In this time of war, here are three critical questions for your direct reports:

  1. Ask your chief information officer: “Are we ready for the inevitable cyberattacks, and have we patched all vulnerabilities?” Russia was behind the SolarWinds hack to infiltrate US and European government networks — and is a pernicious, historical source of malware. We expect a wave of attacks over the coming weeks, including disinformation, ransomware, and cyberespionage. Blocking Russian IP addresses will catch some of the most basic and desperate attacks, but our data shows that software vulnerabilities are actually the most common vector for external attacks. Here’s a Forrester blog post (available to clients and non-clients) with more detail.
  2. Ask your head of supply chain: “How are our supply chains threatened, and what are you doing about it?” Firms should prepare for shortages, supply disruptions, and sanctions to destabilize supply chains for at least 24 months. Risk managers, CISOs, and IT leaders need to urgently review their dependencies on key IT suppliers in the region and build a list of alternative suppliers when and if the need arises. And watch for quickly changing sanctions that will require changes to your third-party ecosystem. Check out this blog post, which outlines supply chain risks.
  3. Ask your chief marketing officer: “Is our advertising supporting Russian disinformation, and should we announce to the world that we stand with Ukraine?” Your CMO should survey your digital advertising campaigns and make sure that they are not being served to sites that are propagating disinformation campaigns — check out this Forrester blog post with more analysis. Forrester surveys indicate that a wide majority of consumers want brands to speak up in support of Ukraine and pull out of Russia. That said, I’m not sure the world needs another CEO making grand statements and virtue-signaling about this war. Do what feels natural to you and your company’s culture — don’t force statements that are obvious (“We don’t support war!”) or cloyingly self-serving (“Our brand does not stand for hate and aggression.”).

Forrester will continue to generate research and analysis as the Ukraine situation moves forward. Here’s our current portfolio (the blog posts already referenced above, plus some additional content):

For clients, head here.

For non-clients, go here.