Residents in her building receive instructions through a WhatsApp group chat run by a long-term resident. The UAE's government alert system sends two types of text message: one directing residents to seek evacuation, and a follow-up confirming the situation has passed. At the building level, the response varies. In Umaima's building, the fire alarm sounds if evacuation is required. Otherwise, the instruction is to continue with daily life.

The sounds are real. Umaima describes interceptions as a fast-moving object across the sky, a quick flash or burst of light, followed seconds later by a loud boom. Near her area by the World Trade Centre, she hears something once or twice a day. Some days, nothing at all. The Dubai Police sent a message warning that photographing, sharing, or reposting critical sites or unverified information can result in legal action.

A drone struck the parking lot adjacent to the US Consulate in Dubai on 3 March. Secretary of State Marco Rubio confirmed no personnel were injured. (TIME) Umaima’s helper was near the scene and told her the fire was quickly handled. Emergency services arrived fast, told the crowd to move back, and that was it. Most people continued with their day. In Dubai, the rules are strict, especially for expats. People do not exaggerate or create chaos.

Two days after the first strikes, Holi was celebrated in the streets of Dubai. People threw colours, danced, and marked the festival as they do every year. Not at the same scale. A massive event weeks earlier had drawn thousands, with an India-Pakistan cricket match as a centrepiece. The Holi celebrations during the conflict were smaller, quieter, mostly within friend groups and communities. But they happened. Ramadan continued. Iftaar events went ahead. A badminton group chat organised art therapy and sound therapy sessions led by a psychologist in the group. A charity drive collected donations for children injured in Iran.

None of this made the international newsfeed. The leadership walking through a shopping mall during an active missile defence operation tells you something about the actual threat level that no amount of headline writing can convey.

The Business Continuity Picture

The media narrative around Dubai’s economy focuses on cancellations, capital flight, and chaos. There is truth in that. Hotel bookings dropped over 50%. Emirates initially suspended operations before resuming at around 60% capacity by 6 March. Tourism is taking a significant hit.

But the operational picture on the ground is more measured than the headlines suggest.

Hedge funds and multinational firms in the Dubai International Financial Centre moved into contingency mode early. Many have since resumed fuller on-site operations while keeping flexible work options available. (Bloomberg Law) DP World confirmed all Jebel Ali terminals were operating normally with enhanced safety measures. (Khaleej Times) AD Ports reported the same. ADNOC confirmed onshore operations continued using emergency protocols and alternative export routes. (Gulf News)

The UAE government warned 449 firms over price hikes since the conflict began, actively managing market stability as part of its continuity posture. (Khaleej Times)

Schools and universities moved to distance learning under a Ministry of Education directive, with a return date communicated through official channels, Khaleej Times, Gulf News, and Lovin Dubai on Instagram. The messaging was consistent. One directive, one date, one set of instructions. For context, after the Christchurch terrorist attack in 2019, Fixinc (publication owners of Unbreakable Ventures) observed schools across the city sending contradictory messages because the Ministry of Education provided no guidance. This caused significant unrest particularly from parents. Dubai’s coordinated approach here is notable.

The Dubai Metro kept running. Roads stayed open. No curfews were imposed. Transport infrastructure continued to function. The government communicated early that there was enough stock in the country for at least four to six months of food and basic necessities. Residents were asked not to panic-buy, and most followed that guidance.

Umaima’s father works in electronics and appliance trading. His company is navigating uncertainty around airspace closures affecting deliveries. Their US offices are supporting operations while the Dubai team manages the situation day by day. That is business continuity in practice. Not a press release. Not a framework diagram. A team adjusting in real time.

The Water Question

One of the sharper risks in any Gulf conflict is water. The UAE is heavily dependent on desalination. A targeted strike on key infrastructure would create a serious humanitarian problem.

But the picture is more resilient than some reporting suggests. The UAE has approximately 70 desalination plants across the country. A similar incident in Bahrain, where a drone strike damaged part of a desalination facility, did not disrupt the national water supply. The Financial Times reported that the UAE maintains around 45 days of strategic water reserves as a contingency buffer. (Financial Times)

The risk is real. Acknowledging the redundancy does not dismiss it. But reacting to a headline about two weeks of water supply without understanding the distributed nature of the infrastructure is exactly the kind of gap this article is about.

The Information Architecture That Actually Works

One of the most interesting findings from Umaima’s reporting is where people are actually getting their information. It is not government websites. It is not traditional news. It is Instagram and WhatsApp.

The two most widely followed sources in Dubai are @LovinDubai and @modgovae (the UAE Ministry of Defence). Updates are fast, trusted, and accessible. Emergency contact numbers were shared across community Instagram pages and reposted widely within the first hours of the conflict.

For the older generation, WhatsApp is the primary channel. Umaima’s grandparents in Kuwait rely on WhatsApp group chats where members flag information as “verified” or “unverified” themselves. During COVID, this same pattern played out. WhatsApp gives quick, digestible updates. News broadcasts feel overwhelming.

Meanwhile, the US Embassy’s crisis notification system required an American phone number to register. Umaima could only sign up because her sister lives in the US. The crisis intake form returned an error the first time she submitted it. These are not minor UX issues. For an American citizen in a conflict zone, the inability to register for emergency notifications is a critical failure of crisis communication.

The contrast is worth sitting with. The UAE’s Ministry of Defence is posting bilingual alerts on Instagram that reach millions within minutes. The US Embassy’s notification system does not work without a domestic phone number.

What This Means For Your Business

Brad Law, Co-Founder and Head of Advisory at Fixinc, puts it simply:

The way you structure your information management during a crisis could be the difference between a measured response and a costly misstep. It is never too late to ask within your organisation how developed your situational awareness strategy actually is.

In practice, this comes down to three disciplines: collect, assess, act.

Start with collection. Identify credible sources for obtaining information. First-hand insight is always the most valuable, as this article demonstrates through Umaima’s reporting from the ground. Maintain multiple channels for sourcing that information, because some will go offline or fail during a crisis.

The US Embassy’s notification system is a case in point. Be prepared to distinguish between facts and assumptions from the outset, and establish how each will be handled. Log everything. If it is not recorded, it did not happen.

Then assess. Build mechanisms for evaluating incoming information against potential business impacts across people, operations, financial exposure, and regulatory obligations. Maintain a regular cadence for reassessment. What starts as an assumption on day one may become a verified fact by day three. Your response should evolve with the picture, not stay anchored to the first report you received.

Then act. Assessment without action is just commentary. Ensure that the information you have collected and evaluated generates clear outputs: situation reports, stakeholder briefings, media statements, or the activation of business continuity plans and IT disaster recovery. These are the tangible products of good situational awareness.

And then repeat. Collect, assess, act. Refine the picture as new information emerges. The situation in Dubai changed materially between the first weekend and the following Wednesday. Organisations that locked into a single response posture on day one and never revisited it were making decisions on stale intelligence by midweek.

If your organisation has operations in the Gulf, employees based in the region, or supply chain dependencies that route through the Middle East, the lesson here is straightforward. Your crisis response should not be driven by your newsfeed.

Establish direct, on-the-ground contacts. Umaima’s reporting has been more accurate, more timely, and more nuanced than anything published by international media in the first week. If you do not have someone in-country feeding you verified information, you are making decisions based on incomplete data.

Verify before you react. The gap between what international media reports and what is happening on the ground is significant. A business that activated a full evacuation based on early headlines may have overreacted. A business that assumed everything was fine based on the same headlines may have underreacted. Neither position was informed.

Watch the local channels. Instagram accounts like @LovinDubai and @modgovae are faster and more accurate than most wire services for on-the-ground updates in Dubai. WhatsApp group chats within buildings and communities are providing real-time, localised instructions. If your risk team is not monitoring these, they are missing the most relevant signal.

Do not confuse media volume with threat severity. The fact that Holi celebrations continued in the streets, that the President and Minister of Defence walked through a shopping mall during active missile interceptions, and that the Metro kept running, does not mean the situation is not serious. It means the response is proportionate. Your response should be too.

The Bigger Point

Every crisis produces a gap between what the media reports and what is actually happening. That gap is where overreaction lives. It is where panic buys, unnecessary evacuations, and poorly timed decisions are born.

Umaima put it well:

The general message people seem to be getting here in Dubai is that you should be cautious but not panic.

That is the message for your business too. Be cautious. Monitor. Plan. Activate when the facts warrant it. But do not let a newsfeed written for clicks dictate your crisis response. The people who started this conflict are doing a worse job communicating with their own citizens than the local government managing the fallout. That should tell you something about where to place your trust.

The view from the ground is always clearer than the view from the feed.

Umaima Farhan is a Resilience Advisor at Fixinc and a regular contributor to Unbreakable Ventures. She is based in Dubai.

If you need help building a crisis response plan or understanding how the current conflict may affect your operations, the same Advisors who collate these insights are available for a 30-minute consultation. Book time here.

In my previous piece, The Subprime GenAI Crisis, I laid out the financial fragility of the AI industry. The losses, the unsustainable burn rates, the circular funding. What I didn’t cover was the physical vulnerability. The thing that actually keeps the lights on.

This article connects two stories that the media is covering separately but almost nobody is linking together. The first: the US-Israeli war in Iran and the closure of the Strait of Hormuz. The second: the AI industry’s near-total dependence on natural gas to power data centres. When you draw a line between them, the picture is not pretty.

If you are a business leader, board member, or risk professional who has spent the last 18 months embedding AI into your operations because everyone told you to, this matters. A lot.

The Strait

Let’s start with the geography.

The Strait of Hormuz is a narrow channel between Iran and Oman. At its narrowest, it’s 21 nautical miles wide. Around 20% of the world’s oil and a similar share of its liquefied natural gas (LNG) flows through it every year.

On 28 February 2026, the US and Israel launched coordinated airstrikes on Iran under Operation Epic Fury. Iran retaliated with missile and drone attacks across the Gulf. Within hours, Iran’s Revolutionary Guard Corps declared the Strait closed, warning that any vessel attempting to pass would be set “ablaze.”

By early March, tanker traffic through the Strait had dropped to zero. Protection and indemnity insurance was pulled. Major shipping companies including Maersk suspended all crossings. Over 150 ships sat anchored outside the strait with nowhere to go.

The result was immediate. Crude oil jumped from around $67 per barrel to nearly $100 in under a week. The US national average for petrol rose 14% in seven days. European natural gas futures surged over 40% on the first Monday of the conflict.

Daniel Yergin, vice chair of S&P Global and one of the world’s foremost energy historians, called it a “nightmare scenario” and warned that the world is looking at the biggest disruption in oil production in history. Nobel-winning economist Paul Krugman wrote that the continued closure of the Strait represents a shock to world oil supplies bigger than the oil crises of the 1970s.

Why It Won’t End Quickly

As Ed Zitron lays out in his excellent newsletter piece on the situation, there are essentially four ways this ends: Iran reopens the strait voluntarily, the security situation improves enough for ships to pass, the Iranian government is overthrown, or both sides reach a deal.

None of those looks imminent.

Trump has demanded unconditional surrender. Iran has chosen Khamenei’s son, reportedly a hardliner, as the new Supreme Leader. Iran’s Shahed drones are cheap, mass-produced, and effective enough that even Ukraine, with years of experience, still cannot fully counter them. Robin Brooks of the Brookings Institution put it bluntly on why this matters: all Iran needs is to sneak through a couple of drones to blow up one ship and the situation escalates from serious to catastrophic.

Iran are prepared for this conflict. Some academics have warned that the nation has prepared for a US attack for over two decades. Surrendering to any US demands is unlikely.

Krugman also flags a critical non-linearity: a two-week closure is far more than twice as damaging as a one-week closure. As producers shut down wells, restarting them could take weeks or months, regardless of when a ceasefire is reached. Iraq has already cut output by 60%. Kuwait and the UAE have followed. Qatar shut down its Ras Laffan LNG facility entirely after Iranian drone strikes hit its infrastructure.

That last point is the one that matters most for this article.

The Fuel Behind AI

Here is what few are connecting.

The AI data centre boom runs on natural gas. Not in theory. Not as a backup. As the primary fuel source, right now, today.

A February 2026 report from Cleanview found that nearly 75% of planned on-site power equipment for data centres is natural gas. They identified 46 data centres building their own power generation, with a combined capacity of 56 gigawatts. Despite press releases touting renewables and nuclear, the equipment actually being installed is, in Cleanview’s words, “almost entirely gas-powered.”

The reason is simple. The grid cannot keep up. Getting connected to a local utility can take up to five years. Nuclear is 7 to 12 years out. Solar and wind cannot provide the firm, uninterrupted baseload power AI workloads demand. Natural gas can be deployed now. So that is what they are building.

The examples are everywhere:

• Stargate Abilene (OpenAI/Oracle): Powered by over 1 GW of natural gas turbines, largely off-grid.

• Stargate Shackelford County (OpenAI/Oracle): Entirely off-grid, running on 700 MW of natural gas generators via Voltagrid.

• xAI Colossus (Elon Musk, Memphis): Powered by natural gas generators, with a private gas plant planned in Mississippi.

• Bloom Energy fuel cells: Natural gas-powered fuel cells deployed for Oracle, AEP, and Brookfield data centres. Stock up over 400% in the past year.

• Permian Basin builds: Multiple off-grid natural gas data centres, including CloudBurst/Energy Transfer (1.2 GW) and the Nvidia-backed Poolside/CoreWeave Horizon campus (2 GW).

The Global Energy Monitor found that proposals for new natural gas facilities in the US tripled in 2025 compared to the year before. The US is now planning over 250 gigawatts of new natural gas energy capacity. A large portion of that is being driven by data centres.

Natural gas is not a bridge fuel for AI. It is the foundation.

The Collision

So what happens when the primary fuel source for the AI boom is caught in the crosshairs of a global energy crisis? Perhaps we’re looking at the perfect storm. Perhaps this is the final act that will burst the inevitable bubble.

The direct impact on US natural gas prices has been relatively contained so far. On the first Monday of the conflict, US prices rose about 5%, compared to the 40-45% surge in Europe. That’s because the US is a net exporter of gas, not an importer. But as the Financial Times reports, US LNG producers are now racing to redirect cargoes to take advantage of skyrocketing European and Asian prices, where LNG spot prices have nearly doubled.

This is the mechanism that will hit American data centres. When US gas producers can sell to Europe at 50% higher prices, they will. Domestic supply gets tighter. Domestic prices rise. Scott Shelton of TP ICAP told the Financial Times

Whatever we can put on a boat we are going to send.

Saul Kavonic of MST Marquee was even clearer:

Nothing can make up for the loss of Qatari LNG.

Rapidan Energy, one of the most respected energy advisory firms, warned CNBC that LNG could be hit harder than crude oil in the long run, because LNG production is more concentrated and harder to ramp up. Qatar’s Ras Laffan, which produces roughly a fifth of global LNG, is a single facility. It is now offline. QatarEnergy has delayed expansion plans until 2027.

Meanwhile, Counterpoint Research told CNBC that electricity accounts for roughly half of a data centre’s operating expenses. If energy costs spike and stay elevated, data centre operators may be forced to cut capital spending and reduce demand for AI infrastructure.

Brad Gastwirth of Circular Technology put it plainly:

For the technology sector the immediate risk is not a direct interruption in semiconductor production but a broader inflationary impact through energy and transportation costs.

The maths is not complicated. If the fuel behind AI gets significantly more expensive, everything downstream gets more expensive. Training runs. Inference. API calls. The subscriptions your company is paying for ChatGPT, Claude, Copilot. All of it.

Investor patience on profitable AI companies must run dry at some point. And conflict is an honest excuse to lean on cash, precious metals, and a sit and wait strategy. How will OpenAI and Anthropic function when investors simply go quiet but energy prices rise?

The Gap in Reporting

This brings us to a broader point about how this information reaches you.

In The Black Swan, Nassim Taleb makes the observation that journalists reporting in lockstep naturally causes opinion to converge and dimensionality to shrink. Everyone ends up using the same items as causes, telling the same story, landing on the same conclusions.

That is exactly what is happening here. Energy journalists are covering the Hormuz crisis. Tech journalists are covering AI data centre power. Few, if any, are drawing a line between the two. The result is that business leaders, risk professionals, and boards are making decisions about AI adoption without understanding that the energy supply powering these tools is under significant, sustained threat.

The media has spent two years telling you to adopt AI or get left behind. That same media is not yet telling you that the cost of running AI is about to get materially more expensive, with no clear timeline for resolution. At what point does the cost to use ChatGPT outweigh the return?

What To Watch

If you are responsible for technology strategy, operational resilience, or enterprise risk, here are the signals to monitor:

• US natural gas spot prices. The Henry Hub benchmark is currently around $2.96 per MMBtu. If it pushes past $4 and sustains there, data centre operating costs will feel it.

• LNG export volumes from the US. As producers redirect gas to higher-priced markets in Europe and Asia, domestic supply will tighten.

• AI service pricing changes. Watch for adjustments to API pricing, subscription tiers, or usage caps from major providers. These will be the first visible signs of cost pressure.

• Data centre construction delays. Higher energy costs, higher materials costs, higher labour costs. Stargate is already behind schedule. This will get worse.

• Fed interest rate signals. If energy-driven inflation forces rates up, the entire debt structure underpinning AI infrastructure becomes more fragile.

What To Do Now

The advice here is not to rip out your AI tools tomorrow. It is to stress-test your assumptions.

If your organisation has made AI central to its operations, ask the uncomfortable question:

what happens if the cost of those tools doubles? What happens if API rate limits tighten? What happens if providers raise prices to cover their own rising costs, or worse, if some of these companies go under because their already-unsustainable economics get hit by an energy shock they never planned for?

Build optionality. Maintain manual or lower-tech fallbacks for critical workflows. Diversify your provider stack. And above all, stop making long-term strategic commitments based on the assumption that AI will remain cheap and abundant.

The media-driven FOMO that pushed everyone to embed AI into everything did not account for a war in the Middle East closing a 21-mile-wide strait. But the physical world does not care about hype cycles. Oil tankers are sitting still. Gas prices are climbing. The natural gas turbines running AI’s biggest data centres are about to get a lot more expensive to feed.

The bubble was already fragile. This might be the pin.

Ollie Law is Co-Founder and Managing Director of Fixinc, a resilience advisory firm based in Oceania and ASEAN, and Editor-in-Chief of Unbreakable Ventures and the UV podcast. He writes about risk, technology, and business.

Hello 👋 get a brew on because these are the top emerging risks between February 9th, and March 9th, 2026…

We’ve been away for the last few weeks as some of our team deal with relocating across Asia. If you missed it, check out our deep dive on the World Economic Forum’s Global Risk Report 2026. Also coming up this month, we will take a look at the on-ground experience of the Iran conflict. Is what we’re seeing on media a true reflection of reality in the UAE?

Review our report’s terminology here ↗

Our main risk this fortnight is…

1. Technological: Your Encryption Has an Expiry Date

• Imagine a computer that doesn’t think in simple yes-or-no answers, but can explore millions of possibilities simultaneously. That’s quantum computing. Traditional computers process information as bits—either 0 or 1. Quantum computers use “qubits” that can exist as both 0 and 1 at the same time, a phenomenon called superposition. This allows them to solve certain complex problems exponentially faster than conventional machines. While still in early stages, quantum computers are advancing rapidly, and the encryption protecting virtually everything digital today was designed for a world where these machines didn’t exist.

• Google’s latest announcement confirms what cryptographers have warned for years: quantum computers capable of breaking current encryption standards are no longer theoretical. They’re an engineering challenge with a visible timeline, potentially within the next decade.

• The threat isn’t just future-facing. Adversaries are already harvesting encrypted data today using “harvest now, decrypt later” strategies, stockpiling sensitive communications, financial records, and state secrets to crack once quantum capability matures.

• Current RSA and ECC encryption (the backbone of secure internet communications, banking systems, government networks, and corporate infrastructure) becomes mathematically trivial to break with sufficiently powerful quantum processors.

• Most organisations operate on 3-5 year planning cycles while quantum-resistant migration requires 10-15 years of infrastructure overhaul, creating a dangerous gap between threat timelines and organisational preparedness.

• NIST has already published post-quantum cryptographic standards, yet adoption remains minimal across industries that have spent decades building systems on encryption they assumed would remain secure indefinitely.

• The challenge extends beyond technology replacement: organisations must audit every system, protocol, certificate, and data store touching cryptographic functions. A scope most have never fully mapped.

Sources

• Google Just Told You Your Encryption Is on Borrowed Time | Cybersecurity Insiders | February 2026

• NIST Releases First 3 Finalized Post-Quantum Encryption Standards | NIST | August 2024

• Quantum Computing Progress and Cryptographic Implications | IBM Research | 2025

• Harvest Now, Decrypt Later: The Quantum Threat Timeline | MIT Technology Review | 2025

You should be concerned if…

• Financial services and banking institutions: Your entire transaction security model—from customer authentication to interbank transfers—relies on encryption quantum computers will eventually break. Data encrypted today containing account details, transaction histories, and customer identities remains valuable for decades.

• Healthcare organisations holding long-term patient data: Medical records have indefinite sensitivity. Patient data encrypted today using current standards will remain sensitive in 15 years when quantum decryption becomes feasible, meaning today’s protection becomes tomorrow’s breach.

• Government contractors and defence suppliers: Nation-state adversaries are actively harvesting encrypted government communications now and they’re doing this quietly. If you handle classified information, strategic planning documents, or defence intellectual property, assume hostile actors are building archives for future decryption.

• Critical infrastructure operators: Energy grids, water systems, and telecommunications networks operate on multi-decade infrastructure cycles. Systems being deployed today will still be operational when quantum computers mature, requiring cryptographic agility built into current procurement decisions.

• Any organisation storing data with long-term confidentiality requirements: Trade secrets, legal documents, M&A communications, intellectual property, anything requiring confidentiality beyond 2035 faces exposure risk from today’s encryption choices

These items are generic assumptions. We recommend considering your own unique risk landscape against your critical dependencies. If you don’t know what they are, get in touch.

Preventative actions

Conduct cryptographic asset inventory now

• Begin immediately mapping every cryptographic dependency across your infrastructure—certificates, encryption protocols, key management systems, and third-party services using cryptography. You cannot migrate what you haven’t catalogued, and most organisations drastically underestimate their cryptographic footprint. This audit forms the foundation of any migration strategy.

Implement crypto-agility as architectural principle

• Design systems allowing cryptographic algorithms to be swapped without wholesale infrastructure replacement. Avoid hardcoded encryption implementations. Build abstraction layers enabling algorithm updates as post-quantum standards mature. The organisations that survive this transition will be those with flexible cryptographic architectures.

Prioritise data classification by temporal sensitivity

• Not all data requires immediate protection. Focus quantum-resistant encryption efforts first on data requiring confidentiality beyond 2035—trade secrets, long-term strategic plans, genetic information, legal records. Create tiered protection strategies based on data lifespan rather than attempting simultaneous migration.

Engage vendors on post-quantum roadmaps

• Demand clarity from technology suppliers on their quantum-resistant migration timelines. Include post-quantum cryptography requirements in procurement criteria. Suppliers without credible roadmaps become liability vectors as the threat materialises.

Begin pilot implementations with NIST-approved algorithms

• Start testing CRYSTALS-Kyber, CRYSTALS-Dilithium, and other NIST-standardised post-quantum algorithms in non-production environments. Build organisational expertise now while stakes remain low. The learning curve is substantial, and waiting for crisis conditions guarantees failure.

2. Economic: Singapore SMEs Face Internationalisation Crossroads

• Singapore’s business chambers are calling for expanded government support in Budget 2026, specifically requesting larger automation grants and enhanced assistance for SMEs pursuing international expansion amid increasingly complex global trade conditions.

• The Singapore Business Federation and associated chambers argue current support mechanisms haven’t kept pace with rising operational costs, supply chain restructuring requirements, and the technical investments needed to compete in fragmenting global markets.

• SMEs represent over 99% of Singapore’s enterprises and employ roughly 70% of the workforce, making their competitiveness directly tied to national economic resilience and Singapore’s position as a regional business hub.

• Requests focus on increasing the Enterprise Development Grant ceiling, expanding automation support schemes, and creating more accessible pathways for smaller firms to establish overseas presence without disproportionate compliance burdens.

• The push reflects broader anxieties about cost competitiveness as regional neighbours offer lower operating costs while Singapore-based SMEs face escalating wages, rental expenses, and regulatory requirements.

• Industry representatives emphasise that without enhanced support, Singapore risks losing entrepreneurial talent and business formation to more cost-competitive regional alternatives, weakening the domestic economic base.

Sources

• Budget 2026: Business Chambers Want More Help for SMEs to Internationalise, Bigger Automation Grants | The Business Times | February 2026

• Singapore SME Landscape Report | Enterprise Singapore | 2025

• Regional Competitiveness and SME Development in ASEAN | ASEAN Secretariat | 2025

• Singapore Budget 2025 Review and SME Support Mechanisms | Ministry of Finance Singapore | 2025

You should be concerned if…

• Singapore-based SMEs considering regional expansion: The gap between ambition and accessible support mechanisms may widen or narrow based on Budget 2026 outcomes. Understanding the evolving grant landscape directly impacts expansion timing and strategy decisions.

• Regional competitors and partners of Singapore firms: Changes to Singapore’s SME support ecosystem affect competitive dynamics across ASEAN markets. Firms competing with or partnering Singaporean SMEs should monitor how enhanced automation grants might alter cost structures and market positioning.

• Multinational corporations with Singapore supply chain dependencies: Singapore’s SME health directly affects supply chain reliability for larger firms sourcing components, services, or logistics through the city-state. SME competitiveness challenges cascade into procurement risk.

• Workforce development and training providers: Automation grant expansions create demand for reskilling programmes and technical training. Organisations positioned to support SME workforce transitions may find expanded market opportunities.

• Regional policymakers and economic development agencies: Singapore’s approach to SME support serves as a benchmark across ASEAN. Budget 2026 decisions will influence competitive policy responses from neighbouring economies seeking to attract or retain business formation.

Preventative actions

Map grant eligibility before strategic planning

• Singapore SMEs should conduct thorough audits of current and proposed government support schemes before finalising internationalisation or automation investment decisions. Timing major capital expenditures to align with grant availability significantly affects return on investment and reduces expansion risk.

Diversify market exposure beyond single-country dependencies

• Rather than concentrating international expansion in single markets, develop presence across multiple regional economies simultaneously. This distributes regulatory and economic risk while building resilience against any single market’s volatility.

Build automation roadmaps aligned with workforce transition

• Automation investments without corresponding workforce development create implementation failures and social friction. Develop parallel tracks addressing technology acquisition and employee reskilling to maximise return on automation grants while maintaining operational continuity.

Establish regional partnership networks before expansion

• Successful internationalisation typically requires local partners, distributors, or joint venture relationships. Begin relationship-building in target markets before committing expansion capital, reducing market entry risk and accelerating revenue generation timelines.

Monitor Budget 2026 announcements for timing optimisation

• Remain closely attuned to specific Budget 2026 announcements regarding grant ceilings, eligibility criteria, and application windows. Organisations prepared to move quickly following favourable announcements gain competitive advantage over slower-responding peers.

Quick snippet stories

1. Threat Actors Weaponising LLMs for Enhanced Attack Capabilities
   Google’s threat intelligence teams confirm adversaries are actively using large language models to accelerate attack development, improve phishing sophistication, and automate vulnerability research. The democratisation of AI tools lowers barriers for less sophisticated threat actors while enabling advanced groups to scale operations. Organisations should assume AI-enhanced attacks as baseline threat reality, investing in AI-powered defensive capabilities and enhanced employee training addressing more convincing social engineering attempts.
   Main link to resource

2. Attackers Exploiting AI Summarisation Features for Data Exfiltration
   Hackers are manipulating AI summarisation tools embedded in enterprise applications to extract sensitive information by crafting prompts that cause AI systems to expose confidential data in generated summaries. This attack vector exploits the trust organisations place in AI-generated outputs and the broad data access these tools often receive. Security teams should audit AI tool permissions, implement output filtering, and restrict summarisation features from accessing sensitive data repositories.
   Main link to resource

3. Cyber and Supply Chain Risks Dominating Japanese Business Concerns
   Aon’s latest survey reveals Japanese businesses rank cyber threats and supply chain disruption as their primary risk concerns for 2026, reflecting lessons from recent regional incidents and ongoing geopolitical tensions affecting semiconductor and manufacturing supply chains. This marks a significant shift from traditional Japanese risk priorities, signalling broader regional recognition that digital and physical supply chain resilience require integrated risk management strategies rather than siloed approaches.
   Main link to resource

4. Optus Outage Highlights Escalating Third-Party Dependency Risks
   Following previous incidents including the 2023 network collapse that disabled emergency triple-zero services—potentially contributing to preventable deaths—Optus has traced its latest mobile outage to a database software update from a third-party vendor. This pattern mirrors the CrowdStrike update that crippled Microsoft systems globally and illustrates how organisations have limited visibility into vendor development and testing practices. Critical infrastructure operators must implement rigorous vendor management frameworks, staged update deployment protocols, and assume third-party software changes carry systemic risk.
   Main link to resource

5. Supply Chain Cyber Attacks Evolving in Sophistication and Scale
   Group-IB research documents continued evolution of supply chain cyber attacks throughout 2026, with threat actors increasingly targeting software development pipelines, managed service providers, and trusted vendor relationships to achieve mass compromise through single intrusion points. Attackers recognise that breaching one upstream supplier provides access to hundreds or thousands of downstream victims. Organisations must extend security requirements contractually to suppliers, implement zero-trust architectures for vendor connections, and monitor for anomalous behaviour from trusted third-party integrations.
   Main link to resource

Want to discuss how these risks might effect your business?
Book 30 minutes with us, free ↗

Need support?

At Fixinc, we are passionate about helping people get through disasters. That’s why our team of Advisors bring you this resource free of charge. If you need help understanding these threats and building a plan against them, the same Advisors are here to help over a 30-minute online call. Once complete, if you like what was provided, you can choose to provide a donation or subscribe to Unbreakable Ventures to support this channel.

Book your 30min call here

Antonio Gramsci wrote his infamous words in 1929, imprisoned under Mussolini’s fascist regime. Nearly a century later, they capture 2026 with uncomfortable precision.

The World Economic Forum’s Global Risks Report 2026, now in its 21st edition, confirms what many have sensed: we have entered an age of competition. Cooperation is giving way to confrontation. Trust, the currency of collective action, is losing value. And the institutions that once underpinned global stability are under siege.

This article and supporting podcast summarizes the report’s key findings for risk professionals, executives, and board members. Read time: 90 seconds.

Want to discuss how these risks might effect your business?
Book 30 minutes with us, free ↗

The Outlook: Turbulent to Stormy

The WEF surveyed over 1,300 experts from business, government, academia, and civil society. Here is what they expect:

• 50% anticipate a turbulent or stormy global outlook over the next two years (up 14 percentage points from last year).

• 57% expect the same over the next decade.

• Only 1% anticipate calm.

This marks a significant tonal shift. Previous editions described multilateralism as “under pressure.” This year’s language is starker: cooperation is “crumbling,” and trust is “losing its value.”

Canada’s Prime Minister Mark Carney reinforced this at Davos just days after the report’s release:

“The multilateral institutions on which middle powers have relied, the WTO, the UN, the COP, the very architecture of collective problem-solving, are under threat.”

(Source: Global Risks Report 2026, Chapter 1, Figure 1, p.7 | PM Carney’s Davos Address, January 20, 2026)

Top 10 Risks for 2026

The immediate-term risk landscape is dominated by geopolitical and economic concerns:

1. Geo-economic confrontation (18% of respondents). Up 8 positions from last year.

2. State-based armed conflict (14%)

3. Extreme weather events (8%). Down from #2.

4. Societal polarization (7%)

5. Misinformation and disinformation (7%)

6. Economic downturn (5%). Up 8 positions.

7. Erosion of human rights and civic freedoms (4%)

8. Adverse outcomes of AI technologies (4%). New entrant in top 10.

9. Cyber insecurity (3%). New entrant in top 10.

10. Inequality (3%)

Economic risks showed the largest collective increase in ranking. Both economic downturn and inflation jumped 8 positions. The risk of an asset bubble burst rose 7 places.

(Source: Global Risks Report 2026, Chapter 1, Figure 11, p.15)

The 10-Year Horizon: Environmental Risks Return

Over the next decade, environmental risks reclaim the top positions:

1. Extreme weather events

2. Biodiversity loss and ecosystem collapse

3. Critical change to Earth systems

4. Misinformation and disinformation

5. Adverse outcomes of AI technologies. The sharpest climb of any risk, rising from #30 in the short-term to #5 over the decade.

This gap between short-term and long-term priorities reveals a pattern: the world is in reactive mode. When immediate crises dominate attention (wars, economic instability, AI disruption), longer-term risks get deprioritised. The problem is those risks do not wait. They compound.

Short-termism is itself a risk. Environmental threats are less “visual and confronting” than a trade war or an AI headline, but they remain the most severe over the decade. Ignoring them now accelerates the cost later.

(Source: Global Risks Report 2026, Chapter 1, Figure 6, p.10)

Five Themes Worth Understanding

The report’s second chapter explores six in-depth themes. Here are five relevant to business leaders:

Multipolarity without multilateralism

• Countries are going it alone. Global cooperation is breaking down, and no one is stepping up to fill the gap.

Values at war

• Ideological divides are deepening. Technology, especially social media and AI, is amplifying divisions rather than bridging them.

An economic reckoning

• Debt is piling up. Asset bubbles may be forming. The gap between those doing well and those struggling is widening.

Infrastructure endangered

• Aging systems are under pressure from climate stress and under-investment. Supply chains remain vulnerable to disruption.

AI at large

• AI is moving fast. Jobs are at risk. Autonomous systems, including in defense, are raising questions about control and accountability.

For APAC and ASEAN audiences, these themes carry particular weight. The region is deeply integrated into global supply chains, exposed to US-China tensions, and disproportionately vulnerable to extreme weather and sea-level rise. Carney’s observation that “middle powers must act together because if you are not at the table, you are on the menu” resonates strongly for Australia, Singapore, Indonesia, and others navigating this landscape.

(Source: Global Risks Report 2026, Chapter 2)

You Should Be Concerned If...

Your supply chain relies on geopolitically sensitive regions or single points of failure.

• Geo-economic confrontation is now the #1 risk. Trade weaponisation and supply chain leverage are accelerating.

Your business model depends on stable trade policy or cross-border data flows.

• Multilateral frameworks are weakening. Expect more friction, not less.

You operate critical infrastructure or rely heavily on it.

• Aging systems, climate stress, and under-investment create compounding vulnerabilities.

You have not stress-tested for economic downturn scenarios in three or more years.

• Economic risks are climbing fast. Debt, inflation, and asset bubble concerns are real.

You lack a position on AI governance or cyber resilience.

• AI and cyber risks are now in the top 10. Boards and leadership teams need clarity on both.

Preventative Actions

Review and diversify supply chain dependencies.

• Map exposure to high-risk regions and identify alternative sourcing options.

Update crisis management and business continuity plans.

• Include geopolitical scenarios, not just natural disasters or IT failures.

Conduct a cyber resilience assessment.

• Pay particular attention to AI-adjacent vulnerabilities and third-party risk.

Scenario-plan for economic volatility.

• Model inflation persistence, asset volatility, or credit tightening.

Engage leadership on AI policy.

• Internal governance and external regulatory readiness should be on the board agenda.

If you are unsure where to start, seek a second opinion from an advisory with cross-disciplinary expertise. The risks are interconnected. Your response should be too.

Be the 1%

Only 1% of experts surveyed expect calm. So what do they know?

They have prepared. They have stress-tested. They have diversified. They have accepted uncertainty as a constant and built systems to manage it.

The future is not fixed. The WEF makes that clear. But if you are stuck in reactive mode, responding to crisis after crisis without building capacity to anticipate what comes next, you are not shaping the future. You are being shaped by it.

Be the 1% in 2026.

Sources

• The Global Risks Report 2026 | World Economic Forum | January 2026

• Davos 2026: Special Address by Mark Carney, PM of Canada | World Economic Forum | January 20, 2026

• Read the Full Transcript of Carney’s Speech | CBC News | January 20, 2026

• Global Risks Report 2026: Top Risks in an ‘Age of Disorder’ | World Economic Forum | January 2026

Need support?

At Fixinc, we are passionate about helping people get through disasters. That’s why our team of Advisors bring you this resource free of charge. If you need help understanding these threats and building a plan against them, the same Advisors are here to help over a 30-minute online call. Once complete, if you like what was provided, you can choose to provide a donation or subscribe to Unbreakable Ventures to support this channel.

Book your 30min call here

Hello 👋 get a brew on because these are the top emerging risks between January 26, and February 9th, 2026…

Review our report’s terminology here ↗

Our main risk this fortnight is…

1. Economic: Consumer Goods Costs Surge on Global Shipping Crisis

• Global shipping costs have surged dramatically since late 2025, with container rates from Asia to Europe and the US more than doubling from mid-year levels, forcing businesses to make difficult decisions about absorbing costs or passing them to consumers.

• The Red Sea shipping crisis continues to disrupt major trade routes, with vessels diverted around the Cape of Good Hope adding approximately two weeks to journey times and significantly increasing fuel and operational costs for shipping companies.

• Procurement executives across multiple industries report that transport and logistics now represent the fastest-growing component of their cost base, with some companies seeing shipping expenses increase by 150-200% compared to pre-crisis levels.

• Computer and electronics manufacturers are particularly affected due to concentrated Asian production, with some firms reporting lead time extensions of 3-4 weeks and considering airfreight alternatives at substantially higher costs to maintain customer commitments.

• Industry analysts warn that inflationary pressures from shipping costs may persist through 2026, with limited capacity to absorb cost increases in already thin-margin sectors likely to result in consumer price rises across electronics, textiles, and household goods.

Sources

• Consumer goods prices set to rise as shipping costs and supply chain disruption bite | The Guardian | 1 February 2026

• Red Sea Crisis Continues to Reshape Global Trade Routes | Lloyd’s List | 28 January 2026

• Container Shipping Rates Index: Q1 2026 Analysis | Freightos | 5 February 2026

• Procurement Leaders Survey: Supply Chain Cost Pressures | Gartner | 30 January 2026

You should be concerned if…

• Retail and consumer goods importers: Businesses relying on Asian manufacturing with limited supplier diversification face margin compression or difficult pricing decisions. Those locked into fixed-price contracts with customers while bearing variable shipping costs are particularly exposed to profitability erosion.

• Electronics and technology hardware companies: Organisations dependent on components manufactured in concentrated Asian production hubs face both cost increases and delivery reliability challenges. Companies with just-in-time inventory models may experience stockouts or be forced into expensive air freight alternatives.

• Small and medium enterprises with limited bargaining power: Unlike major multinationals who can negotiate preferential rates or absorb short-term losses, SMEs face disproportionate cost impacts and may struggle to pass increases to price-sensitive customers without losing market share.

• Food and perishables importers: Time-sensitive cargo faces compounded challenges from extended shipping times, with some products becoming unviable for sea freight and requiring costly modal shifts or supplier changes.

These items are generic assumptions. We recommend considering your own unique risk landscape against your critical dependencies. If you don’t know what they are, get in touch.

Preventative actions

Diversify supplier geography and shipping routes

• Review concentration risk in your supply base. Identify alternative suppliers in regions less affected by Red Sea disruption, such as nearshore options in Eastern Europe, Turkey, or Latin America depending on your market. Even partial diversification reduces single-point-of-failure exposure.

Renegotiate contract terms with flexibility clauses

• Build shipping cost adjustment mechanisms into supplier and customer contracts. Index-linked pricing or cost-pass-through clauses protect against margin erosion while maintaining commercial relationships during volatility.

Increase safety stock for critical components

• Calculate the true cost of stockouts versus additional inventory holding costs. For high-margin or business-critical products, increasing buffer stock from weeks to months may prove economically rational given current freight premium differentials.

Explore modal diversification including rail

• China-Europe rail freight via the Trans-Siberian or Kazakhstan routes offers intermediate speed and cost between sea and air. While capacity is limited, establishing relationships with rail freight providers creates optionality.

Audit landed cost assumptions quarterly

• Static cost models based on historical freight rates lead to pricing and profitability surprises. Implement quarterly reviews of true landed costs including current freight rates, fuel surcharges, and extended transit time impacts on working capital.

2. Societal: Singapore Stress-Tests National Resilience with Simulated Crisis

• Singapore’s Total Defence Day exercise, SG Ready, will simulate simultaneous power outages and digital disruption across the island nation, testing citizens’ preparedness for extended periods without electricity, mobile connectivity, and digital payment systems.

• The exercise builds on Singapore’s mandatory Total Defence framework established in 1984, which encompasses military, civil, economic, social, digital, and psychological defence pillars, creating a whole-of-society approach to national resilience.

• Government agencies, critical infrastructure operators, businesses, and individual citizens are expected to participate, with scenarios designed to identify vulnerabilities in essential services and test backup systems across healthcare, transport, and financial services.

• Taiwan has developed similar resilience maturity through its nationwide mandatory drills, including the annual Han Kuang military exercises and Wan An civil defence drills, combined with high adoption of government-backed technology solutions such as the resilient emergency communication systems and distributed backup infrastructure.

• Both Singapore and Taiwan demonstrate that cultural resilience can be systematically built through regular practice, normalising emergency preparedness across populations and reducing panic response during actual crises while creating confidence among international investors and trading partners about operational continuity.

Sources

• Total Defence Day Exercise SG Ready Will Simulate Power Outage and Digital Disruption | Channel News Asia | 8 February 2026

You should be concerned if…

• Multinational corporations evaluating regional headquarters locations: Singapore and Taiwan’s demonstrated resilience capabilities increasingly factor into investment decisions. Countries unable to demonstrate similar preparedness may lose competitive position for foreign direct investment, particularly for operations requiring high uptime guarantees and business continuity assurance.

• Critical infrastructure operators in countries without national resilience frameworks: Organisations operating utilities, telecommunications, healthcare, or financial services infrastructure in nations lacking coordinated national exercises face unknown systemic vulnerabilities. Individual company preparedness means little if interdependent systems fail during cascading crises.

• Government policymakers responsible for emergency preparednes: Nations relying on reactive crisis management rather than proactive resilience building through regular exercises risk both higher casualties during emergencies and reduced international confidence in their stability as trade and investment partners.

• Supply chain managers with Asia-Pacific exposure: Understanding which regional nodes have stress-tested resilience versus those operating on untested assumptions affects risk-adjusted supply chain design. Singapore and Taiwan’s preparedness provides relative confidence in operational continuity.

Preventative actions

Adopt Singapore and Taiwan frameworks as benchmarks

• Study the Total Defence and civil defence exercise structures used by Singapore and Taiwan. Adapt these frameworks to your national or organisational context, focusing on their systematic approach to identifying dependencies and testing failure modes.

Advocate for national resilience exercises

• Business leaders and industry associations should actively lobby governments to establish regular, mandatory resilience exercises. Frame the argument in economic terms: demonstrated national resilience attracts foreign investment and trade partnerships, while untested systems create sovereign risk premiums.

Conduct organisation-level simulation exercises

• Do not wait for national frameworks. Run your own crisis simulations testing operations without power, connectivity, or digital payments for extended periods. Identify which business functions fail, what manual workarounds exist, and where critical single points of failure remain unaddressed.

Build cultural preparedness within your organisation

• Singapore and Taiwan succeed because preparedness is normalised across their populations. Replicate this within your organisation through regular drills, emergency preparedness training, and clear communication that resilience is a core operational competency, not an occasional compliance exercise.

Document and communicate your resilience capabilities

• As demonstrated resilience becomes a competitive differentiator, organisations that can evidence their preparedness through documented exercises, tested backup systems, and trained personnel will have advantages in supplier qualifications, insurance negotiations, and investor relations.

Quick fire threat updates

1. Malaysia Insurers Face Unprecedented Catastrophe Risk Exposure

   Malaysia’s insurance sector confronts a dramatic spike in catastrophe risk for 2026, with climate-driven flood events and storms increasing in both frequency and severity. Insurers face the dual challenge of maintaining affordable coverage while building adequate reserves for mounting claims. The risk extends beyond insurers to businesses and property owners who may find coverage becoming prohibitively expensive or unavailable in high-risk zones, potentially creating protection gaps that leave significant assets uninsured against increasingly predictable climate events.

   Malaysia insurers must confront catastrophe risk spike in 2026: report | Insurance Asia | February 2026

2. Geopolitical turbulence shows no signs of abating, with ongoing tensions across multiple regions continuing to disrupt established trade patterns and logistics routes. The convergence of trade policy uncertainty, regional conflicts, and shifting alliance structures creates an operating environment where supply chains face continuous adjustment pressure. Organisations treating current disruptions as temporary aberrations rather than the new normal risk repeated surprise; building adaptive capacity and scenario planning into procurement and logistics functions is now essential rather than optional.

   Why the Bumpy Geopolitical Ride Is Far From Over | Supply Chain Brain | February 2026

3. Logistics Networks Require Climate Resilience Overhaul

   Extreme weather events are exposing fundamental vulnerabilities in global logistics infrastructure, with floods, storms, and temperature extremes disrupting ports, warehouses, and transport networks with increasing regularity. The risk compounds as climate impacts affect multiple nodes simultaneously, overwhelming traditional backup arrangements designed for isolated incidents. Supply chain managers must now evaluate climate exposure across their entire network, investing in infrastructure hardening, route redundancy, and real-time weather monitoring to maintain operations as extreme events become routine rather than exceptional.

   Climate Change and Logistics: Stormproofing the Supply Chain | Transport and Logistics ME | February 2026

4. Australian Emergency Communications Failures Expose Rural Vulnerability

   Telstra faces criticism after mobile network outages during emergency situations left rural Australian communities unable to contact emergency services or receive critical warnings. The failures highlight dangerous dependencies on single telecommunications providers in regional areas where alternative connectivity options are limited or nonexistent. Rural businesses, local governments, and residents should assess their communications resilience, identifying backup options such as satellite phones, radio networks, or redundant carriers, while advocating for improved infrastructure investment in underserved areas.

   Nationals Slams Telstra Over Emergency Mobile Outages | WAMN News | February 2026

5. Pandemic Risk Insurance Market Gains Momentum

   The pandemic risk insurance market continues expanding as businesses seek protection against future health emergencies following lessons learned from COVID-19 disruptions. Growing demand reflects corporate recognition that pandemic-related business interruption represents a material and recurring risk requiring dedicated coverage rather than reliance on standard policies that often exclude such events. Organisations should evaluate their current policy exclusions, assess pandemic-specific coverage options, and factor premium costs into broader business continuity planning rather than assuming governmental support will materialise during future health crises.

   Pandemic Risk Insurance Market Report | Market.us | February 2026

Want to discuss how these risks might effect your business?
Book 30 minutes with us, free ↗

Need support?

At Fixinc, we are passionate about helping people get through disasters. That’s why our team of Advisors bring you this resource free of charge. If you need help understanding these threats and building a plan against them, the same Advisors are here to help over a 30-minute online call. Once complete, if you like what was provided, you can choose to provide a donation or subscribe to Unbreakable Ventures to support this channel.

Book your 30min call here

Hello 👋 get a brew on because these are the top emerging risks between January 12th and 26th, 2026…

Review our report’s terminology here ↗

Our main risk this fortnight is…

1. Environmental: APAC Insurance Gap Leaves 80% Weather Exposure Unprotected

• The Allianz Risk Barometer 2026 reveals natural catastrophes have risen to the second-highest global business risk, climbing from sixth position in 2024, with 31% of respondents identifying extreme weather events as their top concern, second only to cyber incidents at 38%.

• Asia-Pacific faces a protection gap exceeding 80% for weather-related losses, meaning the vast majority of economic damage from climate events falls directly on businesses and governments rather than being transferred to insurers, creating substantial unhedged financial exposure across the region.

• The 2024 Asia-Pacific natural catastrophe bill reached $65 billion in economic losses, yet only $12 billion was covered by insurance, demonstrating the stark reality of this protection gap and the financial vulnerability it creates for regional economies.

• Business interruption remains the top concern within natural catastrophe risks at 60%, followed by damage to corporate assets and real estate at 53%, with climate change now ranked as the fourth most important global risk overall in the Allianz survey.

• Supply chain disruptions from extreme weather events are increasingly affecting businesses far beyond the immediate disaster zone, with the interconnected nature of global commerce meaning a typhoon in Southeast Asia or floods in Australia can halt production and delivery schedules across continents.

• The Allianz report surveyed 3,778 risk management experts across 106 countries, with responses from CEOs, risk managers, brokers, and insurance experts providing a comprehensive view of the corporate risk landscape heading into 2026.

Sources

• APAC Insurance Gap Above 80% Leaves Weather Exposure | Asian Business Review | January 2026

• Allianz Risk Barometer 2026 | Allianz Commercial | January 2026

• Natural Catastrophes Rise to Second-Highest Business Risk | Insurance Journal | January 2026

• Asia-Pacific Climate Risk Insurance Gaps | Swiss Re Institute | 2025

You should be concerned if…

• Manufacturing and logistics operations in APAC:
  Businesses with production facilities, warehouses, or critical supply chain nodes in typhoon-prone regions of Southeast Asia, flood-vulnerable areas of South Asia, or bushfire-exposed zones of Australia face potentially uninsured losses that could threaten operational continuity and financial stability.

• Property and infrastructure investors:
  Real estate developers, infrastructure funds, and asset managers with significant APAC portfolios may find valuations increasingly disconnected from actual climate risk exposure, particularly where insurance coverage assumptions prove unrealistic or unavailable.

• Global supply chain dependencies:
  Organisations sourcing components, raw materials, or finished goods from APAC suppliers should recognise that their partners’ uninsured weather losses become their business interruption risk, regardless of their own insurance position.

• Financial institutions with APAC loan books:
  Banks and lenders with exposure to APAC commercial real estate, agriculture, or manufacturing sectors face credit risk from borrowers experiencing uninsured catastrophic losses, particularly where collateral values may be impaired by climate events.

These items are generic assumptions. We recommend considering your own unique risk landscape against your critical dependencies. If you don’t know what they are, get in touch.

Preventative actions

Conduct granular climate exposure mapping

• Move beyond generic regional assessments to asset-level climate risk analysis. Identify which specific facilities, suppliers, and logistics routes face flood, typhoon, wildfire, or extreme heat exposure, then quantify potential business interruption duration and cost under realistic disaster scenarios.

Stress test insurance assumptions

• Review existing policies with a critical eye toward actual coverage triggers, exclusions, and limits. Many businesses discover post-event that business interruption coverage has waiting periods, contingent business interruption has insufficient limits, or parametric triggers don’t match actual loss scenarios.

Build supplier redundancy in exposed regions

• Develop qualified alternative suppliers outside the primary climate risk zones affecting your current supply chain. Negotiate contracts and logistics arrangements that can be activated rapidly when disasters strike primary suppliers.

Establish climate contingency reserves

Given the protection gap reality, budget for self-insured climate losses as a normal cost of APAC operations. Create dedicated reserves or access to liquidity facilities that can absorb uninsured losses without threatening core business viability.

2. Geopolitical: Global Risk Landscape Fractures as Economic Warfare Eclipses Traditional Threats

Note: We will be producing a separate deep-dive podcast episode examining the full World Economic Forum Global Risks Report 2026 in detail in a coming week.

• The World Economic Forum’s Global Risks Report 2026 identifies state-based armed conflict as the top short-term risk, driven by over 50 conflicts worldwide claiming approximately 200,000 lives during 2024, the highest annual toll in nearly three decades.

• Geoeconomic confrontation now ranks as the second most severe short-term risk globally, with economic measures such as tariffs, sanctions, and investment screening increasingly weaponised as tools of geopolitical competition, fundamentally reshaping global trade and investment patterns.

• Environmental risks dominate the long-term outlook, with extreme weather events ranked as the most severe risk over a 10-year horizon at 41% of expert responses, followed by biodiversity loss and ecosystem collapse at 39%, and critical change to Earth systems at 36%.

• The report introduces “fractured foundations” as a key theme, highlighting how erosion of trust in multilateral institutions, fragmentation of global supply chains, and declining international cooperation create compounding vulnerabilities across economic, technological, and environmental domains.

• Misinformation and disinformation rank as the third most severe short-term risk, with AI-enabled synthetic content and coordinated information operations increasingly difficult to detect and counter, threatening democratic processes, market stability, and corporate reputations.

• The WEF surveyed over 900 experts across academia, business, government, and international organisations, with respondents warning that the convergence of multiple risk categories creates cascading scenarios where environmental stress triggers conflict, which disrupts supply chains, which accelerates economic fragmentation.

Sources

• Malaysia's Trade Outlook Amid Global Risks | The Edge Markets | January 2026

• World Economic Forum Global Risks Report 2026 | WEF | January 2026

• Geoeconomic Fragmentation Reshapes Trade | IMF Blog | January 2026

• Armed Conflict Reaches Three-Decade Peak | SIPRI

You should be concerned if…

• Export-dependent economies and businesses:
  Nations and companies heavily reliant on trade with major power blocs face increasing pressure to align with one side or risk market access restrictions, tariff escalation, or exclusion from critical supply chains as economic measures become standard geopolitical tools.

• Technology and semiconductor sectors:
  Firms in strategic technology industries face expanding export controls, investment screening, and supply chain localisation requirements that fragment previously global markets and require duplicative R&D, manufacturing, and compliance infrastructure.

• Commodity and energy traders:
  Businesses exposed to global commodity flows face heightened sanctions risk, payment system fragmentation, and logistics disruptions as resource access becomes intertwined with geopolitical alignment and economic warfare measures.

• Multinational corporations with diversified operations:
  Organisations operating across geopolitical divides must navigate increasingly incompatible regulatory regimes, data localisation requirements, and reputational risks from association with either bloc in contested markets.

Preventative actions

Map geoeconomic exposure across operations

• Identify which revenue streams, supply relationships, and market access points depend on continued geopolitical stability or specific trade relationships. Quantify exposure to tariff escalation, sanctions expansion, or market access restrictions under realistic fragmentation scenarios.

Develop bloc-agnostic operational capabilities

• Where feasible, build redundant capabilities that can serve different geopolitical blocs independently. This includes localised supply chains, regional data infrastructure, and market-specific product variants that reduce dependency on cross-bloc flows.

Establish geopolitical monitoring and scenario planning

• Move beyond reactive crisis response to continuous monitoring of trade policy developments, sanctions announcements, and diplomatic shifts. Develop decision trees for operational adjustments triggered by specific geopolitical escalation thresholds.

Diversify currency and payment system exposure

• Reduce concentration in any single payment infrastructure or reserve currency. Establish relationships with financial institutions across multiple jurisdictions and develop capabilities to settle transactions through alternative mechanisms if primary channels become restricted.

Quick snippet stories

1. Healthcare Sector Faces Perfect Storm of Cyber Threats and AI Integration Risks
   Australia’s healthcare sector faces escalating cyber risk as the value of patient data rises and rapid AI adoption expands attack surfaces. Legacy medical devices with weak security now sit alongside AI tools processing sensitive health records, while ransomware groups deliberately target healthcare to exploit the consequences of disruption. To reduce exposure, organisations must adopt zero-trust principles, rigorously assess AI vendors, and isolate unpatchable medical devices on segmented networks.
   Main link to resource

2. Resilience Debt Accumulating as Organisations Underestimate Recovery Complexity
   Dell Technologies research highlights growing “resilience debt,” where organisations prioritise prevention and detection but underinvest in recovery, leaving them unable to restore operations quickly after an attack. This gap often only emerges during real incidents, when backups fail, recovery plans are untested, or dependencies cause delays. Closing it requires realistic recovery exercises, proven backup restoration tests, and clear runbooks that assume systems and staff may be unavailable.
   Main link to resource

3. Energy Infrastructure Cyber Attacks Intensify Amid Geopolitical Tensions
   Cyber attacks on energy infrastructure are increasing as nation-state and criminal actors exploit the sector’s critical role and weak operational technology security. Legacy OT systems prioritise safety and reliability over security, while once-isolated networks are now connected for efficiency, increasing exposure and the risk of physical damage. Energy operators must assess OT security, segment IT and OT environments, deploy industrial-grade monitoring, and plan incident response with physical safety in mind.
   Main link to resource

4. Critical Vulnerabilities in Anthropic MCP Server Enable Remote Code Execution
   Security researchers have found critical vulnerabilities in Anthropic’s Git Model Context Protocol server that could allow attackers to run arbitrary code and compromise AI development environments. The issue underscores wider risks across fast-growing AI infrastructure tooling, where security often lags rapid deployment and complex integrations create new attack paths. Organisations should urgently apply patches, limit network access to AI systems, and monitor for suspicious activity indicating exploitation.
   Main link to resource

5. Security Leaders Report Misalignment Between Investment Decisions and Actual Risk
   Research from Expel shows organisations often misalign cybersecurity spending with real attack patterns, driven more by marketing, compliance, or executive preference than evidence. This leads to overinvestment in unlikely threats while common attack paths remain weak. Security leaders should adopt data-driven investment models, benchmark defences against actual sector attacks, and frame risk in business terms to guide better board-level decisions.
   Main link to resource

Want to discuss how these risks might effect your business?
Book 30 minutes with us, free ↗

Need support?

At Fixinc, we are passionate about helping people get through disasters. That’s why our team of Advisors bring you this resource free of charge. If you need help understanding these threats and building a plan against them, the same Advisors are here to help over a 30-minute online call. Once complete, if you like what was provided, you can choose to provide a donation or subscribe to Unreasonable Ventures to support this channel.

Book your 30min call here

Hello and Happy New Year 👋 get a brew on because these are the top emerging risks between December 15 2025, and January 12, 2026…

Review our report’s terminology here ↗

We’re back after a well-deserved break and although it went faster than Christmas pudding, we’re excited to support you in global threats and mitigations in 2026.

After much reading and analyzing the world’s top threat intelligence over the holidays (excellent bedtime reading), we can confidently say that this new year is unlikely to be any different. In fact, the key risk categories have gone up in criticality by about 26% in the last 3 months according to recent studies out of WEF and Harvard Business Review.

The strategy for 2026 is a simple:

Plan, do, check, and act.

Do those four things, and you will be OK.

Our main risk this fortnight is…

1. Economic: 2026 Supply Chain Disruption Outlook

• Everstream Analytics is flagging a 2026 disruption landscape where climate-linked shocks, infrastructure strain, and geopolitics increasingly compound rather than occur in isolation, turning “single events” into multi-region, multi-tier supply failures.

• The operational risk is shifting from short, localised delays to prolonged volatility: suppliers may “recover” but remain capacity constrained due to labour dislocation, damaged logistics corridors, or repeated extreme-weather events.

• Planning is moving beyond supplier scorecards toward network mapping: understanding sub-tier dependencies, chokepoints, and route optionality becomes a prerequisite for credible resilience claims.

• The practical takeaway: “just in time” is not dead, but it is being forced to coexist with redundancy, scenario planning, and earlier commitment to inventory and transport capacity.

Sources

• Everstream: Predicts the top four global supply chain disruptions for 2026 (DC Velocity, accessed 11 Jan 2026)

• International Monetary Fund: World Economic Outlook (October 2025 edition)

• Federal Reserve Bank of New York: Global Supply Chain Pressure Index (latest release)

• World Economic Forum: Global Risks Report 2025 (January 2025)

• World Meteorological Organization: 2024 State of Climate Services (November 2024)

You should be concerned if…

• Manufacturers with regionally concentrated supply
  If key components come from one climate-exposed geography or a single logistics corridor, repeated disruption can become “normal operations,” eroding service levels and margins simultaneously.

• Retailers and consumer brands with promotion-driven demand spikes
  Weather and transport volatility punish tight replenishment cycles. If demand surges meet a fragile inbound network, you get stockouts and expedited freight at the same time.

• Logistics providers and 3PLs with fixed-network assumptions
  If your network design assumes stable lane performance and predictable port or rail throughput, you will struggle when disruptions cascade across nodes and force rapid re-optimisation.

• Companies with thin tier-2 and tier-3 visibility
  Even if tier-1 suppliers appear stable, sub-tier fragility can trigger sudden line-down events that look like “supplier failure” but are actually upstream shocks.

These items are generic assumptions. We recommend considering your own unique risk landscape against your critical dependencies. If you don’t know what they are, get in touch.

Preventative actions

Build a disruption portfolio, not a single plan

• Treat disruption as a set of repeatable patterns (weather, labour, infrastructure, geopolitical constraints) and maintain playbooks for each, including triggers for switching lanes, swapping suppliers, and changing order policies.

Map critical sub-tier dependencies

• For high-impact SKUs, identify tier-2 and tier-3 single points of failure and validate alternates. Contractual visibility requirements and periodic supplier validation are often more effective than one-off surveys.

Design route optionality into contracts

• Pre-negotiate carrier and lane alternatives, including port-of-entry flexibility. Optionality is cheapest before the incident and most expensive during it.

Stress-test inventory policy against multi-week disruption

• Run scenarios where replenishment is constrained for longer than expected, then decide which SKUs justify strategic buffers and where postponement or substitution can reduce fragility.

2. Technological: Ransomware Targets Transport Logistics

• A Cyble report highlights a surge in ransomware activity affecting transport and logistics, with attackers exploiting the sector’s high uptime requirements and operational interdependence to force faster payments and higher disruption impact.

• Logistics firms are attractive targets because downtime propagates immediately: missed pickups, warehouse standstills, customs delays, and cascading penalties across contracted service-level agreements.

• The threat is not limited to “IT systems” in isolation. Fleet operations, warehouse management, shipment visibility platforms, and customer portals create multiple attack surfaces and multiple pressure points for extortion.

• The broader risk is systemic: when a major logistics node is compromised, downstream manufacturers and retailers can experience disruption even if their own systems remain uncompromised.

Sources

• Cyble: 2025 ransomware attacks on transport and logistics surge, disrupting global supply chains (VARINDIA, accessed 11 Jan 2026)

• CISA: Stop Ransomware – ransomware guidance and response resources (updated)

• Microsoft Security: Ransomware trends and threat intelligence (latest)

• FBI IC3: Internet Crime Report (April 2024)

• UK National Cyber Security Centre: Threat actors exploiting supply chains and third parties (guidance collection)

You should be concerned if…

• Transport, freight forwarding, and warehousing operators
  Your business model depends on continuous operations and tight coordination. Ransomware disrupts dispatch, scanning, routing, inventory accuracy, and customer commitments simultaneously.

• Manufacturers running lean production and time-definite inbound
  Even a short outage at a 3PL, carrier, or visibility vendor can halt lines or force costly rescheduling. Your resilience is only as strong as your logistics dependencies.

• Retailers dependent on DC throughput and last-mile partners
  If WMS, labour scheduling, or transport systems go offline, order backlogs compound quickly and recovery can take days even after systems are restored.

• Any firm using shared logistics platforms
  Multi-tenant systems and widely used vendors can become single points of systemic failure, where one compromise becomes a cross-customer disruption event.

Preventative actions

Assume logistics is critical infrastructure

• Treat TMS, WMS, telematics, and label/scan environments as “must-run” systems with hardened access controls, aggressive patching, and isolation from general corporate IT.

Prove you can recover operations without paying

• Maintain offline, tested backups and run restore drills that include the operational layer: shipping, receiving, pick-pack-ship, and dispatch workflows, not just server recovery.

Contract for cyber resilience, not just uptime

• Supplier agreements should include breach notification timelines, recovery time objectives, and evidence-based controls (MFA, segmentation, backup posture), with the right to audit where appropriate.

Reduce blast radius with segmentation and least privilege

• Split corporate IT from warehouse/fleet systems; enforce MFA; remove standing admin rights; and monitor for abnormal access in dispatch and warehouse accounts.

Quick snippet stories

1. Cyber incidents are increasingly disrupting enterprise operations
   A Yahoo Finance report highlights that cyber incidents and attacks are materially disrupting enterprise operations, reinforcing that digital downtime is now an operational risk problem, not just an IT issue. The practical implication is that continuity planning must cover identity outages, SaaS disruptions, third-party compromise, and degraded manual workarounds, not only catastrophic data-loss events.
   Yahoo Finance: Cyber incidents and attacks disrupt enterprise operations (accessed 11 Jan 2026)

2. Honda extends China production halt amid Nexperia crisis
   Honda has extended a production halt in China linked to a supplier disruption described as the “Nexperia crisis,” underscoring how semiconductor supply constraints can rapidly translate into OEM operational stoppages. The story also points to a geopolitical industrial-policy dimension, with heightened scrutiny of Nexperia due to its ownership structure and government intervention affecting assets and operations. For supply-chain leaders, the key risk is that political decisions can constrain capacity and availability in ways that appear to be supplier failures but are effectively state actions.
   Automotive World: Honda extends China production halt over Nexperia crisis (accessed 11 Jan 2026)

3. Manufacturing in 2026: repatriation meets intelligent cobots
   A Machinery feature argues that 2026 manufacturing strategy is being shaped by two parallel forces: supply-chain repatriation and the uptake of more capable, intelligent collaborative robots. The risk lens is straightforward. Firms attempting to onshore or nearshore without solving labour and productivity constraints may struggle, while those adopting automation without robust change management can introduce quality and safety issues. The durable advantage comes from linking automation decisions directly to resilience goals such as multi-site flexibility and faster product changeovers.
   Machinery: Manufacturing in 2026, from supply-chain repatriation to intelligent cobots (accessed 11 Jan 2026)

4. UK businesses warned that disruption risk is rising from protests
   City AM reports warnings to businesses about disruption stemming from a surge in protests, which can affect staff access, deliveries, customer footfall, and local transport reliability. This is a continuity-planning issue as much as a security issue. Organisations need routing options, staffing contingencies, and communications playbooks for rapid disruption in dense urban areas. If you operate from shared premises, disruption affecting others is almost always yours too, so planning and exercises should explicitly incorporate external disruptions in shared buildings, estates, and multi-tenant sites.
   City AM: City businesses warned of disruptions from surge in protests (accessed 11 Jan 2026)

5. Ransomware pressure rises on UK mid-market firms
   Raconteur reports that UK mid-market firms are increasingly targeted by ransomware actors, often because they have meaningful revenue and operational complexity without enterprise-grade security depth. For leadership teams, the operational lesson is that ransomware is rarely just data theft. It manifests as service disruption, invoice disruption, payroll disruption, and customer churn risk. The most practical step is to align cyber controls to business processes that must continue operating, then test the ability to function manually under realistic downtime assumptions.
   Raconteur: Ransomware and the UK mid-market, why firms are exposed (accessed 11 Jan 2026)

Want to discuss how these risks might effect your business?
Book 30 minutes with us, free ↗

Need support?

At Fixinc, we are passionate about helping people get through disasters. That’s why our team of Advisors bring you this resource free of charge. If you need help understanding these threats and building a plan against them, the same Advisors are here to help over a 30-minute online call. Once complete, if you like what was provided, you can choose to provide a donation or subscribe to Unreasonable Ventures to support this channel.

Book your 30min call here

Sparked by research conducted for an October panel on Taiwan’s disaster management system, this episode explores the growing gap between nations that have operationalised resilience and those still stuck in consultation, procurement, and fragmented execution.

Using Taiwan’s National Science and Technology Center for Disaster Reduction as a reference point, the episode walks through how integrated sensors, predictive modelling, shared dashboards, and public-facing tools fundamentally change emergency outcomes. It then contrasts that systemised approach with New Zealand’s current reality, where agencies operate in silos, public alerting remains one-way and brittle, and trust is slowly eroding.

This is not a critique for the sake of criticism. It is a systems-level examination of risk accumulation, delayed implementation, and the uncomfortable truth that disasters do not wait for reviews to be finished.

In this episode, I cover:

• Why Taiwan’s disaster response did not improve by accident
  A single catastrophic failure in 1999 triggered a 25-year commitment to system design, continuous improvement, and national integration.

• What a real common operating picture actually looks like
  Not a dashboard or a report, but a live, shared, predictive system spanning sensors, science, responders, and the public.

• How early warning and pre-computed modelling change outcomes
  Seconds and minutes matter, and systems that already “know” what will be impacted outperform those trying to calculate under pressure.

• Why New Zealand still does not have a national COP
  Despite decades of discussion, we remain fragmented across regions, agencies, and platforms.

• The procurement trap that stalls innovation
  Why proven solutions struggle to scale across government, even when risk is well understood.

• How public trust is quietly being lost
  From failed siren tests to ambiguous alerts, reliability matters more than reassurance.

• Why resilience now affects investment and economic stability
  Disaster response capability is no longer just a civil defence issue, it is a national credibility signal.

• What success could realistically look like
  A future-state scenario showing how New Zealand could respond if systems were integrated and rehearsed properly.

• The three pillars that must work together
  Communication, technology, and community. Neglect any one and the system fails.

Important timestamps:

• 00:00 – Why this topic matters now
  The panel discussion that triggered deeper research and uncomfortable conclusions.

• 02:25 – Taiwan as New Zealand’s most relevant comparison
  Shared geography, shared hazards, radically different outcomes.

• 05:02 – The 1999 earthquake that changed everything
  How failure drove Taiwan to redesign its entire disaster system.

• 06:18 – Inside Taiwan’s national disaster platform
  Sensors, science, dashboards, and public access working as one system.

• 09:18 – Early warning in action
  How seconds of notice and pre-computed modelling save lives.

• 11:01 – Drills, culture, and continuous improvement
  Why technology only works when people are trained to use it.

• 12:44 – New Zealand’s risk profile
  Alpine Fault, Hikurangi subduction zone, and known inevitabilities.

• 14:13 – The common operating picture paradox
  Why we still do not have one, despite decades of intent.

• 15:49 – Fragmentation during Cyclone Gabrielle
  What happens when agencies cannot see the same information.

• 17:16 – Public alerting and trust failures
  Why one-way systems and single points of failure are dangerous.

• 18:09 – Christchurch siren failure
  A small incident revealing a much larger systemic issue.

• 19:18 – The Kamchatka earthquake comparison
  How different countries responded to the same event, in real time.

• 22:01 – COPNZ and the implementation gap
  Why building the system is not the hard part.

• 24:18 – Procurement as a national risk amplifier
  When process outpaces urgency.

• 25:21 – Resilience and foreign investment
  Why disaster response capability influences economic decisions.

• 31:04 – What New Zealand already has
  The data, sensors, and expertise are not the problem.

• 32:10 – What must change now
  Concrete actions required to move from planning to execution.

• 37:14 – A future-state response scenario
  What coordinated success could realistically look like.

• 41:13 – Final question
  How many more disasters will it take before we build what we already know we need?

This week on Unbreakable Ventures, we welcome Brenden Winder who joins us to share his experiences and advice from his extensive career in New Zealand emergency management, particular in the public sector and national level.

Brenden started his career in the Royal New Zealand Navy, responsible for keeping his vessel and crew safe at sea. That experience shaped a calm, people-first approach to leadership that’s stayed with him ever since.

After the Navy, he moved into emergency management in Queenstown and was later deployed to Christchurch following the 2010 earthquake. He went on to become a founding team member at the Canterbury Earthquake Recovery Authority, where he helped lead the demolition and recovery work in the central business district and Port Hills region of Christchurch, safely clearing more than 1,800 sites in total.

Brenden has also worked internationally, leading a small team to Nepal after the Kathmandu earthquake, and more recently, Vanuatu, and he’s a member of New Zealand’s Emergency Management Assistance Team. He also supported the regional COVID-19 response.

Today, Brenden leads emergency management in Christchurch City, focused on one simple thing: helping communities be safer, stronger, and better prepared for what comes next.

It is our pleasure to bring you this wide ranging, fascinating discussion about all things emergency management in the public sector.

In this interview, we cover:

• Community leadership is the single biggest resilience factor.
  Well-connected, trusted local leaders matter more than any technical plan.

• Most people do not panic in emergencies. Many do nothing.
  Planning must address apathy and delayed response, not just fear.

• Preparedness before an event determines recovery after it.
  Roughly 10% of effort before an emergency shapes 90% of recovery outcomes.

• Tsunamis are fast, horizontal, debris-filled, and deadly.
  They are not “high tides” and cannot be ridden out, early movement to high ground is critical.

• Timing and context radically change emergency outcomes.
  Night vs day, winter vs summer, school hours vs holidays all alter response feasibility.

• Civil defence is small, but response is collective.
  Police, fire, health services, iwi, community groups, and volunteers are civil defence.

• NZ is respected internationally, but under-leverages its experience.
  Christchurch earthquakes, Pike River, mosque attacks, Whakaari, and COVID form a strong global case study.

• National standards and shared technology remain a gap.
  Local autonomy helps recovery, but fragmentation weakens national-scale response.

• Exercises need to be bigger, harder, and more realistic.
  Systems must be stress-tested to failure, not rehearsed politely.

• The hardest part is behaviour change for unseen risks.
  Preparing for hazards people have never experienced (e.g. tsunamis) is the toughest challenge.

Important timestamps:

• 00:00 – Introduction & why this conversation matters
  Setting the context for emergency management, recent disruptions, and Brendan’s background.

• 01:09 – Career origins: Queenstown, earthquakes, and learning under pressure
  How early roles and the Christchurch earthquakes shaped a practical view of resilience.

• 03:24 – Christchurch earthquakes as a global inflection point
  Why the response put New Zealand on the international emergency-management map.

• 05:21 – Community as the real “first responder”
  Student Volunteer Army, community mobilisation, and why locals arrive before uniforms.

• 07:40 – Leadership beats stockpiling: what actually saves lives
  Why social leadership and trust matter more than checklists and emergency kits.

• 10:30 – Media fear vs real risk: understanding likelihood and consequence
  How to prepare properly without panic, and why risk literacy matters.

• 13:25 – Public preparedness myths and behavioural realities
  Why most people don’t panic—and why apathy is the bigger planning challenge.

• 17:46 – Tsunami risk explained: timelines, complexity, and hard truths
  Regional vs distant tsunamis, warning times, and why there is no single “plan.”

• 21:50 – Evacuation reality: managed vs self-managed responses
  What happens when there isn’t time for emergency services to help—and why parents will still drive into danger zones.

• 28:05 – Training at scale & lessons from overseas
  Why NZ needs larger, more intense exercises, and what Taiwan, Japan, and others do better.

Brenden’s book recommendation, Thinking, Fast and Slow, by Daniel Kahneman.

You can connect with Brenden on LinkedIn here.

Hello 👋 get a brew on because these are the top emerging risks between December 1, and December 15, 2025…

Review our report’s terminology here ↗

Our main risk this fortnight is…

1. Societal: HR Burnout Identified as Top Business Risk for 2026

• Nearly half (46%) of HR professionals identify burnout as the biggest organisational risk heading into 2026, according to HiBob’s global survey.

• 63% of HR professionals describe their role as the company’s “crisis hotline,” with 42% citing managing employee well-being as the most emotionally demanding responsibility.

• One-third of HR professionals are considering quitting due to burnout, while 59% report higher emotional strain than a year ago.

• 58% of HR leaders expect to work with smaller teams in 2026, despite facing intensified pressures from AI transformation, employment law changes, and economic uncertainty.

• Business psychologist Dannielle Haig warns that “chronic empathic load” causes cognitive fatigue, emotional exhaustion, and compassion fatigue, leading to declining culture, performance, and psychological safety.

Sources

• HR labels burnout as biggest business risk for 2026 | People Management | November 2025

• HR professionals identify burnout as top business risk | Guardian Nigeria | 3 December 2025

• HR teams feel the strain as expectations rise, survey finds | HR Review | November 2025

• The 2025 NAMI Workplace Mental Health Poll | NAMI | February 2025

• The State of Workplace Burnout in 2025 Research Report | The Interview Guys | October 2025

You should be concerned if…

• You are a CEO or executive responsible for organisational strategy. HR burnout isn’t an HR problem—it’s a leadership blind spot with direct implications for retention, performance, and culture. When the function responsible for detecting and addressing workforce risks is itself compromised, warning signs get missed and small problems become systemic failures.

• Your organisation is undergoing rapid growth, transformation, or AI adoption. Change management, restructuring, and technology integration put disproportionate strain on HR teams. If you’re pushing through transformation without assessing the wellbeing of the people managing that transformation, you’re building on unstable foundations.

• You’ve experienced high turnover, redundancies, or difficult people decisions recently. Your HR team has absorbed the emotional weight of those decisions. They’ve had the hard conversations so you didn’t have to. The cumulative toll of sustained empathic load requires deliberate recovery time and support.

• You operate with a lean HR function. With 58% of HR leaders expecting smaller teams in 2026, the pressure-to-resource ratio is worsening. One in ten HR professionals already works in a team of three or fewer while managing others and delivering strategic outcomes. This is structurally unsustainable.

These items are generic assumptions. We recommend considering your own unique risk landscape against your critical dependencies. If you don’t know what they are, get in touch.

Preventative actions

Make HR Wellbeing a Leadership Priority

• Implement regular check-ins between executives and HR leaders that focus specifically on team wellbeing, not just workload. If financial health is reviewed monthly, workforce resilience deserves the same attention.

Rotate High-Stress Responsibilities

• Build operational resilience into the HR function by rotating staff through emotionally demanding work. The people handling redundancies this quarter shouldn’t be the same people handling them next quarter.

Set Realistic Workload Expectations

• If your HR team is running lean, something has to give. Either headcount increases, scope decreases, or burnout follows. These are the options—acknowledge them explicitly rather than expecting teams to absorb unlimited demand.

Provide Professional Mental Health Support

• Ensure access to counselling services, employee assistance programmes, and external mental health resources for HR teams. This isn’t a nice-to-have—it’s operational infrastructure for a function dealing with constant emotional strain.

Model Boundaries at Leadership Level

• If executives aren’t taking time off, setting boundaries, or acknowledging their own limitations, neither will anyone else. Leadership behaviour sets cultural expectations around sustainable working practices.

Build Early Warning Indicators

• Track metrics that indicate HR team strain: turnover within HR, sick leave patterns, response times, and engagement scores. By the time burnout is visible, it’s often too late for simple interventions.

2. Technology & Geopolitical: India’s SIM-Binding Mandate Sparks Consumer and Business Concerns

• India’s Department of Telecommunications has mandated that messaging apps including WhatsApp, Telegram, and Signal must implement continuous SIM binding within 90 days, meaning accounts will only function when the registered SIM is physically present and active in the device

• A LocalCircles survey of 115,000 consumers found that one in two believes SIM binding will cause disruption and inconvenience, with seven in ten international travellers expressing concerns about overseas usage

• Web and desktop versions of messaging apps will be required to automatically log users out every six hours, requiring re-authentication through QR code pairing

• The government justifies the mandate by citing cyber fraud losses exceeding ₹22,800 crore (approximately $2.7 billion USD) in 2024, arguing that continuous SIM linkage will restore traceability to accounts used in fraud schemes

• Industry groups including the Broadband India Forum (representing Meta and Google) have raised concerns about overreach, consumer impact, and privacy implications, urging the government to pause implementation timelines

Sources

• 1 in 2 people believe DoT’s SIM-binding rule will cause disruption: Survey | Business Standard | 9 December 2025

• India Orders Messaging Apps to Work Only With Active SIM Cards | The Hacker News | December 2025

• SIM-binding mandate forces changes to WhatsApp use in India | Digital Watch Observatory | December 2025

• India’s new SIM-binding rule for WhatsApp and other apps explained | Onmanorama | 2 December 2025

• Half of Indians fear SIM binding may disrupt messaging apps | Communications Today | 9 December 2025

You should be concerned if…

• You have employees, clients, or operations in India. This directly affects business communications for any organisation with an Indian presence. Multi-device workflows, desktop messaging, and persistent sessions will be disrupted once the 90-day compliance deadline passes. Plan for communication pattern changes and potential productivity impacts.

• You operate in the technology, communications, or digital services sector. India’s approach could influence regulatory thinking in other markets. With 500+ million WhatsApp users in India alone, the implementation and outcomes of this mandate will be closely watched by governments worldwide considering similar measures.

• Your business relies on international travellers or remote workers. Anyone visiting India who switches to a local SIM will lose access to their primary messaging accounts. This creates operational complexity for sales teams, executives, and mobile workers who rely on messaging apps for real-time business communication.

• You’re tracking digital identity and privacy regulations globally. India’s SIM-binding mandate represents a significant data point in the evolving tension between cybersecurity, privacy, and digital rights. The precedent set here may shape regulatory approaches in other jurisdictions.

Preventative actions

Assess Your India Communication Dependencies

• Map out how SIM binding will affect your organisation’s workflows. Identify which teams, functions, or individuals rely on messaging apps for India-based operations and evaluate the impact of 6-hour logout requirements on responsiveness.

Develop Contingency Communication Channels

• Consider backup channels that aren’t affected by SIM-binding requirements for time-sensitive business communications. Email, enterprise collaboration platforms, and voice calls may need to play a larger role in India communications.

Brief International Travellers

• Ensure anyone travelling to India understands that using a local SIM will disrupt access to their primary messaging accounts. Provide guidance on maintaining access (keeping Indian SIM in secondary slot) or alternative communication methods.

Monitor Implementation Developments

• India has given platforms 90 days to comply. Technical implementation details, potential workarounds, and any exemptions or modifications will become clearer in the coming weeks. Stay informed to refine your response.

Engage with Internal Policy Discussions

• The tradeoffs between security and privacy underlying this mandate are not unique to India. Organisations that develop clear positions on digital identity, data sovereignty, and surveillance will be better prepared as similar debates emerge in other markets.

Review Vendor Communication Dependencies

• If critical business processes depend on messaging platforms for India-based communication, assess whether those dependencies create unacceptable risk and explore alternatives before the mandate takes full effect.

Quick snippet stories

1. Cloudflare Admits ‘We Have Let the Internet Down Again’ After Second Major Outage: Cloudflare apologised for its second significant outage in three weeks after a configuration change to its Web Application Firewall triggered cascading failures affecting approximately 28% of all HTTP traffic served by the company. The December 5th incident lasted 25 minutes and knocked offline banks, Shopify, Zoom, LinkedIn, and Downdetector. Cloudflare confirmed the outage was not a cyber attack but an internal error during a security patch deployment. With Cloudflare serving roughly 20% of all websites globally, the incident highlights concentration risk in digital infrastructure and demonstrates that human error can be as disruptive as malicious intent.

   Cloudflare outage on December 5, 2025 | Cloudflare Blog | 5 December 2025

2. JPMorgan CEO Jamie Dimon Warns Europe’s Weakness Poses Major Economic Risk to US: JPMorgan Chase CEO Jamie Dimon warned that a weakening Europe represents a significant economic risk to the United States, citing slow bureaucracy, declining innovation, and political fragmentation across 27 member states. Speaking at the Reagan National Defense Forum, Dimon noted that Europe’s share of global GDP has dropped from 90% of America’s to just 65% over approximately 10-15 years. He called for a long-term US strategy to strengthen European allies, stating “a weak Europe is bad for us.” JPMorgan has announced plans to direct up to $1.5 trillion into supply chains, defence, and critical infrastructure over the next decade.

   JPMorgan CEO Jamie Dimon says Europe has a ‘real problem’ | Fortune | 6 December 2025

3. Thai Family Businesses Taking Cautious Approach to Market Disruptions: PwC’s 2025 Global Family Business Survey reveals Thai family businesses are experiencing declining sales amid a conservative approach to digital transformation. Only 22% reported double-digit sales growth, down from 30% two years prior, while 28% reported sales drops—double the 2023 figure. Only 22% have invested in digital and AI initiatives compared to 39% globally, and just 3% are experimenting with generative AI. PwC recommends building organisational agility and making decisive investments in AI and digital technologies, noting that the minority of agile firms achieving stronger growth outcomes demonstrate the competitive advantage of proactive transformation.

   Thai family businesses taking a cautious approach to market disruptions | Consultancy.asia | November 2025

4. Financial Toll from Novelis Fires in Oswego County Adding Up to Staggering Amount: A series of three fires at Novelis’ aluminum plant in Oswego County, New York—a major incident in September, a smaller fire in October, and another significant blaze in November—has created substantial financial impacts across the automotive supply chain. The plant supplies approximately 40% of aluminum sheets used by American automakers. Ford estimates the disruption could cost up to $2 billion, with production of F-150 and F-Series trucks directly affected. Novelis is leveraging its global network and industry peers to fill supply gaps while working to restore hot mill operations. The incident highlights the fragility of concentrated manufacturing capacity and single-source supplier dependencies.

   Financial toll from Novelis fires in Oswego County is adding up to a staggering amount | Syracuse.com | December 2025Anthropic CEO Warns Some AI

5. Companies ‘YOLOing’ with Capital Investments: Anthropic CEO Dario Amodei has warned that some AI companies are taking excessive financial risks with massive data centre investments. Speaking at the DealBook Summit, Amodei described a “cone of uncertainty” where companies must commit capital one to two years in advance for data centres while future revenue remains uncertain. He cautioned that companies making commitments based on highly optimistic demand scenarios risk catastrophic outcomes if timing proves wrong. Without naming competitors, Amodei contrasted Anthropic’s conservative enterprise-focused approach—projecting $8-10 billion in 2025 revenue—with industry players pursuing aggressive scaling. For businesses evaluating AI partnerships, vendor financial stability should factor into selection decisions.

   Anthropic CEO: Some AI companies ‘YOLOing,’ pulling the ‘risk dial too far’ | Yahoo Finance | December 2025

Want to discuss how these risks might effect your business?
Book 30 minutes with us, free ↗

Need support?

At Fixinc, we are passionate about helping people get through disasters. That’s why our team of Advisors bring you this resource free of charge. If you need help understanding these threats and building a plan against them, the same Advisors are here to help over a 30-minute online call. Once complete, if you like what was provided, you can choose to provide a donation or subscribe to Unreasonable Ventures to support this channel.

Book your 30min call here

Hello 👋 get a brew on because these are the top emerging risks between November 17th, and December 1st, 2025…

Review our report’s terminology here ↗

Our main risk this fortnight is…

1. Economic: The UN Global Risk Report 2024

• The United Nations has released its inaugural Global Risk Report, surveying 1,111 experts across 136 countries on the most critical threats facing humanity.

• Global preparedness scores just 4.3 out of 7, with the world particularly under-prepared for cybersecurity breakdown, AI-related harms, mis- and disinformation, and climate inaction.

• Mis- and disinformation emerged as the top “Global Vulnerability,” a risk that is both critically important and severely under-prepared for, with over 80% of respondents saying it is already occurring.

• Geopolitical tensions ranked as the single most interconnected risk, acting as a multiplier that amplifies economic fragmentation, conflict, inequality, and supply chain disruption.

• The report presents four possible futures (Breakdown, Status Quo, Progress, Breakthrough) and emphasises that multi-government cooperation is the most effective path to resilience.

Sources

• UN Global Risk Report 2024 | United Nations | 2024

• Disinformation Is a Global Risk. So Why Are We Still Treating It Like a Tech Problem? | UN Development Coordination Office | November 2025

• New UN Risk Report: Mis- and disinformation Among Top Threats as Global Readiness Falls Short | Melissa Fleming, Medium | July 2025

You should be concerned if…

• You operate in globally connected supply chains: The UN report identifies geopolitical tensions as the most interconnected risk in the global system. Disruption in one region can cascade rapidly through trade relationships, supplier networks, and logistics corridors. Organisations with cross-border dependencies face compounding vulnerabilities when multiple risks materialise simultaneously.

• Your business model depends on stable governance or predictable regulation: Political instability, erosion of multilateral institutions, and societal polarisation are accelerating across regions. Companies relying on consistent regulatory frameworks, government contracts, or public sector partnerships should anticipate increased volatility and longer decision-making cycles.

• You work in sectors vulnerable to information integrity risks: Healthcare, finance, critical infrastructure, and any industry where public trust is essential face growing exposure to mis- and disinformation. The report identifies this as the risk where the gap between importance and preparedness is widest. Organisations in these sectors need robust verification processes and crisis communication plans.

• Your organisation has not mapped risk interdependencies: Traditional risk assessments treat threats in silos. The UN report makes clear that risks amplify each other. A geopolitical disruption affects supply chains, which affects financial stability, which affects talent retention. Organisations without a systemic view of how their risks connect are likely to be blindsided by cascading failures.

These items are generic assumptions. We recommend considering your own unique risk landscape against your critical dependencies. If you don’t know what they are, get in touch.

Preventative actions

Map your risk interdependencies

• Move beyond siloed risk registers. Conduct scenario planning that traces how a disruption in one area (geopolitical, environmental, technological) could cascade into operational, financial, and reputational impacts across your organisation.

Invest in information integrity

• Implement verification processes for critical business intelligence. Consider media literacy training for leadership teams. Develop crisis communication protocols that specifically account for operating in a misinformation-rich environment.

Strengthen coalition relationships

• The UN report is unambiguous that individual actors cannot address systemic risks alone. Identify your key stakeholders across government, industry associations, and civil society. Build those relationships now, not during a crisis when everyone is competing for attention.

Stress-test for compound scenarios

• Design tabletop exercises that combine multiple risk categories. What happens if a cyber incident coincides with a supply chain disruption and a reputational crisis? Organisations that have rehearsed compound scenarios recover faster than those encountering them for the first time.

2. Environmental: Food Companies Reframe Net-Zero Around Resilience

• Major food and beverage companies are revising or abandoning net-zero targets set after COP26, acknowledging that commitments were made without clear delivery pathways, particularly for Scope 3 value chain emissions.

• Diageo has pushed back its net-zero target from 2030 to 2040 for direct operations, and to 2050 for full value chain emissions. PepsiCo similarly extended its timeline from 2040 to 2050.

• Climate disruption is already affecting operations. Severe droughts in Spain and Greece devastated olive harvests in 2023, creating immediate sourcing crises for manufacturers like The Compleat Food Group.

• The industry is reframing climate action from a marketing-driven compliance exercise to a strategic resilience imperative, with companies like Greencore increasing sourcing from UK hydroponic farms for supply stability.

• Anonymous industry whistleblowers warned in April 2025 that corporate risks are still not being treated as critical to strategy, and mitigation measures remain insufficient for the scale of threat.

Sources

• Food companies are reframing net-zero around resilience as climate disruption focuses market | AgFunderNews | November 2025

• An update on Diageo’s sustainability goals to build climate resilience | Diageo | August 2025

• Diageo revises emissions targets | Just Drinks | August 2025

• The Road to Net Zero: Big Food’s Emission Pledges | Just Food | May 2025

You should be concerned if…

• Your business depends on agricultural supply chains: Climate disruption is no longer a future scenario. Droughts, floods, and extreme weather events are already affecting crop yields and commodity availability. If your procurement strategy assumes consistent sourcing from established regions, that assumption is increasingly unreliable.

• Your sustainability commitments are disconnected from core operations: Companies whose sustainability teams operate in isolation from procurement, finance, and risk functions are vulnerable to the same credibility challenges now facing major food brands. Targets set without delivery pathways will eventually require public revision.

• You source from climate-vulnerable regions: Mediterranean agriculture, Southeast Asian production, and other regions facing acute climate stress present growing supply risk. Organisations without diversification strategies or long-term supplier partnerships may face sudden sourcing crises as extreme weather events intensify.

• Your Scope 3 emissions represent the majority of your footprint: For most food and consumer goods companies, value chain emissions account for 90% or more of total carbon impact. These are also the hardest to measure and reduce. If your net-zero strategy lacks a credible pathway for Scope 3, it may require the same re-calibration now underway across the sector.

Preventative actions

Audit supply chain climate exposure

• Map not just your direct suppliers, but where their raw materials originate. Assess which regions face elevated risk from drought, flooding, or other climate impacts. Identify single points of failure and develop contingency sourcing arrangements.

Connect sustainability to procurement and finance

• Ensure your sustainability function has a seat at the table with commercial decision-makers. Climate risk is business risk. Targets that exist only in sustainability reports, disconnected from capital allocation and supplier negotiations, will not survive operational pressures.

Shift from distant targets to near-term resilience

• A 2050 net-zero commitment matters less than demonstrable progress on supply chain stability, energy efficiency, and waste reduction today. Consider whether your current commitments are credible and achievable, or whether honest re-calibration would strengthen stakeholder trust.

Explore longer-term supplier relationships

• Move from transactional procurement to partnership models. Companies working with suppliers on sustainable farming practices, water management, and climate adaptation are building resilience that benefits both parties. Short-term cost optimisation may create long-term vulnerability.

Quick snippet stories

1. TSMC Arizona Fab Halted by Supplier Power Outage

   TSMC confirmed that a power outage at Fab 21 in Arizona forced production to stop for several hours in late September. The disruption originated not at the fab itself, but at Linde, an industrial gas supplier. When Linde lost power, delivery of essential gases ceased, and TSMC had to scrap wafers in production. The exact losses remain undisclosed. TSMC says it is working to address this supplier dependency for future production phases.

   TSMC confirms September power outage at Fab 21 in Arizona | Tom’s Hardware | November 2025

2. Ransomware Attacks Continue to Target Holidays and Weekends

   New research from Semperis found that 52% of ransomware attacks occur on holidays or weekends when cybersecurity staffing is reduced. In Australia and New Zealand, 85% of organisations with in-house security operations centres reduce staffing by 50% or more during these periods. The study also found that 81% of attacks in the region followed material corporate events such as mergers, acquisitions, IPOs, or layoffs.

   New Semperis Study Finds Most Ransomware Attacks Still Strike On Holidays And Weekends | Tech Business News Australia | November 2025

3. Indian Firms Rank AI and Climate as Top Future Risks

   An Aon survey of nearly 3,000 risk managers and C-suite executives found Indian firms rank cyber attacks and data breaches as their top current business risk, with AI and climate change identified as the major threats by 2028. The survey revealed significant losses already occurring, with 78% of respondents reporting losses from property damage, 64% from exchange rate fluctuations, and 46% from business interruption.

   AI and climate change future business risks for Indian firms by 2028: Report | Social News XYZ | November 2025

4. Ethiopian Volcano Eruption Disrupts Aviation Across India

   Ethiopia’s Hayli Gubbi volcano erupted on November 23rd for the first time in approximately 12,000 years. The eruption sent an ash column up to 45,000 feet into the atmosphere, with the plume drifting eastward across the Red Sea, the Arabian Peninsula, and into India. Air India cancelled over a dozen flights, while IndiGo and Akasa Air suspended Middle East routes. The ash affected visibility and air quality across Northern India before dispersing.

   Ethiopian volcano erupts after 12,000 years: What we know | Al Jazeera | November 2025

5. Optus Suffers Another Emergency Services Outage

   Australia’s second-largest telecommunications provider experienced another service disruption affecting over 14,000 customers in Melbourne’s southeast. The company identified physical infrastructure damage, with evidence of aerial fibre being cut and copper removed. This is the fourth major Optus outage impacting Triple Zero emergency services in recent months, following a September incident linked to at least four deaths. The pattern highlights the vulnerability of privatised essential services.

   Optus says vandals cutting fibre behind latest major outage | SBS News | November 2025

Want to discuss how these risks might effect your business?
Book 30 minutes with us, free ↗

Need support?

At Fixinc, we are passionate about helping people get through disasters. That’s why our team of Advisors bring you this resource free of charge. If you need help understanding these threats and building a plan against them, the same Advisors are here to help over a 30-minute online call. Once complete, if you like what was provided, you can choose to provide a donation or subscribe to Unreasonable Ventures to support this channel.

Book your 30min call here

Hello 👋 get a brew on because these are the top emerging risks between November 3rd, and November 17th, 2025…

Review our report’s terminology here ↗

Our main risk this fortnight is…

1. Technological: Global Memory Chip Shortage

• Samsung raised DDR5 memory chip prices by up to 60% between September and November 2024, with 32GB modules jumping from $149 to $239

• AI data centre demand has triggered a “super-cycle” shortage, with memory makers redirecting production to high-bandwidth memory (HBM) that’s 5x more profitable than standard chips

• DRAM inventory has collapsed from 31 weeks to just 8 weeks of supply, triggering panic buying and long-term contracts extending into 2026-2027

• China’s SMIC reports customers are delaying Q1 2026 orders due to memory availability uncertainty, while Xiaomi blames rising memory costs for increased smartphone prices

• Analysts expect the shortage to persist well beyond typical chip cycles due to 2.5-year factory construction timelines and continued AI infrastructure investment

Sources

• Samsung hikes memory chip prices by up to 60% as shortage worsens, sources say | Reuters | November 14, 2024

• Memory Chip Shortage Sends Profits Higher For Samsung And Rivals | Finimize | October 2024

• AI Chip Boom Triggers Global Memory Shortage, Lifting Prices for Samsung, SK Hynix, and Micron | TipRanks | October 2024

You should be concerned if…

• You’re Managing IT Infrastructure or Cloud Operations: Data centre operators, cloud providers, and enterprise IT teams face higher costs and uncertain supply through at least mid-2026. If you were planning server refreshes, infrastructure upgrades, or cloud migrations, your budgets are now obsolete. Memory procurement that seemed routine six months ago has become a strategic supply chain challenge.

• You’re in Electronics Manufacturing or Consumer Tech: Smartphone, PC, and consumer electronics manufacturers are absorbing 30-50% cost increases on a core component. Companies like Xiaomi are already passing costs to consumers. If you manufacture devices with memory components, from smartphones to IoT sensors, your margins are under immediate pressure and your product roadmaps may need revision.

• You’re in Automotive, Industrial IoT, or Embedded Systems: Modern vehicles, industrial equipment, and connected devices rely on memory chips for everything from infotainment to safety systems. With suppliers prioritising AI customers and inventories at critically low levels, procurement timelines have extended and costs have jumped. If you depend on just-in-time semiconductor delivery, you’re exposed.

• You Operate in APAC Markets: Companies in Oceania and ASEAN face particular vulnerability given the region’s concentration of electronics manufacturing and dependency on memory imports from South Korea and Taiwan. Samsung and SK Hynix control 70% of global DRAM production, and both are raising prices in lockstep while redirecting capacity to AI chips.

• You’re Planning 2025-2026 Technology Investments: Any organisation budgeting for hardware purchases, device rollouts, or IT modernisation projects needs to revise financial models immediately. The 30-60% price increases aren’t temporary, analysts describe this as a multi-year “super-cycle” driven by structural supply constraints and sustained AI demand.

These items are generic assumptions. We recommend considering your own unique risk landscape against your critical dependencies. If you don’t know what they are, get in touch.

Preventative actions

Lock in Long-Term Supply Agreements Now

• Don’t wait for prices to normalise, they won’t, at least not until late 2026. Secure long-term contracts with suppliers even if upfront costs are higher. The certainty of guaranteed supply and locked pricing will prove more valuable than gambling on a price drop that industry forecasts say isn’t coming.

Diversify Your Supply Chain Immediately

• Relying on a single vendor or distributor in this environment is dangerous. Build relationships with secondary suppliers, regional distributors, and alternative manufacturers now. When primary suppliers allocate scarce inventory to larger customers, secondary relationships become your operational lifeline.

Revisit Technology Roadmaps and Deployment Timelines

• If you planned large-scale server deployments, device rollouts, or IoT expansions, consider phasing implementations or exploring less memory-intensive architectures. Work with vendors to understand actual availability versus paper commitments. Adjust timelines to match realistic supply constraints rather than ideal procurement schedules.

Update Financial Models with Realistic Cost Assumptions

• Budget 30-50% higher memory costs for 2025 CAPEX planning. Communicate this structural shift upward to CFOs and boards, this isn’t a temporary spike that finance teams can absorb or negotiate away. Model multiple scenarios including extended shortages and consider how memory constraints might affect broader strategic initiatives.

2. Environmental: Storm Claudia Compound Weather Event

• Storm Claudia delivered over 100mm of rain in 24 hours across England and Wales (up to 150mm in south-east Wales), causing major flooding incidents and forcing 57+ property evacuations

• South Wales Fire and Rescue declared a major incident in Monmouth after the River Monnow burst its banks, with emergency services conducting rescues and evacuations across multiple communities

• The storm brought wind gusts up to 70mph and caused widespread transport disruption, closing major roads (A55, A5) and disrupting rail services across North Wales

• Immediately following the flooding, Arctic air pushed temperatures down to forecast lows of -5°C to -7°C, with the UK Health Security Agency issuing cold weather warnings for Midlands and northern England (Nov 17-21)

• The compound weather event, flooding followed immediately by freezing temperatures, created cascading business continuity challenges for logistics, retail, utilities, and infrastructure operators

Sources

• Storm Claudia causes road closures and flooding disruption | Daily Post | November 16, 2024

• Improving picture but further flooding impacts expected in England following Storm Claudia | UK Government | November 17, 2024

• Storm Claudia brings intense rain to England and Wales | Met Office | November 14, 2024

You should be concerned if…

• You Operate Logistics, Transportation, or Supply Chain Operations: Compound weather events don’t just cause single disruptions, they create cascading operational challenges. Road closures from flooding are followed immediately by ice, snow, and freezing conditions that slow operations further. Driver fatigue compounds, vehicle maintenance needs increase, and delivery schedules that were disrupted by flooding face additional delays from cold weather hazards.

• You Manage Physical Assets or Infrastructure: Flooding followed by freezing temperatures creates unique infrastructure risks. Water damage to buildings, warehouses, or equipment is followed by burst pipe risks as temperatures plunge. Older buildings and infrastructure not designed for sustained freezing face compounded vulnerabilities. Heating costs spike precisely when flood damage may have affected utility systems.

• You Run Retail, Hospitality, or Customer-Facing Operations: Footfall drops during extreme weather, whether flooding or freezing. If supply chains were strained by transport disruption during Storm Claudia, the cold snap extends those delays. Inventory buffers get tested, staff face commuting challenges, and customer service suffers when teams are stretched managing multiple concurrent weather impacts.

• You’re in Agriculture, Construction, or Outdoor Operations: These sectors face direct operational shutdown risks during compound events. Fields already waterlogged from flooding become unusable when frozen. Construction sites can’t simply resume when rain stops if freezing temperatures follow. Equipment, materials, and workflows all face sequential disruptions that traditional single-threat planning doesn’t address.

• You Operate in Regions with Increasingly Volatile Weather Patterns: While Storm Claudia hit the UK, the lesson is universal. Compound weather events, where multiple hazards occur in rapid succession, are becoming more common globally. Regions in Europe, North America, and Southeast Asia experiencing more volatile transitions between weather systems need to rethink how they model weather risk.

Preventative actions

Model Compound Weather Scenarios in Business Continuity Plans

• Stop planning for single-threat events. Model what happens when your region experiences flooding followed by freezing temperatures, or heatwaves followed by storms, or wildfires followed by heavy rain. These combinations are statistically more likely than isolated extreme events, and they create operational complexity that linear recovery plans don’t address.

Build Operational Redundancy and Flexibility

• If you rely on a single warehouse, distribution route, or supplier location, you’re vulnerable when weather events stack. Establish backup distribution centres, alternative transport routes, and secondary supplier relationships. Remote work capabilities for office staff during extreme weather aren’t just pandemic lessons, they’re weather resilience tools.

Implement Proactive Communication Protocols

• Don’t wait for the crisis to hit before communicating with teams and customers. When weather warnings are issued three days out, that’s your action window. Notify customers about potential delays, give employees clear guidance on safety protocols and remote work, and brief operational teams on contingency activation. Proactive communication builds trust and reduces crisis panic.

Invest in Real-Time Weather Monitoring and Decision Systems

• Weather forecasting has improved dramatically, but organisations need systems that translate forecasts into operational decisions. Partner with meteorological services, implement IoT sensors for facility monitoring, and establish clear trigger points for activating contingency plans. The gap between forecast and response determines whether you’re reactive or prepared.

Quick snippet stories

1. Aviation Supply Chain Crisis Worsens: The global aviation industry faces an $11 billion crisis in 2025 as aircraft deliveries fall 30% below expectations due to parts shortages, engine production delays (particularly Pratt & Whitney’s GTF engines), and workforce shortages. Airlines are reducing flight schedules and seeing average aircraft age climb to a record 14.8 years, with a backlog of 17,000 unfulfilled orders creating long-term capacity constraints.
   Supply Chain Issues Continue to Negatively Impact Airline Performance into 2025 | IATA

2. Delhi’s Pollution Crisis Forces Corporate Adaptation: Air quality in Delhi reached AQI 491, over 30 times WHO safe limits, forcing emergency work-from-home mandates with corporate offices operating at 50% on-site capacity. Companies including Coca-Cola and Nestlé have implemented hybrid work policies while incurring additional costs for air purifiers, masks, and health monitoring, demonstrating how environmental crises can force immediate operational changes in major economic hubs.
   Delhi-NCR air pollution: Corporate offices adopt work-from-home measures | Business Today

3. UK Pharmacy Workforce on the Brink: Community Pharmacy England’s 2025 survey reveals 70% of pharmacy staff report negative mental health impacts, with one in four barely coping. Over 60% of pharmacies face staff shortages, 21% have been forced to close temporarily, and 95% cite increased workload pressure, raising serious concerns about patient care sustainability and service continuity in essential healthcare infrastructure.
   Community pharmacies face ‘unsustainable’ pressure, staff morale low | Pharmacy Business

4. Former Pilot Warns AI Could Complicate Crisis Response: Captain Richard Champion de Crespigny, who saved 469 people during Qantas Flight 32’s catastrophic engine failure in 2010, warns that increasing AI and automation reliance could make flying harder during emergencies. He argues that when automated systems fail, pilots must identify malfunctioning computers and manually fly the aircraft, a skill set that risks atrophy as automation increases, particularly in high-pressure crisis scenarios where human judgement proves irreplaceable.
   Retired airline pilot saved over 400 lives after an engine explosion midair | Business Insider

5. First Human Case of H5N5 Bird Flu Detected in Washington State: An older adult in Grays Harbor County, Washington, has become the first known human case of H5N5 avian influenza, a strain previously detected only in animals. The individual, who keeps backyard poultry exposed to wild birds, was hospitalised in early November. While health officials report no evidence of human-to-human transmission and the CDC maintains low public risk, this marks the first U.S. bird flu case since February and adds to concerns about viral mutations in domestic and wild bird populations.
   Washington resident is infected with a different type of bird flu | AP News

Want to discuss how these risks might effect your business?
Book 30 minutes with us, free ↗

Need support?

At Fixinc, we are passionate about helping people get through disasters. That’s why our team of Advisors bring you this resource free of charge. If you need help understanding these threats and building a plan against them, the same Advisors are here to help over a 30-minute online call. Once complete, if you like what was provided, you can choose to provide a donation or subscribe to Unreasonable Ventures to support this channel.

Book your 30min call here

Hello 👋 get a brew on because these are the top emerging risks between October 20, and November 3, 2025…

Review our report’s terminology here ↗

Our main risk this fortnight is…

1. Economic: Business Travel Weather Disruption

• 87% of US business travellers experienced trip disruptions in the past 12 months, with weather now the primary cause

• Weather-related disruptions hit 50% of US business travellers in 2025, up from 30% in 2024 - a near-doubling in one year

• US businesses are spending an estimated $17 billion annually on travel disruption fallout - 4% of total corporate travel budgets

• 28% of business travellers missed sales opportunities due to disruptions (40% among C-level executives)

• Average costs per disrupted traveller: $502 (accommodation), $371 (transport), $356 (meals), $497 (overtime)

Sources

• Survey: Business Travelers Battling Unprecedented Weather-Related Disruptions | AOL

• Weather-related disruption rises - TravelPerk survey | Business Travel News Europe

• Almost 90% of Business Travelers Face Disruptions, Says Report | Business Travel Executive

• The hidden cost of travel disruption: US companies spend over $17 billion | TravelPerk Press Release

• TravelPerk survey shows impact of travel disruption | The Business Travel Magazine

You should be concerned if…

• You Operate in Professional Services, Consulting, or Sales-Driven Industries: Companies that depend on face-to-face client meetings, pitch presentations, or relationship-building travel are disproportionately exposed to disruption costs. When 40% of C-level executives miss business opportunities due to travel chaos, that’s not weather - that’s competitive disadvantage. If your revenue model requires consistent physical presence with clients or prospects, you need contingency travel policies and flexible booking as standard practice, not optional upgrades.

• You Have Operations in High-Risk Weather Regions: US travellers face weather disruption at 50%, but this varies by geography. If your team regularly travels through hurricane-prone corridors (Florida, Gulf Coast), wildfire regions (California, Pacific Northwest), or severe winter zones (Midwest, Northeast), you’re facing above-average exposure. Companies with distributed teams traveling frequently between these areas should pre-position backup accommodation, build travel buffer time into schedules, and monitor real-time weather intelligence platforms.

• Your Duty-of-Care Policies Haven’t Been Updated Since 2023: If your corporate travel policy doesn’t explicitly address weather disruption, employee stranding protocols, or climate-related risk mitigation, you may face legal liability when employees are harmed or face extreme conditions during work travel. With disruption hitting 44% of all business trips, duty-of-care is no longer about terrorism or political instability alone - it’s about having clear procedures for weather-related travel incidents.

• You Manage Corporate Travel Programs or Finance Functions: Finance teams budgeting for travel without accounting for a 4% disruption surcharge are setting themselves up for significant overruns. The $17 billion US annual cost isn’t distributed evenly - heavily-travelling organisations see disproportionate impact. If your company sends employees on 6.8+ trips per year (the business traveller average), build disruption costs into your annual planning or risk budget variance that leadership won’t forgive.

• Your Business Relies on Just-In-Time Presence at Events: Trade shows, conferences, product launches, or time-critical negotiations leave no margin for delay. If your team needs to be somewhere at a specific moment and weather delays mean missing that window entirely, the cost isn’t just rebooking - it’s the entire objective of the trip. Companies operating on tight event schedules should deploy redundancy strategies: send multiple team members on different routes, arrive a full day early, or question whether physical presence is actually mandatory.

These items are generic assumptions. We recommend considering your own unique risk landscape against your critical dependencies. If you don’t know what they are, get in touch.

Preventative actions

Implement Climate-Resilient Travel Policies

• Transition from reactive disruption management to proactive climate risk planning by requiring flexible booking as standard practice, not an optional upgrade. Build automatic buffer time into trip schedules for high-risk routes, pre-approve contingency accommodation spending, and establish clear thresholds for when trips should be cancelled proactively rather than allowing employees to travel into known severe weather events.

Deploy Real-Time Travel Intelligence Platforms

• Invest in platforms that aggregate data from airlines, airports, weather services, and ground transport to provide advance warning of disruption before travellers are stranded. Integrate these systems with your booking platform to enable proactive rebooking when disruption is forecasted, reducing the cost of last-minute changes and minimising productivity loss from missed meetings.

Establish Duty-of-Care Protocols for Weather Events

• Review and update your duty-of-care policies with legal counsel to explicitly address climate and weather-related travel risks. Define clear procedures for tracking employees during severe weather, decision authority for cancelling or re-routing trips, and support systems for stranded travellers including emergency accommodation, alternative transport, and communication protocols.

Recalibrate Travel ROI Assumptions

• Accept that the era of frictionless business travel is over and adjust investment decisions accordingly. Not every meeting justifies the disruption risk - deploy strategic in-person travel for high-value opportunities while using virtual engagement for routine business. Calculate the true all-in cost of business travel including disruption surcharges, and reallocate budget toward travel risk mitigation rather than simply increasing trip volume.

2. Technological: AWS Outage Sports Impact

• AWS outage on October 20, 2025 lasted approximately 15 hours, affecting roughly one-third of internet infrastructure

• Ticketmaster failure during major sporting events including Blue Jays-Mariners ALCS Game 7 and Monday Night Football

• Premier League forced to operate without semi-automated offside technology during live match

• Sports betting platforms FanDuel, DraftKings, and Fanatics all experienced service disruptions

• Incident exposed critical vendor concentration risk with AWS, Azure, and Google Cloud controlling 65% of global cloud infrastructure

Sources

• How AWS outage disrupted the sports industry | SportsPro

• The AWS Outage Wreaked Havoc in Sports | Front Office Sports

• AWS outage affects Ticketmaster for pivotal Mariners vs. Blue Jays playoff game | GeekWire

• Amazon restores cloud services unit AWS after massive outage | CBC News

• AWS Outage Hits Ticketmaster During Major Sports Events | Ticket News

You should be concerned if…

• You Operate Live Events, Sports Venues, or Entertainment Facilities: Digital ticketing, access control, in-stadium technology, and real-time broadcast systems are all cloud-dependent. The AWS outage demonstrated that when your infrastructure provider fails, fans can’t access tickets, gates can’t validate entry efficiently, and operational technology inside venues stops working. If you can’t admit customers or deliver your core service during a cloud outage, you need manual backup procedures, redundant ticketing pathways, and multi-cloud strategies.

• Your Business Model Depends on Real-Time Transactions: Sports betting platforms, e-commerce during high-traffic windows, financial services, and booking systems all require continuous uptime. When FanDuel and DraftKings went dark during Monday Night Football, they lost both revenue and customer trust. If your revenue depends on processing transactions in real-time during predictable high-traffic periods, single-vendor cloud dependency is a critical business risk requiring board-level mitigation.

• You’re in Media, Broadcasting, or Streaming: Cloud-based IP transmission has replaced satellite infrastructure for most live sports and entertainment content. If AWS or Azure goes down during a major broadcast event, you have no backup transmission path. Streaming services, second-screen apps, and social media integrations all depend on cloud availability. Media companies should maintain hybrid infrastructure with on-premise failover capabilities for mission-critical broadcasts.

• Your Organisation Has Single-Vendor Cloud Dependency: If all your critical systems run on one cloud provider - AWS, Azure, or Google Cloud - and you have no failover strategy, you’re exposed to single-point-of-failure risk that could take down your entire operation. This applies to SaaS vendors, enterprise software companies, and any organisation that’s migrated fully to cloud without implementing multi-cloud redundancy or hybrid on-premise backup systems.

• You Provide Services to Highly Regulated Industries: Healthcare systems relying on cloud-based patient records, financial institutions using cloud trading platforms, and government services hosted on public cloud all face compliance and operational risk during outages. If your services touch regulated sectors, cloud outages may trigger regulatory scrutiny, especially if patient care, financial transactions, or government operations are disrupted. You need contractual guarantees, insurance coverage, and incident response plans specifically for cloud-provider failures.

• You’re a Cloud Service Provider or SaaS Vendor: If your product is hosted on AWS, Azure, or Google Cloud and you sell uptime as part of your value proposition, your reputation depends on your infrastructure provider’s reliability. When Ticketmaster failed during the AWS outage, it damaged Ticketmaster’s brand, not just Amazon’s. SaaS vendors should maintain status pages that reflect upstream cloud issues transparently and have compensation mechanisms for customers affected by provider outages.

Preventative actions

Implement Multi-Cloud Failover Architecture

• Develop true multi-cloud strategies for mission-critical systems by identifying single-vendor dependencies and designing failover capabilities across different cloud providers or hybrid on-premise infrastructure. Focus on systems where downtime creates immediate revenue loss, customer impact, or operational crisis - don’t attempt to duplicate everything, but ensure critical-path services can fail over when a provider experiences outages.

Maintain Manual Backup Processes for Core Operations

• Establish and regularly test manual procedures for mission-critical functions that can operate independently of cloud infrastructure. For venues and live events, this means staff training on manual ticketing, gate operations, and core service delivery. For transaction-based businesses, maintain offline payment processing capabilities. Document these procedures clearly and drill them quarterly so teams can execute under pressure.

Review Cloud Provider Contracts and SLAs

• Audit your agreements with AWS, Azure, Google Cloud, and SaaS vendors to understand liability limits, compensation structures, and service-level guarantees during outages. Most cloud contracts heavily favour providers and offer minimal recourse for downtime. If your business depends on uptime commitments, negotiate stronger contractual protections, purchase cyber insurance that covers cloud-provider failures, or implement third-party monitoring that can document breach of SLA for compensation claims.

Develop Cloud-Specific Incident Response Plans

• Create dedicated playbooks for cloud-provider outages that define decision authority, customer communication protocols, and technical failover procedures. Test these plans through tabletop exercises and simulated outages to identify gaps before real incidents occur. Ensure teams know how to fail over to backup systems, communicate with customers transparently, and coordinate with cloud providers’ incident response teams during active outages.

Quick snippet stories

1. Microsoft Hit by Another Major Outage: Microsoft was hit with a widespread outage of its Azure cloud platform and related services on October 29, just days after the Amazon Web Services incident. Starting around noon Eastern time, a configuration change affecting Azure Front Door and DNS routing took down Microsoft 365, the Azure portal, Xbox Live, and Minecraft, along with thousands of customer workloads. The disruption lasted approximately five hours and affected major organisations including Alaska Airlines, Vodafone UK, and Starbucks. The incident highlights how even the largest cloud providers face operational risk from configuration errors, and how such failures ripple across industries given the concentration of global infrastructure on a handful of platforms. Microsoft Azure outage ahead of quarterly earnings | CNBC

2. DoorDash Launches Emergency Food Aid Program: DoorDash has unveiled crisis-response mechanisms to provide emergency food-aid options in anticipation of a potential SNAP benefits shutdown that could affect millions of Americans. The food delivery platform announced partnerships with non-profits and introduced mechanisms including fee waivers, discounts, and delivery-support programs to help affected households access food during what could be a benefits interruption. DoorDash is coordinating emergency assistance through its platform while working with community organisations to reach those most at risk. The move reflects growing corporate involvement in social safety-net contingencies as political uncertainty around government benefit programs creates potential gaps in essential services for vulnerable populations. DoorDash SNAP shutdown announcement | DoorDash

3. Crisis Management Firm Reports 22% Average Cost Reduction: Baden Bower’s “Crisis to Takeoff” product has reportedly reduced PR fallout costs for companies by an average of 22% through rapid response protocols, targeted messaging, and reputation management services. The crisis communications offering combines pre-built playbooks, rapid stakeholder engagement strategies, and measurement of reputational impact to help organisations navigate brand crises more efficiently. The firm cites the 22% average savings figure alongside other client outcome metrics, positioning the service as both a reputational safeguard and a cost-control mechanism. The case study reflects growing interest in quantifying crisis-management ROI as organisations seek to justify spending on preparedness and response capabilities. Baden Bower cuts PR fallout costs by 22% | TechTimes

4. UK Auto Production Disrupted, Tax Changes Threaten Company Car Market: UK car and van production fell sharply in September, with the Society of Motor Manufacturers and Traders linking the decline partly to production disruption including a major cyber incident at a large manufacturer. The SMMT also warned that government plans to alter company-car taxation through changes to employee car ownership schemes could damage the company-car market, potentially reducing demand, impacting remuneration packages, and harming competitiveness and jobs in the sector. The statement combines short-term production disruption reporting with a broader fiscal policy warning. If ECOS reclassification or punitive tax measures proceed, the downstream effects on the automotive industry and corporate fleet management could be significant. UK car output hit by disruption, SMMT warns on tax plans | Business Motoring

5. AWS Outage Classified as ‘Moderate Incident’ for Insurance Industry: Following Amazon Web Services’ fifteen-hour global outage, cyber insurers and risk analysts classified the event as a “moderate incident” for the insurance market. CyberCube noted that business-interruption exposures and incident-response costs are the main insurance consequences, with experts recommending cloud-provider diversification, review of policy waiting periods—commonly eight to twenty-four hours—and consideration of parametric or extra-expense coverage. The incident has been framed as another “near miss” for cyber insurance, reminding insurers and policyholders of systemic concentration risk. Analysts emphasise that conventional business-interruption claims are often costly, slow, and burdensome to prove, whereas automated or parametric policies could provide faster, more usable recovery for organisations dependent on cloud infrastructure. AWS Outage a ‘Moderate Incident’ for Insurance Industry | Insurance Journal

Want to discuss how these risks might effect your business?
Book 30 minutes with us, free ↗

Need support?

At Fixinc, we are passionate about helping people get through disasters. That’s why our team of Advisors bring you this resource free of charge. If you need help understanding these threats and building a plan against them, the same Advisors are here to help over a 30-minute online call. Once complete, if you like what was provided, you can choose to provide a donation or subscribe to Unreasonable Ventures to support this channel.

Book your 30min call here