Hello 👋 get a brew on because these are the top emerging risks between September 8th, and September 22nd, 2025…
Review our report’s terminology here ↗
Our main risk this fortnight is…
1. Technological: Collins Aerospace Cyberattack takes down European airports
Collins Aerospace cyberattack shut down MUSE passenger processing software at major European airports including Heathrow, Brussels, and Berlin.
Shared-use airport systems created single point of failure, forcing manual check-in operations and handwritten baggage tags across multiple countries.
Aviation sector has seen 600% increase in cyberattacks from 2024 to 2025, exposing vulnerabilities in efficiency-driven centralised systems.
Recovery took multiple days, with Brussels Airport requesting airlines cancel half of Monday's departing flights.
Incident highlights risks of common-use platforms that prioritise cost savings over resilience redundancy.
Sources
Cyberattack disrupts check-in systems at major European airports | ABC News | September 21, 2025
A cyberattack on Collins Aerospace disrupted operations at major European airports | Security Affairs | September 21, 2025
What Collins Aerospace should have had in place | Cyber Defence | September 21, 2025
You should be concerned if…
Airlines and aviation industry operators: Your sector has become an increasingly attractive target for cybercriminals due to heavy reliance on shared digital systems and centralised platforms.
Businesses using shared-platform models: Any organisation relying on third-party software providers for critical operations faces similar single-point-of-failure risks, whether cloud-based customer management, shared logistics platforms, or integrated payment systems.
Organisations in regulated industries: Under the EU's NIS2 framework and similar regulations, suppliers of essential services must demonstrate robust operational controls and tested incident management capabilities.
Supply chain managers: Vendor failures can rapidly propagate through operations when critical services are concentrated with single providers, creating cascading business disruptions.
These items are generic assumptions. We recommend considering your own unique risk landscape against your critical dependencies. If you don’t know what they are, get in touch.
Preventative actions
Demand robust failover capabilities
Require critical service providers to demonstrate contractually binding recovery times with audited playbooks for isolating compromised components and switching to clean standby systems within hours, not days.
Diversify critical dependencies
If your business relies on a single provider for essential functions, you're accepting single-point-of-failure risk. Evaluate opportunities to distribute critical functions across multiple vendors or maintain hybrid solutions.
Test manual fallback procedures
Ensure manual backup procedures are regularly tested and staff trained to seamlessly switch to manual operations while technical teams work on system restoration.
Monitor vendor security practices
Include cybersecurity incident histories and response capabilities as part of vendor risk assessments, not just cost and functionality evaluations.
2. Geopolitical: Russian Aircraft Airspace Violations
Three Russian MiG-31 fighter jets violated Estonian airspace for 12 minutes on September 19, flying without flight plans or transponder signals.
Estonian officials called the incident "unprecedentedly brazen" - the fourth airspace violation this year and first involving formation fighters capable of carrying hypersonic missiles.
NATO Italian F-35s scrambled to intercept and force Russian aircraft out, demonstrating alliance's "quick and decisive" response capability.
Estonia invoked NATO Article 4 consultations - only the ninth time in alliance history - requesting urgent talks on territorial integrity threats.
Incident part of broader pattern including Russian drone violations of Polish and Romanian airspace, suggesting systematic testing of NATO's eastern defences.
Sources
Estonia, NATO slam 'brazen' Russian air incursion | Al Jazeera | September 19, 2025
NATO intercepts three Russian jets over Estonia's airspace | CNN | September 19, 2025
Chart shows Russian jets' 12-minute violation of Estonian airspace | Estonian World | September 20, 2025
You should be concerned if…
Operations in Eastern European regions: Businesses with supply chains, energy infrastructure, or logistics operations spanning NATO's eastern flank face increased risk from escalating military tensions and potential airspace disruptions.
International trade and logistics companies: Organisations dependent on stable international agreements and predictable transport corridors should monitor geopolitical risk intelligence as systematic boundary testing suggests potential for broader disruptions.
Energy sector operators: Russia has previously targeted energy infrastructure in hybrid warfare campaigns, and the Baltic region contains critical energy interconnections between NATO allies.
Defence and aerospace contractors: Organisations working with NATO allies or defence systems may face increased scrutiny and operational complexity as alliance members strengthen collective defence measures.
Preventative actions
Monitor geopolitical risk intelligence
Establish regular monitoring of regional security developments if operating in areas where military tensions are escalating, particularly around NATO's eastern borders.
Diversify operational geography
Avoid concentrating critical business functions in regions where military tensions are rising; distribute operations across more geographically stable areas where possible.
Implement currency risk management
Military tensions typically create currency volatility as markets price in escalation risks. Ensure adequate hedging for operations in affected regions.
Update crisis management protocols
Ensure contingency plans account for sudden airspace closures, border restrictions, or military activity that could disrupt logistics and communications.
Quick snippet stories
Harvard students created facial recognition smart glasses Two Harvard computer engineering students built an app turning Meta Ray Ban glasses into real-time doxing devices that display strangers' personal information including names, job titles, and workplace addresses directly on the wearer's lens.
OpenAI admits AI hallucinations are mathematically inevitable OpenAI researchers acknowledged that large language model "hallucinations" producing plausible but false statements aren't engineering flaws but mathematical certainties, forcing enterprises to accept AI error as a feature to manage rather than eliminate.
Australia formally recognises Palestine as sovereign state Australia joined over 150 countries in recognising Palestinian statehood, updating government documents and potentially affecting diplomatic relationships as organisations should consider how political leaders' stances may influence international business relationships.
Chinese economy shows factory and consumer slowdown New data reveals China's industrial output and retail sales growth slowed to their weakest pace in about a year, driven by property sector debt crisis, uncertain job markets, and trade tensions requiring potential policy stimulus.
Thailand banking crisis from anti-fraud overreach Thailand's aggressive crackdown on online scam networks inadvertently froze thousands of innocent accounts using automated tracking tools, causing public panic and businesses shifting to cash-only operations.
Want to discuss how these risks might effect your business?
Book 30 minutes with us, free ↗
Need support?
At Fixinc, we are passionate about helping people get through disasters. That’s why our team of Advisors bring you this resource free of charge. If you need help understanding these threats and building a plan against them, the same Advisors are here to help over a 30-minute online call. Once complete, if you like what was provided, you can choose to provide a donation or subscribe to Unreasonable Ventures to support this channel.
