explain strategic risk management

What is meant by strategic risk? Strategic risk examples encompass many different risks ' and depending on the nature of your business, you may face any or all of them. Understanding the types of strategic risk you face is fundamental to your ability to tackle them as part of your broader governance, risk and compliance (GRC) strategy.

Whether you are a chief risk officer and strategic risk falls firmly within your orbit, or whether as CFO, CEO or general counsel, you take more holistic responsibility for your organization's risk strategy. Understanding and mitigating risk at a strategic level will be a priority.

In today's hyper-connected world, the risk evolves faster than businesses can devise strategies to tackle it. Being familiar with different strategic risk examples can help you get ahead of the curve, helping you identify the types of strategic risk your organization faces and the tactics you can put in place to respond.

Understanding the Different Types of Strategic Risk

'Strategic risk' is a term that's often bandied about. But what does the phrase mean in practice? What types of risk are defined as 'strategic?' How do you identify strategic risks? What are the examples of strategic risks you might face in your organization? What are the types of strategic risk you should prioritize in your risk mitigation strategy?

Strategic risk is a category of risk; alongside operational, financial, regulatory and other business risks, it forms part of the umbrella of risks your organization faces.

When we look at strategic risk examples, they are generally defined as those that threaten a business's ability to set and implement its chosen strategy.

They may be external; events like the Covid-19 pandemic are the perfect example here.

They may be 'self-inflicted,' brought about via an organization's own strategy and decision-making. An example of this would be the accelerating digital transformation of businesses, which has delivered many positives but has also exposed new types of risk.

Exploring Strategic Risk Examples

Regulatory and legislative drivers relating to governance, risk and compliance strategies more generally are also prompting businesses to focus on strategic risk. At the same time, a spotlight has been thrown on strategic risk via growing awareness of the close ties between risk, compliance and business value .

This evolution of risk has led organizations to try and bring some structure to their mitigation strategies by categorizing and prioritizing the risks they face. Let's look at some of the examples of strategic risks you might face.

Some sources distill strategic risks into five types, sometimes called the 'five sources of strategic risk.' However, these aren't always consistent, however, look up several different sources, and you will find a variety of risks listed among the 'five types.'

Our list of strategic risk examples below therefore includes more than five.

What Are the 9 Examples of Strategic Risk?

Among the types of strategic risk you should have on your radar are:

Competitive risk. The risk is that you fall behind your competitors as they innovate and improve their offerings faster than you.
Change risk. The digital transformation risk we cited above is a prime example of this ' the inherent risks of introducing any change program.
Disrupt your business
Create new responsibilities
Demand new technologies (and therefore linking back to change risk)
Distract your business leaders from their operations as their time is abstracted to put in place new governance processes and control measures
Reputational risk . The risk that your corporate standing is threatened. The potential causes of this are legion, from regulatory compliance breaches to shareholder activism or poor performance in public ratings, such as those used to measure ESG performance .
Political risk. The potential for political change, or the political landscape overall, to disrupt your business. For example, through volatility in a country within your supply chain .
Governance risk. The risk brought about by poor governance, risk and compliance processes within your organization.
Financial risk. Risks relating to the financial health of the organization. This differs from...
Economic risk. This refers to the broader economic landscape and its potential to affect the success of your business strategy.
Operational risk. The risk is that your operations and business processes are not up to standard.

Many of these examples of strategic risk are inter-connected. For instance, if you face operational risks around the efficacy and rigor of your processes, this is likely to expose you to financial or regulatory risk. Similarly, if you fail to tackle governance risks, you may well encounter reputational risk.

The intertwined nature of the types of strategic risk emphasizes how important it is to take an integrated approach to address them.

How to Tackle the Different Types of Strategic Risk

Amongst all these strategic risk examples, there are positives. The linkages that cause one risk to increase the chances of another can also work to your advantage. Take a coordinated, integrated stance on one aspect of strategic risk, and your performance in others should also improve. As companies refine their approaches to risk mitigation, they become better able to recognize these connections. As a result, they can approach risk strategically, capitalizing on synergies for a more robust result.

Below we also set out some specific tips that can help you tackle the different strategic risk examples:

Competitive risk. Remaining competitive means understanding your competition; data is key here, and technology can be your friend in enabling you to provide your board with the competitive intelligence they need .
Change risk. Here, good governance is the secret. Put governance at the heart of your change programs and reduce the risks they bring while enhancing their benefits.
Regulatory risk. Keeping on top of the latest developments in the fast-moving regulatory landscape is vital here ' you can't meet expectations if you're not aware of them. Ensure you keep abreast of the news and trends in risk and compliance .
Reputational risk. Bolster your GRC processes , and you have a better chance of swerving the risks that can derail your brand.
Political risk. There is less you can do here, although ensuring you build sustainable supply chains rooted in countries where political volatility is less of a threat can help make your operations more resilient.
Governance risk. As with change risk, robust governance processes and controls are essential to reducing risk here.
Financial risk. While some financial risks come from external factors, improving your ability to measure, monitor and respond to the business risks you face, if done successfully, should minimize the financial threats that fall within your wheelhouse.
Economic risk. Sustainable supply chains can help here, reducing the threat from economic instability in countries you source from. And, again, keeping pace with external events that can affect your risk profile is vital.
Operational risk. One of the areas you have the most control over, introducing agility , rigor and structure to your operations can significantly reduce your risk across all areas of your organization.

Understand and Respond to All Types of Strategic Risk

Hopefully, this article has given you a deeper understanding of the types of strategic risk you face, some examples of strategic risk that bring this to life. It has also provided insights into how you can tackle different strategic risks.

Remaining on the front foot in terms of upcoming legislation, economic trends and governance best practice can really make the difference ' amplifying your ability to be proactive in the face of changing risks.

Diligent's regular GRC Newsletter summarizes the latest insights, exploring strategic risk examples and mitigation strategies in-depth and, as a result, enabling organizations to develop successful enterprise governance risk and compliance programs. You can sign up to receive the newsletter here .

The Rising Tide of ESG – Navigating the Road Ahead

The Board's Role in Leading and Enabling GRC

Board and Executive Collaboration: Components of a Secure Platform for the Evolving Workplace

SUGGESTED TOPICS
The Magazine
Newsletters
Managing Yourself
Managing Teams
Work-life Balance
The Big Idea
Data & Visuals
Reading Lists
Case Selections
HBR Learning
Topic Feeds
Account Settings
Email Preferences

Managing Risks: A New Framework

Robert S. Kaplan
Anette Mikes

Risk management is too-often treated as a compliance issue that can be solved by drawing up lots of rules and making sure that all employees follow them. Many such rules, of course, are sensible and do reduce some risks that could severely damage a company. But rules-based risk management will not diminish either the likelihood or the impact of a disaster such as Deepwater Horizon, just as it did not prevent the failure of many financial institutions during the 2007–2008 credit crisis.

In this article, Robert S. Kaplan and Anette Mikes present a categorization of risk that allows executives to understand the qualitative distinctions between the types of risks that organizations face. Preventable risks, arising from within the organization, are controllable and ought to be eliminated or avoided. Examples are the risks from employees’ and managers’ unauthorized, unethical, or inappropriate actions and the risks from breakdowns in routine operational processes. Strategy risks are those a company voluntarily assumes in order to generate superior returns from its strategy. External risks arise from events outside the company and are beyond its influence or control. Sources of these risks include natural and political disasters and major macroeconomic shifts. Risk events from any category can be fatal to a company’s strategy and even to its survival.

Companies should tailor their risk management processes to these different risk categories. A rules-based approach is effective for managing preventable risks, whereas strategy risks require a fundamentally different approach based on open and explicit risk discussions. To anticipate and mitigate the impact of major external risks, companies can call on tools such as war-gaming and scenario analysis.

Smart companies match their approach to the nature of the threats they face.

Editors’ note: Since this issue of HBR went to press, JP Morgan, whose risk management practices are highlighted in this article, revealed significant trading losses at one of its units. The authors provide their commentary on this turn of events in their contribution to HBR’s Insight Center on Managing Risky Behavior.

When Tony Hayward became CEO of BP, in 2007, he vowed to make safety his top priority. Among the new rules he instituted were the requirements that all employees use lids on coffee cups while walking and refrain from texting while driving. Three years later, on Hayward’s watch, the Deepwater Horizon oil rig exploded in the Gulf of Mexico, causing one of the worst man-made disasters in history. A U.S. investigation commission attributed the disaster to management failures that crippled “the ability of individuals involved to identify the risks they faced and to properly evaluate, communicate, and address them.” Hayward’s story reflects a common problem. Despite all the rhetoric and money invested in it, risk management is too often treated as a compliance issue that can be solved by drawing up lots of rules and making sure that all employees follow them. Many such rules, of course, are sensible and do reduce some risks that could severely damage a company. But rules-based risk management will not diminish either the likelihood or the impact of a disaster such as Deepwater Horizon, just as it did not prevent the failure of many financial institutions during the 2007–2008 credit crisis.

In this article, we present a new categorization of risk that allows executives to tell which risks can be managed through a rules-based model and which require alternative approaches. We examine the individual and organizational challenges inherent in generating open, constructive discussions about managing the risks related to strategic choices and argue that companies need to anchor these discussions in their strategy formulation and implementation processes . We conclude by looking at how organizations can identify and prepare for nonpreventable risks that arise externally to their strategy and operations.

Managing Risk: Rules or Dialogue?

The first step in creating an effective risk-management system is to understand the qualitative distinctions among the types of risks that organizations face. Our field research shows that risks fall into one of three categories. Risk events from any category can be fatal to a company’s strategy and even to its survival.

Category I: Preventable risks.

These are internal risks, arising from within the organization, that are controllable and ought to be eliminated or avoided. Examples are the risks from employees’ and managers’ unauthorized, illegal, unethical, incorrect, or inappropriate actions and the risks from breakdowns in routine operational processes. To be sure, companies should have a zone of tolerance for defects or errors that would not cause severe damage to the enterprise and for which achieving complete avoidance would be too costly. But in general, companies should seek to eliminate these risks since they get no strategic benefits from taking them on. A rogue trader or an employee bribing a local official may produce some short-term profits for the firm, but over time such actions will diminish the company’s value.

Identifying and Managing Preventable Risks

Companies cannot anticipate every circumstance or conflict of interest that an employee might encounter. Thus, the first line of defense against preventable risk events is to provide guidelines clarifying the company’s goals and values.

The Mission

A well-crafted mission statement articulates the organization’s fundamental purpose, serving as a “true north” for all employees to follow. The first sentence of Johnson & Johnson’s renowned credo, for instance, states, “We believe our first responsibility is to the doctors, nurses and patients, to mothers and fathers, and all others who use our products and services,” making clear to all employees whose interests should take precedence in any situation. Mission statements should be communicated to and understood by all employees.

Companies should articulate the values that guide employee behavior toward principal stakeholders, including customers, suppliers, fellow employees, communities, and shareholders. Clear value statements help employees avoid violating the company’s standards and putting its reputation and assets at risk.

The Boundaries

A strong corporate culture clarifies what is not allowed. An explicit definition of boundaries is an effective way to control actions. Consider that nine of the Ten Commandments and nine of the first 10 amendments to the U.S. Constitution (commonly known as the Bill of Rights) are written in negative terms. Companies need corporate codes of business conduct that prescribe behaviors relating to conflicts of interest, antitrust issues, trade secrets and confidential information, bribery, discrimination, and harassment.

Of course, clearly articulated statements of mission, values, and boundaries don’t in themselves ensure good behavior. To counter the day-to-day pressures of organizational life, top managers must serve as role models and demonstrate that they mean what they say. Companies must institute strong internal control systems, such as the segregation of duties and an active whistle-blowing program, to reduce not only misbehavior but also temptation. A capable and independent internal audit department tasked with continually checking employees’ compliance with internal controls and standard operating processes also will deter employees from violating company procedures and policies and can detect violations when they do occur.

See also Robert Simons’s article on managing preventable risks, “ How Risky Is Your Company? ” (HBR May 1999), and his book Levers of Control (Harvard Business School Press, 1995).

This risk category is best managed through active prevention: monitoring operational processes and guiding people’s behaviors and decisions toward desired norms. Since considerable literature already exists on the rules-based compliance approach, we refer interested readers to the sidebar “Identifying and Managing Preventable Risks” in lieu of a full discussion of best practices here.

Category II: Strategy risks.

A company voluntarily accepts some risk in order to generate superior returns from its strategy. A bank assumes credit risk, for example, when it lends money; many companies take on risks through their research and development activities.

Strategy risks are quite different from preventable risks because they are not inherently undesirable. A strategy with high expected returns generally requires the company to take on significant risks, and managing those risks is a key driver in capturing the potential gains. BP accepted the high risks of drilling several miles below the surface of the Gulf of Mexico because of the high value of the oil and gas it hoped to extract.

Strategy risks cannot be managed through a rules-based control model. Instead, you need a risk-management system designed to reduce the probability that the assumed risks actually materialize and to improve the company’s ability to manage or contain the risk events should they occur. Such a system would not stop companies from undertaking risky ventures; to the contrary, it would enable companies to take on higher-risk, higher-reward ventures than could competitors with less effective risk management.

Category III: External risks.

Some risks arise from events outside the company and are beyond its influence or control. Sources of these risks include natural and political disasters and major macroeconomic shifts . External risks require yet another approach. Because companies cannot prevent such events from occurring, their management must focus on identification (they tend to be obvious in hindsight) and mitigation of their impact.

Understanding the Three Categories of Risk

The risks that companies face fall into three categories, each of which requires a different risk-management approach. Preventable risks, arising from within an organization, are monitored and controlled through rules, values, and standard compliance tools. In contrast, strategy risks and external risks require distinct processes that encourage managers to openly discuss risks and find cost-effective ways to reduce the likelihood of risk events or mitigate their consequences.

Companies should tailor their risk-management processes to these different categories. While a compliance-based approach is effective for managing preventable risks, it is wholly inadequate for strategy risks or external risks, which require a fundamentally different approach based on open and explicit risk discussions. That, however, is easier said than done; extensive behavioral and organizational research has shown that individuals have strong cognitive biases that discourage them from thinking about and discussing risk until it’s too late.

Why Risk Is Hard to Talk About

Multiple studies have found that people overestimate their ability to influence events that, in fact, are heavily determined by chance. We tend to be overconfident about the accuracy of our forecasts and risk assessments and far too narrow in our assessment of the range of outcomes that may occur.

We also anchor our estimates to readily available evidence despite the known danger of making linear extrapolations from recent history to a highly uncertain and variable future. We often compound this problem with a confirmation bias, which drives us to favor information that supports our positions (typically successes) and suppress information that contradicts them (typically failures). When events depart from our expectations, we tend to escalate commitment, irrationally directing even more resources to our failed course of action—throwing good money after bad.

Organizational biases also inhibit our ability to discuss risk and failure. In particular, teams facing uncertain conditions often engage in groupthink : Once a course of action has gathered support within a group, those not yet on board tend to suppress their objections—however valid—and fall in line. Groupthink is especially likely if the team is led by an overbearing or overconfident manager who wants to minimize conflict, delay, and challenges to his or her authority.

Collectively, these individual and organizational biases explain why so many companies overlook or misread ambiguous threats. Rather than mitigating risk, firms actually incubate risk through the normalization of deviance, as they learn to tolerate apparently minor failures and defects and treat early warning signals as false alarms rather than alerts to imminent danger.

Effective risk-management processes must counteract those biases. “Risk mitigation is painful, not a natural act for humans to perform,” says Gentry Lee, the chief systems engineer at Jet Propulsion Laboratory (JPL), a division of the U.S. National Aeronautics and Space Administration. The rocket scientists on JPL project teams are top graduates from elite universities, many of whom have never experienced failure at school or work. Lee’s biggest challenge in establishing a new risk culture at JPL was to get project teams to feel comfortable thinking and talking about what could go wrong with their excellent designs.

Rules about what to do and what not to do won’t help here. In fact, they usually have the opposite effect, encouraging a checklist mentality that inhibits challenge and discussion. Managing strategy risks and external risks requires very different approaches. We start by examining how to identify and mitigate strategy risks.

Managing Strategy Risks

Over the past 10 years of study, we’ve come across three distinct approaches to managing strategy risks. Which model is appropriate for a given firm depends largely on the context in which an organization operates. Each approach requires quite different structures and roles for a risk-management function, but all three encourage employees to challenge existing assumptions and debate risk information. Our finding that “one size does not fit all” runs counter to the efforts of regulatory authorities and professional associations to standardize the function.

Independent experts.

Some organizations—particularly those like JPL that push the envelope of technological innovation—face high intrinsic risk as they pursue long, complex, and expensive product-development projects. But since much of the risk arises from coping with known laws of nature, the risk changes slowly over time. For these organizations, risk management can be handled at the project level.

JPL, for example, has established a risk review board made up of independent technical experts whose role is to challenge project engineers’ design, risk-assessment, and risk-mitigation decisions. The experts ensure that evaluations of risk take place periodically throughout the product-development cycle. Because the risks are relatively unchanging, the review board needs to meet only once or twice a year, with the project leader and the head of the review board meeting quarterly.

The risk review board meetings are intense, creating what Gentry Lee calls “a culture of intellectual confrontation.” As board member Chris Lewicki says, “We tear each other apart, throwing stones and giving very critical commentary about everything that’s going on.” In the process, project engineers see their work from another perspective. “It lifts their noses away from the grindstone,” Lewicki adds.

The meetings, both constructive and confrontational, are not intended to inhibit the project team from pursuing highly ambitious missions and designs. But they force engineers to think in advance about how they will describe and defend their design decisions and whether they have sufficiently considered likely failures and defects. The board members, acting as devil’s advocates, counterbalance the engineers’ natural overconfidence, helping to avoid escalation of commitment to projects with unacceptable levels of risk.

Risk management is painful—not a natural act for humans to perform.

At JPL, the risk review board not only promotes vigorous debate about project risks but also has authority over budgets. The board establishes cost and time reserves to be set aside for each project component according to its degree of innovativeness. A simple extension from a prior mission would require a 10% to 20% financial reserve, for instance, whereas an entirely new component that had yet to work on Earth—much less on an unexplored planet—could require a 50% to 75% contingency. The reserves ensure that when problems inevitably arise, the project team has access to the money and time needed to resolve them without jeopardizing the launch date. JPL takes the estimates seriously; projects have been deferred or canceled if funds were insufficient to cover recommended reserves.

Facilitators.

Many organizations, such as traditional energy and water utilities, operate in stable technological and market environments, with relatively predictable customer demand. In these situations risks stem largely from seemingly unrelated operational choices across a complex organization that accumulate gradually and can remain hidden for a long time.

Since no single staff group has the knowledge to perform operational-level risk management across diverse functions, firms may deploy a relatively small central risk-management group that collects information from operating managers. This increases managers’ awareness of the risks that have been taken on across the organization and provides decision makers with a full picture of the company’s risk profile.

Embedded experts.

The financial services industry poses a unique challenge because of the volatile dynamics of asset markets and the potential impact of decisions made by decentralized traders and investment managers. An investment bank’s risk profile can change dramatically with a single deal or major market movement. For such companies, risk management requires embedded experts within the organization to continuously monitor and influence the business’s risk profile, working side by side with the line managers whose activities are generating new ideas, innovation, and risks—and, if all goes well, profits.

The danger from embedding risk managers within the line organization is that they “go native”—becoming deal makers rather than deal questioners.

JP Morgan Private Bank adopted this model in 2007, at the onset of the global financial crisis. Risk managers, embedded within the line organization, report to both line executives and a centralized, independent risk-management function. The face-to-face contact with line managers enables the market-savvy risk managers to continually ask “what if” questions, challenging the assumptions of portfolio managers and forcing them to look at different scenarios. Risk managers assess how proposed trades affect the risk of the entire investment portfolio, not only under normal circumstances but also under times of extreme stress, when the correlations of returns across different asset classes escalate. “Portfolio managers come to me with three trades, and the [risk] model may say that all three are adding to the same type of risk,” explains Gregoriy Zhikarev, a risk manager at JP Morgan. “Nine times out of 10 a manager will say, ‘No, that’s not what I want to do.’ Then we can sit down and redesign the trades.”

The chief danger from embedding risk managers within the line organization is that they “go native,” aligning themselves with the inner circle of the business unit’s leadership team—becoming deal makers rather than deal questioners. Preventing this is the responsibility of the company’s senior risk officer and—ultimately—the CEO, who sets the tone for a company’s risk culture.

Avoiding the Function Trap

Even if managers have a system that promotes rich discussions about risk, a second cognitive-behavioral trap awaits them. Because many strategy risks (and some external risks) are quite predictable—even familiar—companies tend to label and compartmentalize them, especially along business function lines. Banks often manage what they label “credit risk,” “market risk,” and “operational risk” in separate groups. Other companies compartmentalize the management of “brand risk,” “reputation risk,” “supply chain risk,” “human resources risk,” “IT risk,” and “financial risk.”

Such organizational silos disperse both information and responsibility for effective risk management. They inhibit discussion of how different risks interact. Good risk discussions must be not only confrontational but also integrative. Businesses can be derailed by a combination of small events that reinforce one another in unanticipated ways.

Managers can develop a companywide risk perspective by anchoring their discussions in strategic planning, the one integrative process that most well-run companies already have. For example, Infosys, the Indian IT services company, generates risk discussions from the Balanced Scorecard, its management tool for strategy measurement and communication. “As we asked ourselves about what risks we should be looking at,” says M.D. Ranganath, the chief risk officer, “we gradually zeroed in on risks to business objectives specified in our corporate scorecard.”

In building its Balanced Scorecard, Infosys had identified “growing client relationships” as a key objective and selected metrics for measuring progress, such as the number of global clients with annual billings in excess of $50 million and the annual percentage increases in revenues from large clients. In looking at the goal and the performance metrics together, management realized that its strategy had introduced a new risk factor: client default. When Infosys’s business was based on numerous small clients, a single client default would not jeopardize the company’s strategy. But a default by a $50 million client would present a major setback. Infosys began to monitor the credit default swap rate of every large client as a leading indicator of the likelihood of default. When a client’s rate increased, Infosys would accelerate collection of receivables or request progress payments to reduce the likelihood or impact of default.

To take another example, consider Volkswagen do Brasil (subsequently abbreviated as VW), the Brazilian subsidiary of the German carmaker. VW’s risk-management unit uses the company’s strategy map as a starting point for its dialogues about risk. For each objective on the map, the group identifies the risk events that could cause VW to fall short of that objective. The team then generates a Risk Event Card for each risk on the map, listing the practical effects of the event on operations, the probability of occurrence, leading indicators, and potential actions for mitigation. It also identifies who has primary accountability for managing the risk.

The Risk Event Card. VW do Brasil uses risk event cards to assess its strategy risks. First, managers document the risks associated with achieving each of the company’s strategic objectives. For each identified risk, managers create a risk card that lists the practical effects of the event’s occurring on operations. This sample card looks at the effects of an interruption in deliveries, which could jeopardize VW’s strategic objective of achieving a smoothly functioning supply chain. The card clearly describes each aspect of the risk event, beginning with the strategic objective, which is to guarantee reliable and competitive supplier-to-manufacturer processes. The risk event is interruption of deliveries. Outcomes could be: overtime, emergency freight, quality problems, and production losses. Risk indicators include: a critical items report, late deliveries, incoming defects, and incorrect component shipments. The likelihood of the risk event happening is 12. This number represents a heat map score between 1 and 25, that multiplies a likelihood rating by a magnitude rating. A score of 15 or higher represents a risk event that is most likely to occur and most consequential. Management controls include: holding daily supply chain meeting with logistics, purchasing, and Q-A; Monitoring suppliers tooling to detect deterioration; and risk-mitigation initiatives to upgrade suppliers’ tooling and to identify the key supply chain executive at each critical supplier. The Accountable manager is Mister Oh Manuel, director of manufacturing logistics.

See more HBR charts in Data & Visuals

The risk team then presents a high-level summary of results to senior management.

The Risk Report Card. VW do Brasil summarizes its strategy risks on a Risk Report Card organized by strategic objectives. Managers can see at a glance how many of the identified risks for each objective are critical and require attention or mitigation. Managers can also monitor progress on risk management across the company. In this table, strategic objectives are listed in the first column. The second column lists the number of assessed risks for each objective, and the third column specifies how many of those risks are deemed critical. The final column indicates whether the trend is improving, worsening, or staying the same, compared with the previous quarter. For instance, VW identified 11 risks associated with achieving the goal “Satisfy the customer’s expectations.” Four of the risks were critical, but that was an improvement over the previous quarter’s assessment. As another example, for the goal “Guarantee customer-oriented innovations management,” VW identified 5 risks, of which 2 were critical, which was worse than the previous quarter’s assessment.

Beyond introducing a systematic process for identifying and mitigating strategy risks, companies also need a risk oversight structure. Infosys uses a dual structure: a central risk team that identifies general strategy risks and establishes central policy, and specialized functional teams that design and monitor policies and controls in consultation with local business teams. The decentralized teams have the authority and expertise to help the business lines respond to threats and changes in their risk profiles, escalating only the exceptions to the central risk team for review. For example, if a client relationship manager wants to give a longer credit period to a company whose credit risk parameters are high, the functional risk manager can send the case to the central team for review.

These examples show that the size and scope of the risk function are not dictated by the size of the organization. Hydro One, a large company, has a relatively small risk group to generate risk awareness and communication throughout the firm and to advise the executive team on risk-based resource allocations. By contrast, relatively small companies or units, such as JPL or JP Morgan Private Bank, need multiple project-level review boards or teams of embedded risk managers to apply domain expertise to assess the risk of business decisions. And Infosys, a large company with broad operational and strategic scope, requires a strong centralized risk-management function as well as dispersed risk managers who support local business decisions and facilitate the exchange of information with the centralized risk group.

Managing the Uncontrollable

External risks, the third category of risk, cannot typically be reduced or avoided through the approaches used for managing preventable and strategy risks. External risks lie largely outside the company’s control; companies should focus on identifying them, assessing their potential impact, and figuring out how best to mitigate their effects should they occur.

Some external risk events are sufficiently imminent that managers can manage them as they do their strategy risks. For example, during the economic slowdown after the global financial crisis, Infosys identified a new risk related to its objective of developing a global workforce: an upsurge in protectionism, which could lead to tight restrictions on work visas and permits for foreign nationals in several OECD countries where Infosys had large client engagements. Although protectionist legislation is technically an external risk since it’s beyond the company’s control, Infosys treated it as a strategy risk and created a Risk Event Card for it, which included a new risk indicator: the number and percentage of its employees with dual citizenships or existing work permits outside India. If this number were to fall owing to staff turnover, Infosys’s global strategy might be jeopardized. Infosys therefore put in place recruiting and retention policies that mitigate the consequences of this external risk event.

Most external risk events, however, require a different analytic approach either because their probability of occurrence is very low or because managers find it difficult to envision them during their normal strategy processes. We have identified several different sources of external risks:

Natural and economic disasters with immediate impact. These risks are predictable in a general way, although their timing is usually not (a large earthquake will hit someday in California, but there is no telling exactly where or when). They may be anticipated only by relatively weak signals. Examples include natural disasters such as the 2010 Icelandic volcano eruption that closed European airspace for a week and economic disasters such as the bursting of a major asset price bubble. When these risks occur, their effects are typically drastic and immediate, as we saw in the disruption from the Japanese earthquake and tsunami in 2011.
Geopolitical and environmental changes with long-term impact. These include political shifts such as major policy changes, coups, revolutions, and wars; long-term environmental changes such as global warming; and depletion of critical natural resources such as fresh water.
Competitive risks with medium-term impact. These include the emergence of disruptive technologies (such as the internet, smartphones, and bar codes) and radical strategic moves by industry players (such as the entry of Amazon into book retailing and Apple into the mobile phone and consumer electronics industries).

Companies use different analytic approaches for each of the sources of external risk.

Tail-risk stress tests.

Stress-testing helps companies assess major changes in one or two specific variables whose effects would be major and immediate, although the exact timing is not forecastable. Financial services firms use stress tests to assess, for example, how an event such as the tripling of oil prices, a large swing in exchange or interest rates, or the default of a major institution or sovereign country would affect trading positions and investments.

The benefits from stress-testing, however, depend critically on the assumptions—which may themselves be biased—about how much the variable in question will change. The tail-risk stress tests of many banks in 2007–2008, for example, assumed a worst-case scenario in which U.S. housing prices leveled off and remained flat for several periods. Very few companies thought to test what would happen if prices began to decline—an excellent example of the tendency to anchor estimates in recent and readily available data. Most companies extrapolated from recent U.S. housing prices, which had gone several decades without a general decline, to develop overly optimistic market assessments.

Scenario planning.

This tool is suited for long-range analysis, typically five to 10 years out. Originally developed at Shell Oil in the 1960s, scenario analysis is a systematic process for defining the plausible boundaries of future states of the world. Participants examine political, economic, technological, social, regulatory, and environmental forces and select some number of drivers—typically four—that would have the biggest impact on the company. Some companies explicitly draw on the expertise in their advisory boards to inform them about significant trends, outside the company’s and industry’s day-to-day focus, that should be considered in their scenarios.

For each of the selected drivers, participants estimate maximum and minimum anticipated values over five to 10 years. Combining the extreme values for each of four drivers leads to 16 scenarios. About half tend to be implausible and are discarded; participants then assess how their firm’s strategy would perform in the remaining scenarios. If managers see that their strategy is contingent on a generally optimistic view, they can modify it to accommodate pessimistic scenarios or develop plans for how they would change their strategy should early indicators show an increasing likelihood of events turning against it.

War-gaming.

War-gaming assesses a firm’s vulnerability to disruptive technologies or changes in competitors’ strategies. In a war-game, the company assigns three or four teams the task of devising plausible near-term strategies or actions that existing or potential competitors might adopt during the next one or two years—a shorter time horizon than that of scenario analysis. The teams then meet to examine how clever competitors could attack the company’s strategy. The process helps to overcome the bias of leaders to ignore evidence that runs counter to their current beliefs, including the possibility of actions that competitors might take to disrupt their strategy.

A firm’s ability to weather storms depends on how seriously executives take risk management when the sun is shining and no clouds are on the horizon.

Companies have no influence over the likelihood of risk events identified through methods such as tail-risk testing, scenario planning, and war-gaming. But managers can take specific actions to mitigate their impact. Since moral hazard does not arise for nonpreventable events, companies can use insurance or hedging to mitigate some risks, as an airline does when it protects itself against sharp increases in fuel prices by using financial derivatives. Another option is for firms to make investments now to avoid much higher costs later. For instance, a manufacturer with facilities in earthquake-prone areas can increase its construction costs to protect critical facilities against severe quakes. Also, companies exposed to different but comparable risks can cooperate to mitigate them. For example, the IT data centers of a university in North Carolina would be vulnerable to hurricane risk while those of a comparable university on the San Andreas Fault in California would be vulnerable to earthquakes. The likelihood that both disasters would happen on the same day is small enough that the two universities might choose to mitigate their risks by backing up each other’s systems every night.

The Leadership Challenge

Managing risk is very different from managing strategy. Risk management focuses on the negative—threats and failures rather than opportunities and successes. It runs exactly counter to the “can do” culture most leadership teams try to foster when implementing strategy. And many leaders have a tendency to discount the future; they’re reluctant to spend time and money now to avoid an uncertain future problem that might occur down the road, on someone else’s watch. Moreover, mitigating risk typically involves dispersing resources and diversifying investments, just the opposite of the intense focus of a successful strategy. Managers may find it antithetical to their culture to champion processes that identify the risks to the strategies they helped to formulate.

For those reasons, most companies need a separate function to handle strategy- and external-risk management. The risk function’s size will vary from company to company, but the group must report directly to the top team. Indeed, nurturing a close relationship with senior leadership will arguably be its most critical task; a company’s ability to weather storms depends very much on how seriously executives take their risk-management function when the sun is shining and no clouds are on the horizon.

That was what separated the banks that failed in the financial crisis from those that survived. The failed companies had relegated risk management to a compliance function; their risk managers had limited access to senior management and their boards of directors. Further, executives routinely ignored risk managers’ warnings about highly leveraged and concentrated positions. By contrast, Goldman Sachs and JPMorgan Chase, two firms that weathered the financial crisis well, had strong internal risk-management functions and leadership teams that understood and managed the companies’ multiple risk exposures. Barry Zubrow, chief risk officer at JP Morgan Chase, told us, “I may have the title, but [CEO] Jamie Dimon is the chief risk officer of the company.”

Risk management is nonintuitive; it runs counter to many individual and organizational biases. Rules and compliance can mitigate some critical risks but not all of them. Active and cost-effective risk management requires managers to think systematically about the multiple categories of risks they face so that they can institute appropriate processes for each. These processes will neutralize their managerial bias of seeing the world as they would like it to be rather than as it actually is or could possibly become.

Robert S. Kaplan is a senior fellow and the Marvin Bower Professor of Leadership Development emeritus at Harvard Business School. He coauthored the McKinsey Award–winning HBR article “ Accounting for Climate Change ” (November–December 2021).
Anette Mikes is a fellow at Hertford College, Oxford University, and an associate professor at Oxford’s Saïd Business School.

Partner Center

10 Types of Risk Management Strategies to Follow in 2021

Having a strong approach to risk management is more important now than ever in today’s dynamic risk environment. Following these ten types of risk management strategies can better prepare your business for a volatile risk landscape.

McKinsey found that when banks shut branches and corporate offices, it altered how customers interact with them, forcing changes to long-held risk management practices in order to monitor existing risks and guard against new ones.

Regardless of industry, how quickly and effectively risks can be identified and managed will determine how well companies and institutions will recover and rebuild — and this requires rethinking risk management strategies. As organizations increase their focus on identifying, mitigating, and monitoring risks in response to an ever more volatile risk environment, you may have questions about who is responsible for developing a risk management strategy and what are the different risk management strategies? Here’s everything that you need to know to better address today’s top risk areas .

What Is a Risk Management Strategy?

A risk management strategy is a structured approach to addressing risks, and can be used in companies of all sizes and across any industry. Risk management is best understood not as a series of steps, but as a cyclical process in which new and ongoing risks are continually identified, assessed, managed, and monitored. This provides a way to update and review assessments as new developments occur and then to take steps to protect the organization, people, and assets.

Identifying Risks

Risk identification can result from passively stumbling across vulnerabilities or through implemented tools and control processes that raise red flags when there are potential identified risks. Being more proactive rather than reactive is always the best approach to reducing risk points.

Assessing Risks

Once potential risks have been identified, each risk should be assessed to determine the likelihood of it becoming a concern, its level of severity, and the probable impact — this helps audit teams prioritize each risk. Whether your audit team is conducting a risk assessment for Sarbanes Oxley (SOX) or focusing on other types of risks, your assessments should be systematic, documented, and, depending on your business, reviewed at least annually. How often risk assessments are completed will differ, depending on the size and complexity of each business.

Responding to Risks

After assessing risks, the next part of the process involves developing and implementing treatments and controls, enabling the organization to address risks appropriately and effectively deal with each risk in a timely manner.

Monitoring Risks

Risk monitoring is the ongoing process of managing risk by tracking risk management execution, and continuing to identify and manage new risks. Monitoring risks enables prompt action if the likelihood, severity or, potential impact of a risk exceeds acceptable levels.

The Integration Imperative: Connecting People, Technology, and Business in a New Era of Risk

Why Is Having a Risk Management Strategy Important?

Project and operational risks are not uncommon to most businesses, but having risk management processes and strategies are essential in identifying your company’s strengths, weaknesses, opportunities, and threats (SWOT) — also known as conducting a SWOT analysis. There are many other benefits to effectively managing risks .

1. Operational Effectiveness and Business Continuity

No matter how well prepared your business is, operational risks can surface at any time — and from sources that you may not have been aware of in the past. Risks can take the form of a new cybersecurity threat, a supplier or service provider that’s no longer able to service your company, or an equipment failure. With all the moving parts both in a company and outside of it that have an impact, having an established risk management process and a strategy in place that allows you to ensure internal controls to prevent fraud are in place — or to deal with other types of risk as they arise.

2. Protection of Your Company’s Assets

Whether it’s physical equipment, supplies, or information, protecting your company’s assets is imperative. A recent report by IBM shows that over 8.5 billion records were compromised in data breaches between April 2019 and 2020 — with the average cost of a mega-sized data breach being $3.86 million US. In the one-year period ending April 2020, 80 percent of thefts were customer-related personally identifiable information (PII). This makes establishing a solid and actionable risk management strategy imperative from a business insurance perspective.

3. Customer Satisfaction and Loyalty

Your company’s logo, brand, digital presence, and reputation is also an asset — and your customers take comfort in seeing and interacting with them daily. When your business has a well-thought-out and developed risk management plan and acts on it, your customers can maintain a sense of security and confidence about your reputation and brand. Your risk strategies and processes help you protect your brand and reputation by safeguarding these assets. It also ensures that customers can maintain faith in your ability to be there and deliver the products and services to which you’ve committed. The result is a higher degree of customer satisfaction and loyalty.

4. Realizing Benefits and Achieving Goals

A significant part of finishing projects on time and achieving the intended goals relies on how effectively risks are managed. Risk management identification, assessment, and management practices expose vulnerabilities faster — and allow your company to remove projects and activities that simply don’t produce a return on investment. This increases the chance of achieving your expected project portfolio and wider business performance and reaping the anticipated benefits.

5. Increased Profitability

The bottom line for most businesses is remaining profitable. Often when something like a breach occurs, there is a substantial financial impact — and it usually involves tedious hours working with legal and insurance teams to conduct lengthy investigations. Managing market, credit, operational, reputational, and other risks is vital to keeping your company’s bottom line healthy.

What Are 4 Examples of Common Risk Responses?

Managing risks can involve applying different risk responses to deal with varying types of risk. Not every risk will warrant the same response. You’ve likely heard the adage, “Avoidance is not a strategy.” Well, believe it or not, when it comes to risk management strategies, avoidance is a common risk response — along with reducing, accepting, and transferring. Here’s what you need to know about each risk response and when they might work best.

1. Avoiding Risk

Avoidance is an option that works to remove the chance of a risk becoming a reality or posing a threat altogether. If a product isn’t working well but doesn’t present any potential risk to the health or safety of employees or the company then avoiding the risk may be the best option. One example may be avoiding the use of a piece of faulty equipment — but only if it isn’t needed and it doesn’t impact performance, productivity, or safety. Avoidance shouldn’t necessarily be used with frequency or for longer-term threats. Eventually, this response should be re-evaluated to find other sustainable risk responses that address underlying issues.

2. Accepting Risks

Sometimes avoidance isn’t an appropriate response, and acceptance may be the better practice. When a risk is unlikely to occur or if the impact is minimal, then accepting the risk might be the best response. Timing also plays a role — it could be that a risk doesn’t pose any imminent concern, or it won’t impact your company’s strategic outlook. One example might be a change to vendor pricing or delivery down the road. It’s important to keep re-evaluating these types of risks periodically: their impact on your company and its projects could change.

3. Mitigating Risks

Mitigating risks is the most commonly discussed risk response — however, it isn’t always practical or possible. It may be the best option if a risk poses a real threat or problem, and avoidance or acceptance won’t suffice. If a risk creates a negative impact and one that could be costly to your company, employees, vendors, or customers, then that risk should be mitigated. This means identifying the risk, assessing all possible solutions, devising a plan, taking action, and monitoring the results.

4. Transferring Risks

There will be times when challenges or issues arise and you or your team may not be able to avoid, accept, or mitigate them. One example may be a lack of expertise or training required to address the risks. In this case, it may be a good idea to outsource or transfer the risk to another party — sometimes in-house, while other times it might warrant help from an external third or fourth party.

Who is Responsible for Developing a Risk Management Strategy?

Determining who will be the best person or function to identify, assess, and develop a risk management strategy won’t necessarily be the same each time — it will depend on the scope, nature, company structure, complexity, resource availability, and team capabilities. So who is responsible for developing a risk management strategy? It might be the responsibility of a risk management committee member, an audit team member, a project manager, a risk specialist, or someone else – like an external consultant. When deciding which direction to go, other things to consider include:

What are the 10 Types of Risk Management Strategies to Follow?

It’s important to know that there are many different risk management strategies, each with its own benefits and uses. Here are ten types to follow.

Type 1: Business Experiments

This risk management strategy is useful in running ‘what-if’ scenarios to gauge different outcomes to potential threats. From IT to marketing teams, many functional groups are well versed in conducting business experiments. Financial teams also run experiments to gauge return on investments or assess other financial metrics.

Type 2: Theory Validation

Theory validation strategies are conducted using questionnaires and surveys of groups to gain feedback based on experience. If a new product or service has been developed or there are enhancements, it makes sense to get direct, timely, and relevant feedback from end users to assist with managing potential challenges and design flaws, and thus better manage risks.

Type 3: Minimum Viable Product Development

Developing complex systems that offer nice-to-have features isn’t always the best route. A good risk management strategy considers building software using core modules and features that will be relevant and useful for the bulk of their customers — this is called a Minimum Viable Product (MVP). It helps to keep projects within scope, minimizes the financial burden, and helps companies get to market faster.

Type 4: Isolating Identified Risks

Information technology teams are used to engaging with internal or external help to isolate security gaps or flawed processes that might leave room for vulnerabilities. In doing so, they become proactive in identifying security risks ahead of an event rather than waiting for a malicious and costly breach to occur.

Type 5: Building in Buffers

Whether it’s a technology or audit project, project managers recognize the need to build in a buffer. Buffers reduce risks by ensuring initiatives stay within the intended scope. Depending on the project, buffers may be financial, resource or time-based. The goal here is making sure that there are no surprises posing unforeseen risks.

Type 6: Data Analysis

Data gathering and analysis are key elements in assessing and managing various risks. For instance, qualitative risk analysis can help identify potential project risks. Conducting a thorough qualitative risk analysis helps to isolate and prioritize risks, and to develop strategies to address, monitor, and re-evaluate them.

Type 7: Risk-Reward Analysis

Conducting an analysis of risks versus rewards is a risk strategy that helps companies and project teams unearth the benefits and drawbacks of an initiative before investing resources, time, or money. It’s not only about the risks and rewards of investing funds to take on opportunities — it’s also about providing insight into the cost of lost opportunities.

Type 8: Lessons Learned

With every initiative or project that your company does or doesn’t complete, there will inevitably be lessons that can be learned. These lessons are a valuable tool that can significantly reduce risks in future projects or undertakings — but lessons are only useful if teams take the time to document them, discuss them, and develop an action plan for improvement based on what’s been learned.

Type 9: Contingency Planning

Things seldom go as planned, and while having a plan is great, it’s seldom enough. Companies need to plan to have multiple plans or options based on various scenarios. Contingency planning is all about anticipating that things will go wrong and planning alternate solutions for the type of risks that may surface and foil your original plan.

Type 10: Leveraging Best Practices

There’s a reason best practices are mentioned under risk management strategies. Best practices are usually tried and tested ways of doing things — and while they may differ from industry to industry and project to project, best practices ensure companies don’t have to recreate the wheel. Ultimately this reduces risks.

Effectively managing risk has always been critical for success in any company and industry — but never more so than today. Being able to identify and properly assess risks reduces missteps and saves money, time, and valuable resources. It also clarifies decision-makers and their teams and helps leaders recognize opportunities and the actions they need to take. An important part of your risk strategy should also involve managing your company’s risks by using integrated risk management software that facilitates collaboration and visibility into risk to increase the effectiveness of your risk management programs. Get started with RiskOversight today!

Using a Framework to Guide an IT Security Review

Ready to Get Started?

Thought Leadership

What is a risk management strategy?

Having an appropriate risk management strategy is critical to dealing with the many types of risk that your organisation could face. But what is a risk management strategy? And what risk management strategies can you use?

A strategy for risk management is a dedicated plan which details how organisations are going deal with risk, both pre-emptively and as incidents occur. It provides a detailed outlook for stakeholders across t he business so they can make informed decisions. Read on for a more detailed definition where we break down the four common approaches to building a management strategy for risk and how to choose wh ich one is suitable for your needs.

How to approach building a risk management strategy

A risk management strategy is a key part of the risk management lifecycle . After identifying risks and assessing the likelihood of them happening, as well as the impact they could have, you will need to decide how to treat them. The approach you decide to take is your risk management strategy. This is also sometimes referred to as risk treatment.

There are four main risk management strategies, or risk treatment options:

Risk acceptance

Risk transference, risk avoidance, risk reduction.

Choosing the right one will mean the difference between managing each potential risk effectively or facing serious consequences that could damage your business. Let’s take a closer look at what these four approaches involve and some examples of when you could use them.

Types of risk management strategy

'A risk is accepted with no action taken to mitigate it' is the definition of risk acceptance.

This approach will not reduce the impact of a risk or even prevent it from happening, but that’s not necessarily a bad thing. Sometimes the cost of mitigating risks can exceed the cost of the risk itself, in which case it makes more sense to simply accept the risk. After all, why spend £200,000 to prevent a £20,000 risk?

However, this approach does come with a gamble. You will need to be sure that, if the risk does occur in the future, then you will be able to deal with it when the time comes. Because of this, it is best to accept risks only when the risk has a low chance of occurring or will have minimal impact if it does occur.

Risk transference is defined as: 'A risk transferred via a contract to an external party who will assume the risk on an organisation’s behalf.'

Choosing to transfer a risk does not entirely eradicate it. The risk still exists, only the responsibility for it shifts from your organisation to another.

An example of this would be travel insurance. You don’t accept the risk of a lost suitcase or an accident abroad and the costs that this would bring – you pay a travel insurance company to bear the financial consequences for you.

The same goes for the workplace. You may outsource work – and the risks that come with it - to a contractor. In finance, you may adopt a hedging strategy to protect your assets or investments.

How to choose the best risk management solution

Is it time to improve how your organisation manages risk? Our handy e-book guides you through choosing a risk management solution that can help you face complex challenges head on.

'A risk is eliminated by not taking any action that would mean the risk could occur' – this is risk avoidance.

If you choose this approach, you are aiming to completely eliminate the possibility of the risk occurring. One example of risk avoidance would be with investment. If, after analysing the risks associated with that investment, you deem it too risky, then you simply do not make the investment.

Treating risks by avoiding them should be reserved for risks that would have a major impact on your organisation if they were to occur. However, if you avoid every risk you come up against, you may miss out on positive opportunities. You never know, that investment you decided not to make could have paid off. That is why it’s important to thoroughly analyse risks and make the most informed judgement you can.

Risk reduction is when a risk becomes less severe through actions taken to prevent or minimis e its impact.

Risk reduction is a common strategy when it comes to risk treatment. It is sometimes known as lowering risk. By choosing this approach, you will need to work out the measures or actions you can take that will make risks more manageable.

One example of risk reduction would be within manufacturing and the risk of products being produced to incorrect specifications. Using a quality management system can lower the chance of this happening, so this would be a method of risk reduction. In the finance industry, you may face risks associated with new regulations. Implementing a digital solution to help you manage regulatory requirements can mitigate the risks of non-compliance and would therefore also be an example of risk reduction.

So which management strategy should you choose to handle risk?

As you can probably guess, that depends on the risk. You will need to fully understand each risk your organisation faces so that you can choose the appropriate strategy to treat them – whether that’s through acceptance, transference, avoidance or reduction.

Taking a detailed look at how risk is currently managed in your organisation is a good place to start. Are there areas for improvement? Where do you want to be as opposed to where you are now performance wise? These are some useful starting points to putting in place a suitable risk management strategy that’s going to work for your organisation .

Ensure effective risk management

With our powerful risk solutions, you can shield your organisation against potential threats, safeguard your reputation through seamless risk management processes and remain adaptable to ever-changing industry regulations.

Abbie Glossop

As Digital Content Executive at Ideagen, Abbie is responsible for writing engaging and educational content for Ideagen’s digital channels. With a background in writing and social media, Abbie is committed to understanding the needs of our customers and providing insightful and valuable content that helps them to achieve their objectives.

Search Search Please fill out this field.

What Is Risk Management?

Understanding risk management, good, bad, and necessary risk, risk management example, risk management and psychology, beta and passive risk management, alpha and active risk management, the cost of risk.

Portfolio Management

What Is Risk Management in Finance, and Why Is It Important?

Amanda Bellucco-Chatham is an editor, writer, and fact-checker with years of experience researching personal finance topics. Specialties include general financial planning, career development, lending, retirement, tax preparation, and credit.

Investopedia / Joules Garcia

In the financial world, risk management is the process of identification, analysis , and acceptance or mitigation of uncertainty in investment decisions. Essentially, risk management occurs when an investor or fund manager analyzes and attempts to quantify the potential for losses in an investment, such as a moral hazard , and then takes the appropriate action (or inaction) given the fund's investment objectives and risk tolerance .

Risk is inseparable from return. Every investment involves some degree of risk, which is considered close to zero in the case of a U.S. T-bill or very high for something such as emerging-market equities or real estate in highly inflationary markets. Risk is quantifiable both in absolute and in relative terms. A solid understanding of risk in its different forms can help investors to better understand the opportunities, trade-offs, and costs involved with different investment approaches .

Key Takeaways

What is Risk Management?

Risk management occurs everywhere in the realm of finance. It occurs when an investor buys U.S. Treasury bonds over corporate bonds, when a fund manager hedges his currency exposure with currency derivatives , and when a bank performs a credit check on an individual before issuing a personal line of credit. Stockbrokers use financial instruments like options and futures , and money managers use strategies like portfolio diversification, asset allocation and position sizing to mitigate or effectively manage risk.

Inadequate risk management can result in severe consequences for companies, individuals, and the economy. For example, the subprime mortgage meltdown in 2007 that helped trigger the Great Recession stemmed from bad risk-management decisions, such as lenders who extended mortgages to individuals with poor credit; investment firms who bought, packaged, and resold these mortgages; and funds that invested excessively in the repackaged, but still risky, mortgage-backed securities (MBSs).

We tend to think of "risk" in predominantly negative terms. However, in the investment world, risk is necessary and inseparable from desirable performance.

A common definition of investment risk is a deviation from an expected outcome . We can express this deviation in absolute terms or relative to something else, like a market benchmark .

While that deviation may be positive or negative, investment professionals generally accept the idea that such deviation implies some degree of the intended outcome for your investments. Thus to achieve higher returns one expects to accept the greater risk. It is also a generally accepted idea that increased risk comes in the form of increased volatility. While investment professionals constantly seek—and occasionally find—ways to reduce such volatility, there is no clear agreement among them on how it's best done.

How much volatility an investor should accept depends entirely on the individual investor's tolerance for risk, or in the case of an investment professional, how much tolerance their investment objectives allow. One of the most commonly used absolute risk metrics is standard deviation , a statistical measure of dispersion around a central tendency. You look at the average return of an investment and then find its average standard deviation over the same time period. Normal distributions (the familiar bell-shaped curve) dictate that the expected return of the investment is likely to be one standard deviation from the average 67% of the time and two standard deviations from the average deviation 95% of the time. This helps investors evaluate risk numerically. If they believe that they can tolerate the risk, financially and emotionally, they invest.

For example, during a 15-year period from Aug. 1, 1992, to July 31, 2007, the average annualized total return of the S&P 500 was 10.7%. This number reveals what happened for the whole period, but it does not say what happened along the way. The average standard deviation of the S&P 500 for that same period was 13.5%. This is the difference between the average return and the real return at most given points throughout the 15-year period.

When applying the bell curve model, any given outcome should fall within one standard deviation of the mean about 67% of the time and within two standard deviations about 95% of the time. Thus, an S&P 500 investor could expect the return, at any given point during this period, to be 10.7% plus or minus the standard deviation of 13.5% about 67% of the time; he may also assume a 27% (two standard deviations) increase or decrease 95% of the time. If he can afford the loss, he invests.

While that information may be helpful, it does not fully address an investor's risk concerns. The field of behavioral finance has contributed an important element to the risk equation, demonstrating asymmetry between how people view gains and losses. In the language of prospect theory, an area of behavioral finance introduced by Amos Tversky and Daniel Kahneman in 1979, investors exhibit loss aversion. Tversky and Kahneman documented that investors put roughly twice the weight on the pain associated with a loss than the good feeling associated with a profit.

Often, what investors really want to know is not just how much an asset deviates from its expected outcome, but how bad things look way down on the left-hand tail of the distribution curve. Value at risk (VAR) attempts to provide an answer to this question. The idea behind VAR is to quantify how large a loss on investment could be with a given level of confidence over a defined period. For example, the following statement would be an example of VAR: "With about a 95% level of confidence, the most you stand to lose on this $1,000 investment over a two-year time horizon is $200." The confidence level is a probability statement based on the statistical characteristics of the investment and the shape of its distribution curve.

Of course, even a measure like VAR doesn't guarantee that 5% of the time will be much worse. Spectacular debacles like the one that hit the hedge fund Long-Term Capital Management in 1998 remind us that so-called "outlier events" may occur. In the case of LTCM, the outlier event was the Russian government's default on its outstanding sovereign debt obligations, an event that threatened to bankrupt the hedge fund, which had highly leveraged positions worth over $1 trillion; if it had gone under, it could have collapsed the global financial system. The U.S. government created a $3.65-billion loan fund to cover LTCM's losses, which enabled the firm to survive the market volatility and liquidate in an orderly manner in early 2000.

Another risk measure oriented to behavioral tendencies is a drawdown , which refers to any period during which an asset's return is negative relative to a previous high mark. In measuring drawdown, we attempt to address three things:

For example, in addition to wanting to know whether a mutual fund beat the S&P 500, we also want to know how comparatively risky it was. One measure for this is beta (known as "market risk"), based on the statistical property of covariance . A beta greater than 1 indicates more risk than the market and vice versa.

Beta helps us to understand the concepts of passive and active risk . The graph below shows a time series of returns (each data point labeled "+") for a particular portfolio R(p) versus the market return R(m). The returns are cash-adjusted, so the point at which the x and y-axes intersect is the cash-equivalent return. Drawing a line of best fit through the data points allows us to quantify the passive risk (beta) and the active risk (alpha).

The gradient of the line is its beta. For example, a gradient of 1.0 indicates that for every unit increase of market return, the portfolio return also increases by one unit. A money manager employing a passive management strategy can attempt to increase the portfolio return by taking on more market risk (i.e., a beta greater than 1) or alternatively decrease portfolio risk (and return) by reducing the portfolio beta below one.

If the level of market or systematic risk were the only influencing factor, then a portfolio's return would always be equal to the beta-adjusted market return. Of course, this is not the case: Returns vary because of a number of factors unrelated to market risk. Investment managers who follow an active strategy take on other risks to achieve excess returns over the market's performance. Active strategies include tactics that leverage stock, sector or country selection, fundamental analysis, position sizing, and technical analysis.

Active managers are on the hunt for an alpha, the measure of excess return. In our diagram example above, alpha is the amount of portfolio return not explained by beta, represented as the distance between the intersection of the x and y-axes and the y-axis intercept, which can be positive or negative. In their quest for excess returns, active managers expose investors to alpha risk , the risk that the result of their bets will prove negative rather than positive. For example, a fund manager may think that the energy sector will outperform the S&P 500 and increase her portfolio's weighting in this sector. If unexpected economic developments cause energy stocks to sharply decline, the manager will likely underperform the benchmark, an example of alpha risk.

In general, the more an active fund and its managers shows themselves able to generate alpha, the higher the fees they will tend to charge investors for exposure to those higher-alpha strategies. For a purely passive vehicle like an index fund or an exchange-traded fund (ETF), you're likely to pay one to 10 basis points (bps) in annual management fees, while for a high-octane hedge fund employing complex trading strategies involving high capital commitments and transaction costs, an investor would need to pay 200 basis points in annual fees, plus give back 20% of the profits to the manager.

The difference in pricing between passive and active strategies (or beta risk and alpha risk respectively) encourages many investors to try and separate these risks (e.g. to pay lower fees for the beta risk assumed and concentrate their more expensive exposures to specifically defined alpha opportunities). This is popularly known as portable alpha , the idea that the alpha component of a total return is separate from the beta component.

For example, a fund manager may claim to have an active sector rotation strategy for beating the S&P 500 and show, as evidence, a track record of beating the index by 1.5% on an average annualized basis. To the investor, that 1.5% of excess return is the manager's value, the alpha, and the investor is willing to pay higher fees to obtain it. The rest of the total return, what the S&P 500 itself earned, arguably has nothing to do with the manager's unique ability. Portable alpha strategies use derivatives and other tools to refine how they obtain and pay for the alpha and beta components of their exposure .

Financial Ratios

Hedge Funds

Guide to Mutual Funds

Risk Management

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.

MoSCoW Prioritization

What is moscow prioritization.

MoSCoW prioritization, also known as the MoSCoW method or MoSCoW analysis, is a popular prioritization technique for managing requirements.

The acronym MoSCoW represents four categories of initiatives: must-have, should-have, could-have, and won’t-have, or will not have right now. Some companies also use the “W” in MoSCoW to mean “wish.”

What is the History of the MoSCoW Method?

Software development expert Dai Clegg created the MoSCoW method while working at Oracle. He designed the framework to help his team prioritize tasks during development work on product releases.

You can find a detailed account of using MoSCoW prioritization in the Dynamic System Development Method (DSDM) handbook . But because MoSCoW can prioritize tasks within any time-boxed project, teams have adapted the method for a broad range of uses.

How Does MoSCoW Prioritization Work?

Before running a MoSCoW analysis, a few things need to happen. First, key stakeholders and the product team need to get aligned on objectives and prioritization factors. Then, all participants must agree on which initiatives to prioritize.

At this point, your team should also discuss how they will settle any disagreements in prioritization. If you can establish how to resolve disputes before they come up, you can help prevent those disagreements from holding up progress.

Finally, you’ll also want to reach a consensus on what percentage of resources you’d like to allocate to each category.

With the groundwork complete, you may begin determining which category is most appropriate for each initiative. But, first, let’s further break down each category in the MoSCoW method.

Start prioritizing your roadmap

Moscow prioritization categories.

1. Must-have initiatives

As the name suggests, this category consists of initiatives that are “musts” for your team. They represent non-negotiable needs for the project, product, or release in question. For example, if you’re releasing a healthcare application, a must-have initiative may be security functionalities that help maintain compliance.

The “must-have” category requires the team to complete a mandatory task. If you’re unsure about whether something belongs in this category, ask yourself the following.

If the product won’t work without an initiative, or the release becomes useless without it, the initiative is most likely a “must-have.”

2. Should-have initiatives

Should-have initiatives are just a step below must-haves. They are essential to the product, project, or release, but they are not vital. If left out, the product or project still functions. However, the initiatives may add significant value.

“Should-have” initiatives are different from “must-have” initiatives in that they can get scheduled for a future release without impacting the current one. For example, performance improvements, minor bug fixes, or new functionality may be “should-have” initiatives. Without them, the product still works.

3. Could-have initiatives

Another way of describing “could-have” initiatives is nice-to-haves. “Could-have” initiatives are not necessary to the core function of the product. However, compared with “should-have” initiatives, they have a much smaller impact on the outcome if left out.

So, initiatives placed in the “could-have” category are often the first to be deprioritized if a project in the “should-have” or “must-have” category ends up larger than expected.

4. Will not have (this time)

One benefit of the MoSCoW method is that it places several initiatives in the “will-not-have” category. The category can manage expectations about what the team will not include in a specific release (or another timeframe you’re prioritizing).

Placing initiatives in the “will-not-have” category is one way to help prevent scope creep . If initiatives are in this category, the team knows they are not a priority for this specific time frame.

Some initiatives in the “will-not-have” group will be prioritized in the future, while others are not likely to happen. Some teams decide to differentiate between those by creating a subcategory within this group.

How Can Development Teams Use MoSCoW?

Although Dai Clegg developed the approach to help prioritize tasks around his team’s limited time, the MoSCoW method also works when a development team faces limitations other than time. For example:

Prioritize based on budgetary constraints.

What if a development team’s limiting factor is not a deadline but a tight budget imposed by the company? Working with the product managers, the team can use MoSCoW first to decide on the initiatives that represent must-haves and the should-haves. Then, using the development department’s budget as the guide, the team can figure out which items they can complete.

Prioritize based on the team’s skillsets.

A cross-functional product team might also find itself constrained by the experience and expertise of its developers. If the product roadmap calls for functionality the team does not have the skills to build, this limiting factor will play into scoring those items in their MoSCoW analysis.

Prioritize based on competing needs at the company.

Cross-functional teams can also find themselves constrained by other company priorities. The team wants to make progress on a new product release, but the executive staff has created tight deadlines for further releases in the same timeframe. In this case, the team can use MoSCoW to determine which aspects of their desired release represent must-haves and temporarily backlog everything else.

What Are the Drawbacks of MoSCoW Prioritization?

Although many product and development teams have prioritized MoSCoW, the approach has potential pitfalls. Here are a few examples.

1. An inconsistent scoring process can lead to tasks placed in the wrong categories.

One common criticism against MoSCoW is that it does not include an objective methodology for ranking initiatives against each other. Your team will need to bring this methodology to your analysis. The MoSCoW approach works only to ensure that your team applies a consistent scoring system for all initiatives.

Pro tip: One proven method is weighted scoring, where your team measures each initiative on your backlog against a standard set of cost and benefit criteria. You can use the weighted scoring approach in ProductPlan’s roadmap app .

2. Not including all relevant stakeholders can lead to items placed in the wrong categories.

To know which of your team’s initiatives represent must-haves for your product and which are merely should-haves, you will need as much context as possible.

For example, you might need someone from your sales team to let you know how important (or unimportant) prospective buyers view a proposed new feature.

One pitfall of the MoSCoW method is that you could make poor decisions about where to slot each initiative unless your team receives input from all relevant stakeholders.

3. Team bias for (or against) initiatives can undermine MoSCoW’s effectiveness.

Because MoSCoW does not include an objective scoring method, your team members can fall victim to their own opinions about certain initiatives.

One risk of using MoSCoW prioritization is that a team can mistakenly think MoSCoW itself represents an objective way of measuring the items on their list. They discuss an initiative, agree that it is a “should have,” and move on to the next.

But your team will also need an objective and consistent framework for ranking all initiatives. That is the only way to minimize your team’s biases in favor of items or against them.

For help finding the best scoring methodology for your team, check out ProductPlan’s article: 7 strategies to choose the best features for your product .

2. Seek input from all key stakeholders.

To make sure you’re placing each initiative into the right bucket—must-have, should-have, could-have, or won’t-have—your team needs context.

At the beginning of your MoSCoW method, your team should consider which stakeholders can provide valuable context and insights. Sales? Customer success? The executive staff? Product managers in another area of your business? Include them in your initiative scoring process if you think they can help you see opportunities or threats your team might miss.

3. Share your MoSCoW process across your organization.

MoSCoW gives your team a tangible way to show your organization prioritizing initiatives for your products or projects.

The method can help you build company-wide consensus for your work, or at least help you show stakeholders why you made the decisions you did.

Communicating your team’s prioritization strategy also helps you set expectations across the business. When they see your methodology for choosing one initiative over another, stakeholders in other departments will understand that your team has thought through and weighed all decisions you’ve made.

If any stakeholders have an issue with one of your decisions, they will understand that they can’t simply complain—they’ll need to present you with evidence to alter your course of action.

Prioritizing your roadmap using our guide

Try productplan free for 14 days.

Value and resilience through better risk management

Today’s corporate leaders navigate a complex environment that is changing at an ever-accelerating pace. Digital technology underlies much of the change. Business models are being transformed by new waves of automation, based on robotics and artificial intelligence. Producers and consumers are making faster decisions, with preferences shifting under the influence of social media and trending news. New types of digital companies are exploiting the changes, disrupting traditional market leaders and business models. And as companies digitize more parts of their organization, the danger of cyberattacks and breaches of all kinds grows.

Stay current on your favorite topics

Beyond cyberspace, the risk environment is equally challenging. Regulation enjoys broad popular support in many sectors and regions; where it is tightening, it is putting stresses on profitability. Climate change is affecting operations and consumers and regulators are also making demands for better business conduct in relation to the natural environment. Geopolitical uncertainties alter business conditions and challenge the footprints of multinationals. Corporate reputations are vulnerable to single events, as risks once thought to have a limited probability of occurrence are actually materializing.

The role of the board and senior executives

Risk management at nonfinancial companies has not kept pace with this evolution. For many nonfinancial corporates, risk management remains an underdeveloped and siloed capability in the organization, receiving limited attention from the most senior leaders. From over 1,100 respondents to McKinsey’s Global Board Survey for 2017 , we discovered that risk management remains a relatively low-priority topic at board meetings (exhibit).

A long way to go

Boards spend only 9 percent of their time on risk—slightly less than they did in 2015. Other questions in the survey revealed that only 6 percent of respondents believe that they are effective in managing risk (again, less than in 2015). Some individual risk areas are relatively neglected, and even cybersecurity, a core risk area with increasing importance, is addressed by only 36 percent of boards. While many senior executives stay focused on strategy and performance management, they often fail to challenge capabilities or strategic decisions from a risk perspective (see sidebar, “A long way to go”). A reactive approach to risks remains too common, with action taken only after things go wrong. The result is that boards and senior executives needlessly put their companies at risk, while personally taking on higher legal and reputational liabilities.

Boards have a critical role to play in developing risk-management capabilities at the companies they oversee. First, boards need to ensure that a robust risk-management operating model is in place. Such a model allows companies to understand and prioritize risks, set their risk appetite, and measure their performance against these risks. The model should enable the board and senior executives to work with businesses to eliminate exposures outside the company’s appetite statement, reducing the risk profile where warranted, through such means as quality controls and other operational processes. On strategic opportunities and risk trade-offs, boards should foster explicit discussions and decision making among top management and the businesses. This will enable the efficient deployment of scarce risk resources and the active, coordinated management of risks across the organization. Companies will then be prepared to address and manage emerging crises when risks do materialize.

A sectoral view of risks

Most companies operate in a complex, industry-specific risk environment. They must navigate macroeconomic and geopolitical uncertainties and face risks arising in the areas of strategy, finance, products, operations, and compliance and conduct. In some sectors, companies have developed advanced approaches to managing risks that are specific to their business models. These approaches can sustain significant value. At the same time companies are challenged by emerging types of risks for which they need to develop effective mitigation plans; in their absence, the losses from serious risk events can be crippling.

Toward proactive risk management

An approach based on adherence to minimum regulatory standards and avoidance of financial loss creates risk in itself. In a passive stance, companies cannot shape an optimal risk profile according to their business models nor adequately manage a fast-moving crisis. Eschewing a risk approach comprised of short-term performance initiatives focused on revenue and costs, top performers deem risk management as a strategic asset, which can sustain significant value over the long term. Inherent in the proactive approach are several essential components.

Strategic decision making

More rigorous, debiased strategic decision making can enhance the longer-term resilience of a company’s business model, particularly in volatile markets or externally challenged industries. Research shows that the active, regular reevaluation of resource allocation, based on sound assessments of risk and return trade-offs (such as entering markets where the business model is superior to the competition), creates more value and better shareholder returns. 1 See, for example, Yuval Atsmon, “ How nimble resource allocation can double your company’s value ,” August 2016; William N. Thorndike, Jr., The Outsiders: Eight Unconventional CEOs and Their Radically Rational Blueprint for Success , Boston, MA: Harvard Business Review Press, 2012; Rebecca Darr and Tim Koller, “ How to build an alliance against corporate short-termism ,” January 2017. Flexibility is empowering in a dynamic marketplace. Many companies use hedging strategies to insure against market uncertainties. Airlines, for example, have been known to hedge future exposures to fuel-price fluctuations, a move that can help maintain profitability when prices climb. Likewise, strategic investing, based on a longer-term perspective and a deep understanding of a company’s core proposition, generates more value than opportunistic moves aiming at a short-term bump in the share price.

Debiasing and stress-testing

Approaches that include debiasing and stress-testing help senior executives consider previously overlooked sources of uncertainty to judge whether the company’s risk-bearing capacity can absorb their potential impact. A utility in Germany, for example, improved decision making by taking action to mitigate behavioral biases. As a result, it separated its renewables business from its conventional power-generation operations. In the aftermath of the Fukushima disaster, which sharply raised interest in environmentally friendly power generation, the utility’s move led to a significant positive effect on its share price (15 percent above the industry index).

Higher-quality products and safety standards

Investments in product quality and safety standards can bring significant returns. One form this takes in the energy sector is reduced damage and maintenance costs. At one international energy company, improved safety standards led to a 30 percent reduction in the frequency of hazardous incidents. Auto companies with reputations built on safety can command higher prices for their vehicles, while the better reputation created by higher quality standards in pharma creates obvious advantages. As well as the boost in demand that comes from a reputation for quality, companies can significantly reduce their remediation costs—McKinsey research suggests that pharma companies suffering from quality issues lose annual revenue equal to 4 to 5 percent of cost of goods sold.

Comprehensive operative controls

These can lead to more efficient and effective processes that are less prone to disruption when risks materialize. In the auto sector, companies can ensure stable production and sales by mitigating the risk of supply-chain disruption. Following the 2011 earthquake and tsunami, a leading automaker probed potential supply bottlenecks and took appropriate action. After an earthquake in 2016, the company quickly redirected production of affected parts to other locations, avoiding costly disruptions. In high-tech, companies applying superior supply-chain risk management can achieve lasting cost savings and higher margins. One global computer company addressed these risks with a dedicated program that saved $500 million during its first six years. The program used risk-informed contracts, enabling suppliers to lower the costs and risks of doing business with the company. The measures achieved supply assurance for key components, particularly during market shortages, improved cost predictability for components that have volatile costs, and optimized inventory levels internally and at suppliers.

Stronger ethical and societal standards

To achieve standing among customers, employees, business partners, and the public, companies can apply ethical controls on corporate practices end to end. If appropriately publicized and linked to corporate social responsibility, a program of better ethical standards can achieve significant returns in the form of heightened reputation and brand recognition. Customers, for example, are increasingly willing to pay a premium for products of companies that adhere to tighter standards. Employees too appreciate being associated with more ethical companies, offering a better working environment and contributing to society.

The three dimensions of effective risk management

Ideally, risk management and compliance are addressed as strategic priorities by corporate leadership and day-to-day management. More often the reality is that these areas are delegated to a few people at the corporate center working in isolation from the rest of the business. By contrast, revenue growth or cost savings are deeply embedded in corporate culture, linked explicitly to profit-and-loss (P&L) performance at the company level. Somewhere in the middle are specific control capabilities regarding, for example, product safety, secure IT development and deployment, or financial auditing.

Would you like to learn more about our Risk Practice ?

To change this picture, leadership must commit to building robust, effective risk management. The project is three-dimensional: 1) the risk operating model, consisting of the main risk management processes; 2) a governance and accountability structure around these processes, leading from the business up to the board level; and 3) best-practice crisis preparedness, including a well-articulated response playbook if the worst case materializes.

1. Developing an effective risk operating model

The operating model consists of two layers, an enterprise risk management (ERM) framework and individual frameworks for each type of risk. The ERM framework is used to identify risks across the organization, define the overall risk appetite, and implement the appropriate controls to ensure that the risk appetite is respected. Finally, the overarching framework puts in place a system of timely reporting and corresponding actions on risk to the board and senior management. The risk-specific frameworks address all risks that are being managed. These can be grouped in categories, such as financial, nonfinancial, and strategic. Financial risks, such as liquidity, market, and credit risks, are managed by adhering to appropriate limit structures; nonfinancial risks, by implementing adequate process controls; strategic risks, by challenging key decisions with formalized approaches such as debiasing, scenario analyses, and stress testing. While financial and strategic risks are typically managed according to the risk-return trade-off, for nonfinancial risks, the potential downside is often the key consideration.

Finding the right level of risk appetite

Companies need to find the right level of risk appetite, which helps ensure long-term resilience and performance. Risk appetite that is too relaxed or too restrictive can have severe consequences on company financials, as the following two examples indicate:

Too relaxed. One nuclear energy company set its standards for steel equipment in the 1980s and did not review them even when the regulations changed. When the new higher standards were applied to the manufacture of equipment for nuclear power plants, the company fell short of compliance. An earlier adaptation of its risk appetite and tolerance levels would have been significantly less costly.

Too restrictive. A pharma company set quality tolerances to produce a drug to a significantly stricter level than what was required by regulation. At the beginning of production, tolerance intervals could be fulfilled, but over time, quality could no longer be assured at the initial level. The company was unable to lower standards, as these had been communicated to the regulators. Ultimately, production processes had to be upgraded at a significant cost to maintain the original tolerances.

As well as assessing risk based on likelihood and impact, companies must also assess their ability to respond to emerging risks. Capabilities and capacities needed to manage these risks should be evaluated and gaps filled accordingly. Of particular importance in crisis management is the timeliness of an effective response when things go awry. The highly likely, high-impact risk events on which risk management focuses most of its attention often emerge with disarming velocity, taking many companies unawares. To be effective, the enterprise risk management framework must ensure that the two layers are seamlessly integrated. It does this by providing clarity on risk definitions and appetite as well as controls and reporting.

2. Toward robust risk governance, organization, and culture

The risk operating model must be managed through an effective governance structure and organization with clear accountabilities. The governance model maintains a risk culture that strongly reinforces better risk and compliance management across the three lines of defense—business and operations, the compliance and risk functions, and audit. The approach recognizes the inherent contradiction in the first line between performance (revenue and costs) and risk (losses). The role of the second line is to review and challenge the first line on the effectiveness of its risk processes and controls, while the third line, audit, ensures that the lines one and two are functioning as intended.

An enhanced risk culture covers mind-sets and behaviors across the organization. A shared understanding is fostered of key risks and risk management, with leaders acting as role models.

3. Crisis preparedness and response

A high-performing, effective risk operating model and governance structure, with a well-developed risk culture minimize the probability of corporate crises , without, of course, completely eliminating them. When unexpected crises strike at high velocity, multinational companies can lose billions in value in the first days and soon find themselves struggling to keep their market position. A best-in-class risk management environment provides the ideal conditions for preparation and response.

In a digitized, networked world, with globalized supply chains and complex financial interdependencies, the risk environment has grown more perilous and costly. A holistic approach to risk management, based on the lessons, good and bad, of leading companies and financial institutions, can derive value from that environment. The path to risk resilience that is emerging is an effort, led by the board and senior management, to establish the right risk profile and appetite. Success depends on the support of a thriving risk culture and state-of-the-art crisis preparedness and response. Far from minimal regulatory adherence and loss avoidance, the optimal approach to risk management consists of fundamentally strategic capabilities, deeply embedded across the organization.

Daniela Gius is a senior expert in McKinsey’s Hamburg office, Jean-Christophe Mieszala is a senior partner in the Paris office, Ernestos Panayiotou is a partner in the Athens office, and Thomas Poppensieker is a senior partner in the Munich office.

Aspects of the relationship between Russia and the United States can be conceptualized as a security dilemma. Each side perceives a serious threat from the other and takes countermeasures that further provoke insecurity for the adversary. Bilateral ties have deteriorated as Russia and the United States engage in political and military competition. For Russia, the major threats are America’s advantage in conventional weaponry, NATO expansion, and the threat of regime change in the form of democracy promotion. For the United States, the primary security threats are Russia’s emphasis on nuclear weapons modernization, its attacks on the American system of democratic government, its willingness to violate the sovereignty of neighboring states, its support for rogue actors, and the developing Russian partnership with China. The potential for conflict is greater than at any time in the past three decades, but assuming both states are acting as defensive realists, cooperation remains a possibility.

U.S.-Russian relations after the Cold War showed great promise. Russia had abandoned its empire in Eastern Europe, the country was transitioning toward a market-oriented, democratic system, and Moscow no longer presented a military threat to American security. But over the past 30 years, each period of optimism has been followed by a significant worsening of relations. The warm personal relationship between U.S. President Bill Clinton and Russian President Boris Yeltsin foundered on NATO expansion and the U.S. military intervention in the Balkans. President Vladimir Putin’s initial support for the American campaign against terrorism in 2001 waned after the Bush administration invaded Iraq in 2003. Relations reached a new low with Putin’s 2007 Munich Security Conference speech where he condemned American unilateralism and the hyper-use of force. The Obama administration’s “reset” in U.S.-Russian relations was severely tested by the U.S. intervention in Libya, while Secretary of State Hillary Clinton’s open support for the White Revolution in Russia from 2011 to 2012, Ukraine’s Euromaidan uprising in 2014 and Russia’s subsequent annexation of Crimea, and the U.S. imposition of sanctions all contributed to a downward spiral in relations. By 2016 a social media campaign by Russian trolls to undermine Hillary Clinton’s bid for the White House stoked divisions in the American electorate and may have helped elect Donald Trump president. Regardless of how effective Russian interference was in tipping the race to Trump, Russian officials were obviously elated about Clinton’s defeat — U.S. intelligence intercepts captured audio of Russian celebrations when Trump’s victory was announced. 1

However, Trump’s victory in the election has not led to better relations. If anything, ties between Russia and the United States have worsened, to the point that many observers are referring to a new Cold War. 2 What explains the mutual hostility and suspicion that have characterized U.S.-Russian relations over the past two decades?

Experts have advanced various explanations for the deterioration in U.S.-Russian relations, which may be divided into two broad categories. The first argues that Russia, historically aggressive and imperialistic, has returned to a pattern of confrontation under Putin. The second explanation focuses much of the blame on the United States, citing Washington’s unilateral exercise of unrestrained power following the Cold War and its cavalier disregard of Russian national interests.

While each side bears some responsibility for the poor state of relations, I argue that much of the U.S.-Russian relationship constitutes a security dilemma, in which defensive actions undertaken by one side increase the other’s insecurity. Russia and the United States are arguably defensive realist powers, yet few studies have analyzed the relationship as a security dilemma. The erosion of American hegemony, decline of international institutions, rejection of arms control agreements, and return of great-power rivalry all contribute to heightened uncertainties and increased potential for conflict. In short, the strategic spiral model would seem appropriate to this confrontational dynamic. Each side is fearful of the other’s intentions, neither understands the security imperatives of their rival, and both engage in behavior that undermines the security of the other. Domestic political vulnerabilities contribute to international tensions, while contrasting geopolitical perspectives are a critical contextual factor shaping the security dilemma. These internal vulnerabilities and differing perspectives serve to heighten insecurity, which is then manifested in exaggerated reactions to alliance expansion, a renewed nuclear arms race to overcome missile defenses, and efforts to interfere in the other’s domestic politics. While the Russian Federation is significantly different from the Soviet Union, determinants of great-power interaction remain relevant for understanding the dynamic between the two countries. War is a real possibility, but the two sides may find opportunities for cooperation and manage to avoid military conflict.

I first briefly sketch out the main arguments of the rival explanations for the deterioration in U.S.-Russian relations, then present the case for a security dilemma approach that develops the role of geography, conflicting norms, and insecurity. The next section outlines Russian reactions to U.S. security initiatives, followed by U.S. reactions to Russia’s security initiatives. The subsequent two sections examine how asymmetric geographic positions and alliance politics contribute to the security dilemma. The conclusion evaluates the utility of the security dilemma approach and briefly considers the prospects for improving U.S.-Russian relations.

Assessing Rival Explanations

Blaming Russia for the breakdown in U.S.-Russian relations has been popular among American politicians across the political spectrum — including, the late John McCain, Hillary Clinton, and John Bolton, among others. A number of foreign policy and Russia specialists have also focused on Russian actions as responsible for the downturn. They cite Putin’s confrontational Munich speech of 2007, the Russo-Georgian War of 2008, the Kremlin’s annexation of Crimea and destabilizing involvement in southeastern Ukraine, the Sergei Skripal poisoning, murders of Russian journalists, informational warfare, and interference in the 2016 presidential elections as evidence that Russia is fundamentally revisionist, hostile, and aggressive toward the United States.

Some observers suggest Russian military action in Georgia and Ukraine provide proof that Putin is attempting to reestablish the czarist or Soviet empire. 3 Putin’s 2005 statement that the collapse of the Soviet Union was “a major geopolitical disaster of the century” is taken as an indication that his goal is to reconstitute a Russian empire, or at least restore hegemony over neighboring states. Agnia Grigas argues that Russian foreign policy has increasingly sought to restore influence over the former Soviet space, especially those territories that are home to large numbers of Russian compatriots, in a form of “reimperialization.” 4 Ingmar Oldberg agrees that Russia’s aggressive actions in the Commonwealth of Independent States region, its hostile information offensive against Europe, its domestic militarism, and its ambitions in the Middle East and Arctic are evidence that Russia is a revisionist, not a status quo, power. 5

Other critics are more measured. Michael McFaul, for example, acknowledges the Russian claim that after the Cold War the United States took advantage of Russia’s weakness to expand NATO, bomb Serbia, invade Iraq, and provide assistance to Georgia and Ukraine. But he asserts “it is revisionism to argue that [the United States] did not embrace Moscow’s new leaders.” 6 The United States and its NATO allies, according to this interpretation, provided well-intentioned support for Russia’s transition away from communism, but Putin rejected a Western-dominated liberal order in favor of nationalist authoritarianism at home and revisionist adventurism abroad. Stephen Sestanovich assesses NATO’s expansion as a means to improve stability and advance American influence but dismisses Russian charges that Washington sought to militarize the continent. Dramatic reductions in U.S. and NATO forces deployed in Europe and the significant reductions in defense expenditures, he suggests, refute Moscow’s claims of Western aggressive intentions. 7

If Russia is indeed defensive and simply reacting to perceived threats from the United States and its allies, then we should expect Moscow to react only to U.S. provocations in its perceived sphere of interests and to develop only sufficient military capabilities to deter the United States and its allies. However, this expectation is only partially supported.

If Russia is indeed aggressive and expansionist, then we should expect Moscow to take advantage of most, if not all, opportunities to reestablish Russian hegemony in the former Soviet space and to build up military capabilities in excess of what is necessary to deter the United States and its NATO allies. But as we shall see, Russia has only partially followed this scenario. In policy terms, the United States would in turn respond with a show of military force and work with its allies to impose painful sanctions and condemn Russia in various international forums. This, in essence, is the approach that Washington has been following since 2014.

A second explanation places more of the blame on the United States. Stephen F. Cohen has argued that the media and much of the Washington establishment have demonized Putin and exaggerated the authoritarian aspects of Russia’s political system. 8 Similarly, Dimitri Simes notes that the United States humiliated Russia after the Cold War by treating it as a defeated state, slighting Russia’s national interests while ignoring the context and historical background behind Russian actions. 9 Daniel Deudney and G. John Ikenberry place much of the blame for U.S.-Russian antagonism on ill-considered American policies that rejected the restraint exercised during the late Cold War in favor of a foreign policy that ignored Russian interests. The expansion of NATO, the U.S. withdrawal from the Anti-Ballistic Missile (ABM) Treaty together with the decision to deploy anti-missile systems, and disputes over pipeline routes from the Caspian region all violated the spirit of the Cold War settlement. 10

Arguments that NATO’s eastward expansion and the 1999 intervention in Kosovo threatened Russian security and were responsible for much of the downturn in bilateral relations echo official Russian statements. 11 John Mearsheimer, a leading realist scholar of international relations, suggests the Ukraine crisis is the West’s fault: Any great power, faced with the expansion of a military bloc toward its borders, would react as Russia did. 12 As early as the mid-1990s, Michael Brown warned that admitting Eastern European nations to the alliance would be counterproductive, boosting radical nationalists and opportunists in Russia who would undermine chances for democracy and push the country toward more aggressive policies. 13 George Kennan, the father of containment, described NATO expansion as a “tragic mistake” and the “beginning of a new cold war.” 14

Drawing on newly released archival materials, recent scholarship finds that NATO enlargement in the Clinton administration, while facilitated by Russian “missteps” (including extensive corruption and the first Chechen War), resulted more from pressure by the Central and Eastern European states and “above all” from the 1994 Republican midterm electoral victory than any military imperative. 15 Joshua Shifrinson demonstrates that during the German reunification negotiations the United States repeatedly offered Russia informal assurances NATO would not expand into Eastern Europe and then exploited Russian weakness to do just that. 16

If Russia is indeed defensive and simply reacting to perceived threats from the United States and its allies, then we should expect Moscow to react only to U.S. provocations in its perceived sphere of interests and to develop only sufficient military capabilities to deter the United States and its allies. However, this expectation is only partially supported. The logical implications of this perspective are that a more nuanced approach acknowledging Russia as a great power with valid security concerns, especially in the former Soviet space, would ease tensions. Russian pride and honor make Kremlin leaders acutely sensitive to American actions that constrain its international status, while Washington’s anti-Russia lobby promotes fear of Russia far out of proportion to any objective threat. 17

The Security Dilemma Argument

Realism holds uncertainty to be a fundamental condition of the international system, a condition that, contrary to the expectations of global optimists, was not resolved with the end of the Cold War. This uncertainty and attempts by states to alleviate threats through various measures lead to the security dilemma. 18 Decision-makers can never fully understand the plans and intentions of the other side (the “other minds” problem), nor can they predict how weapons might be used against them, since few weapons systems are purely offensive or defensive. Each state, in enhancing its power, increases the insecurity of its rival. 19 A security dilemma interpretation of Russian-American relations is not solely an argument for a “blame-free” analysis, and it does not enlighten every facet of the relationship, but it does direct our attention toward distinct perceptual variables that shape policy. As Robert Jervis observed, psychological factors play a major role in the security dilemma, with perceptions and misperceptions contributing to a spiral of mutual hostility potentially leading to war. 20 States may develop hostile images of each other, which was clearly evident throughout the Cold War and has been the case over the past decade or more of Russian-American relations. 21 Under these conditions, a power imbalance on one side fuels insecurity on the other. Arms buildups and modernization programs are interpreted as aggressive rather than defensive behavior, while similar behavior on the part of the self is held to be benign. 22

The complexity of Russian-American ties leads both sides to misread each other’s intentions and overreact to potential threats. Relations have been described as a “wicked problem” — that is, an extremely complex situation comparable to the period before World War I that could easily spiral into conflict. 23 Russian and American leaders, and publics, have powerful perceptions and beliefs that are fundamentally different. Russian political elites believe that “the purpose of U.S. policy is to cause damage to Russia,” and that Washington pursues this policy through NATO expansion, promoting color revolutions, conducting information campaigns, deploying troops in Eastern Europe, and imposing economic sanctions. 24 As Andrej Krickovic has argued, Russia’s internal vulnerabilities — weak institutional legitimacy, national identity issues, and contested borders — constitute a domestic dimension of the security dilemma. Authoritarian leaders fear destabilization by hostile democratic powers and affiliated nongovernmental organizations promoting change. These domestic insecurities lead to aggressive behaviors that generate fears in Washington about Russian intentions, which then lead to countermeasures. 25

American officials, for their part, tend to discount or simply do not recognize the threat that democracy promotion and human rights advocacy pose to authoritarian elites. Russia can justify destabilization measures against Ukraine, the Baltic states, and other post-Soviet states, together with cyber attacks and the development of new weapons systems, as defensive measures in response to U.S. policies, but in Washington they are perceived as offensive actions threatening American interests. Leaders in Congress and the executive branch point to Russian meddling in elections, Moscow’s nuclear modernization programs, the annexation of Crimea and stoking civil war in Ukraine, support for rogue regimes in Syria and Venezuela, alignment with China, and the poisoning of Kremlin opponents in the West. Washington’s response is to attempt to change Russian behavior largely through economic sanctions, which allow the regime to blame the West for Russia’s economic troubles and stoke nationalism. Sanctions increase distrust of the United States and support Putin’s anti-Western narrative but ultimately have failed to alter Russian behavior. 26

Shiping Tang’s analysis of the security dilemma provides a useful framework for analyzing the U.S.-Russian relationship. Of the eight “aspects” he identifies, three are central: “anarchy (which leads to uncertainty, fear, and the need for self-help for survival or security), a lack of malign intentions on both sides, and some accumulation of power (including offensive capabilities).” 27 Tang argues that a security dilemma exists only within the framework of defensive realism, based on the assumption that neither side has malign intentions, but that each is merely seeking to enhance security through various means. From this position, states have conflicts of interest that may be reconcilable or irreconcilable and may be objective or subjective. Tang singles out seven material regulators of the security dilemma: “geography, polarity, military technology (that is, the objective offense-defense balance) … the distinguishability of offensive and defensive weapons … asymmetric power, external actors (allies), and concentration or mixing of ethnic groups.” 28

While it may be debatable that neither the United States nor Russia has malign intentions (a necessity for the security dilemma to operate), it is certainly the case that each side reads hostile intent into the other’s actions.

Historically, Russia’s geographic vulnerability has made establishing buffer zones critical to national security. Erosion of the buffer, as in NATO expansion eastward, is viewed by the Kremlin as a threat to vital security interests and may result in attempts to reestablish a more secure perimeter (as in Ukraine). Regarding the second regulator — polarity — Moscow has criticized the unipolar post-Cold War order as destabilizing and a threat to Russian interests. Russia’s “drifting authoritarianism” and domestic problems, however, prevent reaching a bargain with its adversaries on a new, more favorable international order. 29 Third, Russia is counting on recent advances in military technology to offset perceived American superiority in conventional and offensive weaponry.

Fourth, the two sides are fundamentally at odds over whether the European ballistic missile system is defensive (the U.S. and NATO position) or offensive (the Russian claim). Russian insecurity derives from American and NATO superiority in conventional weaponry, which has led Moscow to stress its nuclear and retaliatory capabilities, thereby fueling Western insecurity. Fifth, the United States wields asymmetrical advantage through the NATO alliance. Russia has attempted to compensate for its relatively isolated position with the Collective Security Treaty Organization and the Eurasian Economic Union, but neither of these constitutes a security alliance comparable to NATO. Finally, the ethnic dimension has factored into Russian aggression against Ukraine and the frozen conflicts in Moldova and Georgia. Defense of Russian compatriots could be used against NATO member states Estonia and Latvia, heightening insecurity among Washington’s NATO allies.

While all seven regulators of the security dilemma are relevant to U.S.-Russian relations, geography and fundamentally contrasting geopolitical perceptions are critical and influence each nation’s security beliefs and commitments. 30 Historically, Russian security has been shaped by its vulnerability to invasion, resulting in centuries of expansion and the creation of buffer zones to slow or deter aggressors. 31 Geographically, the United States has a defensive advantage comparable to that of an island nation, though treaty commitments to NATO and defense of liberal international norms have created an American perception of pervasive threats beyond the North American continent.

Russian and American leaders each believe the other side holds malign intentions and has acted aggressively (that is, attempting to change the status quo). But is that really the case? Ascertaining malign intent is no easy task. The most visible evidence comes from states’ military doctrines and capabilities, though it is almost always debatable whether weapons are primarily offensive or defensive. Perceptions of necessity are predicated on the worst-case scenario, to ensure against potentially catastrophic threats. Other indications of offensive intent may be the forcible acquisition of territory, forming coalitions, or arms buildups. 32 In the context of anarchy and mutual mistrust, perception is more salient than objective reality.

The security dilemma does not come into play when one or both states act offensively and seek to change the status quo, but as Jervis has observed, “Few states are completely satisfied with the status quo.” 33 To treat satisfaction or dissatisfaction with the status quo as a dichotomous variable obscures a range of motives. Hitler’s revisionism in attempting to conquer Europe was quite different from Putin’s revisionism to regain control of Crimea and destabilize Ukraine. Moves perceived by one side as offensive, such as controlling buffer territories or engaging in provocative actions, may be viewed by the other actor as defensive. Jervis notes that Soviet forces were arrayed in an offensive posture in Europe, but the motive was to enhance security rather than initiate a war. He concludes that while the East-West conflict was essentially a clash of social systems, it did contain elements of the security dilemma.

After the Cold War ended, both Russia and the United States, following an initial period of uncertainty and confusion, sought to revise the European security order. 34 In this context, though, it would have been difficult for either actor to favor the status quo. The entire continent was in flux, and the long-term outcome of this transformation was in doubt. Deep ideological divisions no longer existed between the United States and Russia, however, and national interests moved to the fore in official calculations. Revisionism for a hegemonic United States meant expanding and consolidating liberal democratic and market economy gains resulting from the collapse of communism, a goal that encouraged NATO expansion. Revisionism for a severely weakened Moscow consisted of reestablishing spheres of interest befitting a great power along Russia’s periphery and securing recognition as Washington’s coequal in European affairs. Neither side may have been acting from offensive motives, but responses by each to this new and uncertain security environment in some instances led to a security dilemma spiral of mistrust.

There is some evidence that Russia is motivated by revisionist, even imperialist, goals and seeks to expand territorially beyond the gains already made in Ukraine and Georgia. There is also considerable evidence that Moscow is acting defensively and has simply exploited a limited number of opportunities to strengthen its position along the periphery. Russian history may be employed to support the claim for imperial expansion, or it may be used to justify Moscow’s preoccupation with threats from Europe and the need for buffer zones. 35

If the security dilemma approach has explanatory value, then we should observe frequent tit-for-tat responses on both sides to perceived threatening moves by the other. Russia and the United States have objective conflicts of interest, but mutual hostility in recent years has expanded the number of both real and perceived (that is, subjective) disputes and has minimized the number of shared interests. If subjective conflicts of interest are perceived as irreconcilable, the potential for conflict is likely, albeit avoidable. 36 While it may be debatable that neither the United States nor Russia has malign intentions (a necessity for the security dilemma to operate), it is certainly the case that each side reads hostile intent into the other’s actions. The following sections attempt to sort out the central perceptions on both sides shaping the security dilemma, recognizing that it is extremely difficult to assess intentions accurately.

U.S. Security Initiatives and Russian Reactions

Since the end of the Cold War, the United States has engaged in a number of actions that, from Moscow’s perspective, could be considered militarily offensive and not benign. These include NATO expansion, installing ballistic missile defenses in Europe, invading Iraq, supporting color revolutions, and abrogating the ABM Treaty. According to Russian Chief of General Staff Valerii Gerasimov, aggressive U.S. foreign policy strategies combine global military operations and the concept of “multi-sphere battle,” including democracy-promotion programs, American soft power, and Defense Department support for grassroots movements, using the “protest potential” of “fifth columns” to destabilize unfriendly states. 37 U.S. ballistic missile defenses in Europe have proved particularly contentious.

Congressional opposition to the ABM Treaty emerged late in the 1990s, as Republicans pressured the Clinton administration to develop national missile defense systems to counter the threat from rogue states, specifically North Korea and Iraq. Clinton attempted to negotiate an agreement acceptable to the Kremlin, which was adamantly opposed to an American national missile defense system, but Republican senators dismissed the president’s efforts to reassure Russia as jeopardizing U.S. security. 38 Congress overwhelmingly passed, and the president signed, a National Missile Defense Act in July 1999. George W. Bush entered office determined to evade the constraints of the ABM Treaty in order to defend against rogue states and terrorists and in December 2001 gave Moscow formal notice of his intention to withdraw from the treaty. 39 At that time, Putin asserted the decision to dissolve the treaty was a “mistake” but not one that threatened Russia’s national security. In response, however, the Russian government pulled out of the Strategic Arms Reduction Treaty (START II) one day after the United States formally withdrew from the ABM Treaty. 40

Since the end of the Cold War, the United States has engaged in a number of actions that, from Moscow’s perspective, could be considered militarily offensive and not benign. These include NATO expansion, installing ballistic missile defenses in Europe, invading Iraq, supporting color revolutions, and abrogating the ABM Treaty.

The Bush administration’s unilateral withdrawal from the ABM Treaty in 2002 and American plans to deploy ground-based missile defense systems in Alaska, California, and Eastern Europe to counter Iranian missiles coincided with demonstrations of American conventional superiority in Afghanistan and Iraq and increased tensions with Russia. However, U.S. efforts at developing missile defense systems and modernization of nuclear weapons systems proceeded slowly. The Obama administration replaced the Bush plan with a more flexible version of this system — the European Phased Adaptive Approach — which is now some four years behind schedule. Although the new system likely would be ineffective against either Russian intercontinental ballistic missiles or cruise missiles on submarine platforms, Putin has asserted the sites could be used for NATO cruise missile attacks against Russia. 41

American withdrawal from the ABM Treaty was perceived as destabilizing by Moscow because it put Russia’s nuclear deterrent at risk. In his memoirs, Robert Gates recounts that U.S.-Russian relations during the George W. Bush administration were dominated by the missile defense question, along with Washington’s efforts to secure NATO membership for Ukraine and Georgia and the Russo-Georgian War. The American goal was primarily to address the evolving threat of Iranian short- and medium-range missiles. The Eastern European allies, most notably Poland, focused on the threat from Russia and sought U.S. security guarantees. Although the European Phased Adaptive Approach generated a storm of controversy among conservative opponents of the Obama administration, it did little to allay Russian concerns. 42

Russia’s early efforts to develop maneuverable reentry vehicles to counteract anti-ballistic missile systems date to 1997 and 1998, with the first test conducted in 2004. 43 These Russian programs were possibly a response to the intensifying debate in Washington on developing an anti-ballistic missile system, and, if so, reflect a security dilemma logic. Putin referred to America’s development of an anti-ballistic missile complex as “the most important defense issue” in his March 2018 speech to the Russian Federal Assembly. Earlier, Putin had called U.S. withdrawal from the ABM Treaty simply a mistake. Now he claimed the United States was intent on taking advantage of Russian military weakness after the breakup of the Soviet Union. Putin also stated that Russian strategists were “greatly concerned” about the revised U.S. Nuclear Posture Review , specifically the provisions for lowering the threshold for use of nuclear weapons against a conventional or cyber attack. 44

The threat to Russia from American missile defense systems and nuclear modernization programs is the potential for strategic instability. Russian officials and military analysts assert that the European anti-ballistic missile systems will not be limited and will not be utilized solely against Iran as claimed. Taken together with the systems in South Korea and the western United States, Russia’s retaliatory capability would be impacted, forcing Moscow to respond by enhancing its capability to overwhelm U.S. defensive systems. 45 Russian conventional capabilities have improved in recent years, but the provisions in Russian military doctrine suggesting a nuclear response could be employed if the very existence of the state is at risk illustrates Russia’s continuing conventional weakness. 46 However, while Russian leaders vehemently reject the possibility that their nuclear posture might constitute an offensive threat, this “defensive” nuclear posture is perceived by U.S. and NATO security officials as “destabilizing and dangerous.” 47

Putin, Foreign Minister Sergey Lavrov, and other Russian officials have frequently cited NATO expansion as another major threat to the country’s security. However, as Kimberly Marten has pointed out, Foreign Minister Yevgeny Primakov signed the NATO-Russia Founding Act the same year the Visegrad states were admitted to NATO (1997). 48 Russian policy toward the vulnerable enclave of Kaliningrad also suggests that Moscow was more concerned with the Baltic states’ accession to the European Union rather than NATO enlargement. Cooperative rhetoric (Kaliningrad as a “bridge”) only shifted toward more confrontational discourse (Kaliningrad as a “fortress”) between 2002 and 2004, coincident with the color revolutions and U.S. invasion of Iraq. 49 Reinforcing this timeline, attitudinal research conducted in 2001 found that while 53 percent of Russian elites held NATO expansion eastward to be a threat to national security, only 36 percent thought it was important for Russia to prevent NATO enlargement. 50

By the mid-2000s the discourse had shifted to NATO as an enemy, not a partner. In his 2007 speech to the NATO security conference, Putin asserted that NATO expansion was “a serious provocation that reduces the level of mutual trust.” He condemned NATO members’ refusal to ratify the Adapted Treaty on Conventional Armed Forces in Europe and the positioning of American frontline forces on Russian borders. 51 Russia’s 2010 and 2014 military doctrines identified NATO’s military buildup and the expansion of the alliance toward Russian borders as the main external military threat to the Russian Federation. 52

The enlargement of NATO, together with the European Union’s absorption of most Eastern European countries, weakened Moscow’s position in Europe by promoting stronger, democratic states allied with the West. Weak and dysfunctional states along Russia’s periphery — those mired in territorial disputes or frozen conflicts — provide opportunities for Russia to exert influence. The dramatic decrease in U.S. troops stationed in Europe and the deterioration of European defense capabilities in the two decades after the end of the Cold War contradict Putin’s claims of an arms race directed against Russia. Nonetheless, U.S. leaders failed to appreciate how NATO expansion was perceived in the Kremlin as a genuine security threat that required a more assertive posture along Russian borders. 53

In place of the Obama administration’s emphasis on international institutions and alliance structures, the Trump administration adopted a strategy of dramatically increasing military expenditures and pressuring allies to assume more of the burden for their own defense. The 2017 National Security Strategy claims engagement policies pursued over the past two decades — policies that sought to enmesh great-power rivals in a web of political institutions and commercial arrangements — failed to advance U.S. goals. The strategy identifies a return to great-power politics as the major security challenge for the United States. 54 Russia, China, rogue states Iran and North Korea, and terrorism are identified as key threats to American power, interests, and influence globally:

China and Russia challenge American power, influence, and interests, attempting to erode American security and prosperity. They are determined to make economies less free and less fair, to grow their militaries, and to control information and data to repress their societies and expand their influence. 55

Russia’s Ministry of Foreign Affairs described the 2017 U.S. security strategy as confrontational, noting the “anti-Russia proclamations scattered throughout the text” and a vision of international relations as adversarial rather than cooperative. The strategy’s goals included preserving American dominance and preventing Russia (and China) from becoming major powers and was not that different from previous policies. 56 In his response to the strategy document’s publication, presidential spokesman Dmitry Peskov denied Russia was a threat to U.S. security and cited prospects for cooperation on terrorism. Head of the Duma international affairs committee Leonid Slutsky condemned the document as demonizing Russia and essentially continuing Barack Obama’s efforts at preserving a unipolar world order. 57

The 2018 National Defense Strategy , another key document released by the Trump administration, identifies long-term strategic competition with Russia and China as “principal priorities” for the Department of Defense:

Russia seeks veto authority over nations on its periphery in terms of their governmental, economic, and diplomatic decisions, to shatter the North Atlantic Treaty Organization and change European and Middle East security and economic structures to its favor. … China and Russia are now undermining the international order from within the system by exploiting its benefits while simultaneously undercutting its principles and “rules of the road.” 58

In acknowledging that all domains (land, sea, air, space, and cyberspace) are now contested, Washington echoes Moscow’s view that the world is increasingly multipolar and confirms Russian claims that American primacy is slipping. By identifying Russia as a key threat to the United States and a major player in world politics, while abandoning the discourse of global liberalism, the strategy document accords well with Moscow’s perception of 21st-century international politics. 59

To cope with a perceived Russian threat, the United States under the Trump administration is continuing and expanding the Obama administration’s European Deterrence Initiative, rotating forces through Poland and the Baltic states, completing the European ballistic missile defense system, ramping up NATO military exercises, and modernizing the U.S. nuclear arsenal. Though ostensibly defensive in nature, these actions have been portrayed as threatening to Russia by Kremlin leaders. 60 Trust and communication between the two sides are at their lowest level since the end of the Cold War, compounding the problem. Russia claims the United States has demonstrated its aggressive intentions by abrogating key treaties, expanding NATO eastward in violation of its promises, and adopting confrontational (that is, offensive) security postures. The United States responds that its actions are benign and pose no real threat to Russia.

Russian Security Initiatives and U.S. Reactions

Russia’s nuclear and conventional modernization programs and aggressive informational warfare against the West, combined with Putin’s belligerent rhetoric, have generated unease in the United States and Europe. The Russian military is undertaking an extensive modernization of all three legs of the strategic triad: land-based missiles, strategic submarines, and long-distance bombers. However, the argument that this portends a new, threatening form of Russian aggression or is the outcome of bureaucratic politics is not persuasive. Nuclear modernization is designed to ensure Russia’s second-strike nuclear capability, compensate for conventional weakness, and counter the potential for a U.S. missile defense system to undermine Russia’s nuclear deterrent. 61 Rather than change Russian behavior, U.S. reactions have worsened the conditions of the security dilemma.

In his 2018 state of the nation address, Putin asserted that the ABM and New START treaties reduced the likelihood of resorting to nuclear weapons by preserving mutual vulnerability and providing a foundation for trust in the international system. Putin noted that Russia tried to reengage the United States and Europe in discussions about constraining anti-ballistic missile systems and halting NATO’s advance eastward, but without much success: “Nobody wanted to listen to us.” After detailing the modernization of Russia’s conventional and nuclear forces, Putin explained how Russia was expanding and upgrading its forces to counter American anti-ballistic missile systems deployed in Alaska, California, Eastern Europe, South Korea, and Japan, as well as on five cruisers and 30 destroyers close to Russian borders. 62

Russia’s nuclear and conventional modernization programs and aggressive informational warfare against the West, combined with Putin’s belligerent rhetoric, have generated unease in the United States and Europe.

Kremlin leaders have dismissed U.S. assurances that American anti-ballistic missile systems are designed to counter rogue states, insisting their emplacement will devalue Russia’s nuclear deterrent potential. To overwhelm U.S. defenses, Russia is developing a new generation of missiles, including the heavy intercontinental ballistic missile Sarmat, which is more difficult to intercept than the Soviet Voevoda system it was designed to replace. Russia’s defense industry is also developing new types of global-range cruise missiles and unmanned underwater vehicles that do not use ballistic trajectories and so are less likely to be intercepted. In his presentation to the Federal Assembly, Putin showed a much-publicized video of the new Sarmat missile launching multiple nuclear warheads at Florida, to enthusiastic applause from the audience. Putin also identified the hypersonic missile systems Kinzhal and Avangard, new laser weapons, the Burevestnik nuclear-powered cruise missile, and glide wing aircraft as additions to Russia’s strategic inventory. 63

Russia insists these new weapons systems are only for deterrence. Hypersonic cruise missiles and glide vehicles are designed to evade anti-ballistic missile systems and theoretically should preserve the deterrent capability of Russian nuclear systems. However, hypersonic vehicles can be destabilizing since they dramatically reduce the response time after a launch is detected. 64 Moreover, hypersonic vehicles can be used in an offensive capacity and can be fitted either with conventional or nuclear warheads. Russia’s deterrence strategy is more expansive than that of the United States, containing both defensive and offensive elements and employing nuclear and non-nuclear weapons, together with other military and non-military instruments, in an integrated, broad-spectrum strategy. 65 Moscow’s nuclear programs are designed to counter American and NATO superiority in conventional weaponry and reflect a fear of U.S. technological capabilities. As noted earlier, Russia’s military doctrine reserves the right to utilize nuclear weapons in the event of conventional attack against Russia when the existence of the state is threatened. Similarly, in his remarks to the 2018 Valdai Club, Putin emphasized that Russian strategic nuclear doctrine did not call for a preemptive strike, but rather a “launch on warning” posture. Russia has advanced early warning systems, Putin averred, that would allow for an immediate counterattack in the event of aggression. 66

Putin has also averred that, should nuclear war break out, Russians would pursue it and would go to heaven as martyrs. The Western aggressors, by contrast, would simply perish. Putin’s introduction of a messianic element into a discussion of nuclear warfare reflects a perspective that two central elements of Russian statehood are nuclear weapons and Russian Orthodoxy, combining raw power and moral righteousness. 67 Rejecting Western social permissiveness and moral decay, Russia has become the new bastion of Christian conservatism, or in historical terms, the Third Rome. 68 By fomenting a Eurasian ideological messianism to counter America’s liberal messianism, Putin’s rhetoric heightens tensions and contributes to a greater likelihood of conflict.

These uncertainties have contributed to an American response in kind, a classic problem of the security dilemma. In response to Russia’s development of hypersonic vehicles, the Defense Advanced Research Projects Agency successfully lobbied for major increases in U.S. funding for hypersonic weapons. 69 The U.S. Air Force accelerated its hypersonic programs in mid-2018, awarding contracts to Lockheed Martin for the Air-Launched Rapid Response Weapon and the Hypersonic Conventional Strike Weapon. In addition, the Department of Defense is developing hypersonic boost glide technology. 70 Overall, the Defense Department requested $2.6 billion for all hypersonic-related research in fiscal year 2020, though the United States is not expected to field an operational system before 2022. 71

Shorter-range, “tactical” nuclear weapons are an integral part of Russia’s nuclear inventory and are critical to offsetting U.S. and NATO conventional superiority. The Department of Defense’s 2018 Nuclear Posture Review recognized that nuclear weapons served as a deterrent in Russian strategy, but asserted that

Russia may also rely on threats of limited nuclear first use, or actual first use, to coerce us, our allies, and partners into terminating a conflict on terms favorable to Russia. Moscow apparently believes that the United States is unwilling to respond to Russian employment of tactical nuclear weapons with strategic nuclear weapons. 72

Experts on Russian nuclear doctrine, however, are divided on whether Moscow has lowered its nuclear threshold (the supposed “escalate to deescalate” concept), though most acknowledge reliance on nuclear weaponry is likely to decline with conventional modernization. For example, Katarzyna Zysk argues that while Russia’s “defensive” doctrine provides for an increasing role for non-nuclear deterrence, non-strategic nuclear weapons could be used to deescalate tensions. 73 Michael Kofman agrees: “From the outset, Moscow is resolved to the prospect of employing non-strategic nuclear weapons should it find itself on the losing side of a war.” 74 Kristin Ven Bruusgaard, in contrast, finds no evidence for an escalate-to-deescalate concept in Russian nuclear doctrine. 75

While the United States has far fewer tactical nuclear weapons than does Russia, the Joint Chiefs of Staff in 2019 accidently released (and then rescinded) a nuclear operations document that asserted that “using nuclear weapons could create conditions for decisive results and the restoration of strategic stability” during ground operations. As the document noted, “A nuclear weapon could be brought into the campaign as a result of perceived failure in a conventional campaign, potential loss of control or regime, or to escalate the conflict to sue for peace on more-favorable terms.” 76 This position effectively mirrors the supposed escalate to deescalate doctrine frequently attributed to Russia. Renewed emphasis by both sides on the possible use of tactical nuclear weapons to fight and win a nuclear war erodes trust and contributes to the downward spiral. 77

Uncertainty generated by such actions heightens mistrust in the Kremlin and among Russian military strategists. The Trump administration’s Nuclear Posture Review has been described by Western experts as confusing, ambiguous, and blurring the line between nuclear and non-nuclear war, 78 so it is not surprising that Russian policymakers would regard U.S. intentions with suspicion and alarm. Russia’s reaction to the 2018 Nuclear Posture Review rejected the idea that Moscow was responsible for lowering the threshold for the use of nuclear weapons. Russian planners are “deeply concerned” about apparent U.S. willingness to use nuclear weapons in ambiguous situations, including use of low-yield nuclear warheads and American modernization of its strategic arsenal. The Foreign Ministry criticized the “anti-Russian” and confrontational aspects of the Nuclear Posture Review and asserted that Russia had honored all its international treaty obligations, including the Intermediate-Range Nuclear Forces (INF) Treaty, the Budapest Memorandum, and the Open Skies Treaty. 79

NATO had repeatedly raised concerns about Russia’s violation of the INF Treaty based on its development of the 9M729 cruise missile. 80 Trump and his advisers repeated the Obama administration’s claim that Russia was in violation of the treaty’s provisions and expressed concern that China’s intermediate-range ballistic missile deployments in the Western Pacific were not covered by the agreement. 81 In response, Kremlin spokesman Dmitry Peskov said U.S. withdrawal would make the world more dangerous and would necessitate counter-balancing on Russia’s part. 82 During his October 2018 visit to Moscow, national security adviser John Bolton denied allegations that the United States was attempting to blackmail Russia over intermediate-range missiles. After meeting with Bolton, Putin threatened to take countermeasures were the United States to leave the INF Treaty and stated that any European nations hosting intermediate-range ballistic missiles would be targeted for possible retaliatory attacks. 83

Russia has long been dissatisfied with the INF Treaty, seeing it as disadvantageous to Russia and benefiting NATO, since Russia was not allowed to field a ground-launched capability to counter weapons systems that neighboring states were developing. 84 Putin and then-Defense Minister Sergei Ivanov threatened in 2007 to withdraw from the INF Treaty unless other countries were brought into the agreement and reportedly began searching for ways out of the treaty as early as 2008. 85 Russia also developed its intermediate-range capabilities by deploying the Kalibr sea-launched land-attack cruise missile starting in 2015. The missile was used later that year against the opposition in Syria’s civil war, a likely signal to Washington, and in 2019 Russian news agency TASS reported that a land-based version of the missile might be deployed in response to the Trump administration’s withdrawal from the INF Treaty. 86

A number of Russia’s neighbors, including China, have deployed intermediate-range ballistic missiles that could threaten Russia, but Russia could not deploy land-based systems to counter these without being in violation of the treaty. Russia’s close strategic partnership with China makes it difficult for Moscow to cooperate with the United States to pressure Beijing into joining the INF Treaty, and Beijing has flatly refused to participate in negotiations over intermediate-range missiles. The Kremlin made no real effort to address NATO concerns about Russian treaty violations, and in August 2019 the United States and Russia formally withdrew from the treaty.

The United States finds evidence Russia is behaving offensively in violating the INF Treaty, developing destabilizing weapons systems, and advancing a risky nuclear doctrine, along with aggressive positions toward neighboring states and military support for the brutal Syrian regime. From Washington’s perspective, the United States is merely responding to Russia’s confrontational policies and bears little responsibility for Russian actions.

Geography and Vulnerability

Russia and the United States have distinct perspectives on security vulnerability arising from their fundamentally different geographic positions. The United States, through its history, has been isolated by water and borders on weak, largely friendly states. Russia is a continental power vulnerable to land attack and in the past has suffered tremendous devastation from large, powerful neighbors. Russia has indeed adopted aggressive policies toward many of the newly independent countries, but this confrontational posture may be partly defensive, based on a historical perception that spheres of influence and buffer zones are critical to defend the country’s extensive borders and partly motivated by great-power aspirations. 87 The expansion of NATO frustrated expectations that the Eastern European states would serve as a neutral zone between Russia and the United States and its allies.

From its great-power perspective, Russia views the former Soviet republics as its “sphere of privileged interests,” to use Dmitri Medvedev’s term. According to Dmitry Trenin, “the former imperial borderlands of Russia are deemed to be both elements of its power center and a cushion to protect Russia itself from undesirable encroachments by other great powers.” 88 Ukraine, Belarus, and the Baltic states are central to Russian security vis-à-vis Europe. Three are members of NATO, one is aligned with Moscow (albeit tentatively), while the last and most important, Ukraine, has been at the center of tensions with Europe and the United States. A neutral Ukraine serving as a buffer state might be acceptable to Moscow, but instead the West has used economic incentives, political support, and possible membership in NATO to encourage Kyiv to align with the United States and Europe. 89 Following security dilemma logic, Moscow moved quickly in 2014 to reverse the loss of Crimea, destabilize Ukraine, and preempt the possible consolidation of U.S. and E.U. influence in that key state.

Most policymakers in Washington fail to understand the seriousness with which Moscow views NATO enlargement, and specifically the possibility of Ukraine’s admission to the alliance, since the United States has never faced similar land-based challenges to its security.

Russia’s military actions in Ukraine, Georgia, and elsewhere along its borders may be interpreted as imperialist — seeking to recreate a version of the Soviet empire. More persuasive is the argument that Moscow has limited security goals focused on influencing states along its periphery. 90 The Kremlin has not taken advantage of every opportunity to restore influence in the former republics — when Kyrgyzstan’s government asked Russia to send peacekeeping troops to stabilize the Osh region during the 2010 ethnic riots, for example, Moscow demurred. 91 Presumably, the costs of becoming involved in a bitter domestic conflict where the lives of Russian compatriots were not at issue outweighed the benefits.

Most policymakers in Washington fail to understand the seriousness with which Moscow views NATO enlargement, and specifically the possibility of Ukraine’s admission to the alliance, since the United States has never faced similar land-based challenges to its security. 92 It is debatable how significant an American-influenced Ukraine would be as a security threat to Russia, but it is worth noting that the Kremlin pulled out all the stops to mobilize public opinion against the United States. As the Ukraine conflict developed between 2013 and 2014, the Russian government directed state-controlled television channels, from which Russians get the bulk of their news, to frame the situation as an American conspiracy against their country. 93

Modernizing Russia’s military capabilities in the European theater, efforts to expand Russian influence through the Eurasian Economic Union, creation of a Union State with Belarus, and support for breakaway provinces in Moldova and Georgia are typical great-power strategies to preserve security along vulnerable borders. 94 Abrogation of the INF Treaty and NATO’s rotational deployments in Poland and the Baltic states reassure Eastern Europeans that the allies will stand up to Russian aggression. For Moscow, however, these actions confirm that Washington’s goal is to deny Russia a reasonable buffer zone needed to preserve security along its western perimeter. 95

The threat of conventional or “hybrid” aggression against Eastern Europe has heightened fears of Russia, especially in Poland and the Baltic states. 96 The Obama administration supported its newer NATO allies through the European Reassurance Initiative, designed to enhance deterrence and improve the readiness of European forces through increased U.S. presence, exercises, training, pre-positioning, building partnership capacity, and improved infrastructure. In the last year of the Obama administration, the Defense Department requested $3.4 billion be allocated in fiscal year 2017 for the initiative. Under Trump, the Department of Defense increased budgetary requests for the renamed European Deterrence Initiative to $4.8 billion in fiscal year 2018 and $6.5 billion in fiscal year 2019, but then reduced funding in fiscal year 2020 to encourage European allies to pick up more of the cost. 97

While U.S. troops in the region are rotational, rather than being permanently based close to the Russian border, the enhanced NATO presence and military exercises in Eastern Europe have heightened tensions with Moscow. In May 2018, Poland requested that the United States consider permanently stationing troops in Poland, a move the Kremlin suggested would prompt countermeasures. 98 Tensions occasioned by Russia’s continued operations against Ukraine, and the NATO buildup on Russia’s western border, are heightened by joint military exercises conducted by both sides. NATO analysts have criticized Russian exercises as lacking transparency and claim they are not conducted in accordance with Organization for Security and Cooperation in Europe Vienna Document requirements on prior notifications, and therefore are destabilizing. 99 The scale of such exercises has expanded since Trump took office.

In September 2017, Russia conducted the Zapad (West) exercises in its Western Military District with Belarus, reporting numbers just below the 13,000-force threshold that would have required it to permit foreign observers. 100 NATO officials were well aware that Russia had conducted a large exercise (Kavkaz in 2008) just prior to the Georgian war and so were on high alert. 101 In turn, military exercises led by the United States have generated alarmism in Moscow. During the Saber Strike maneuvers in Poland and the Baltic states in June 2018, 18,000 troops practiced rapid response training to counter hypothetical aggression from the East. Russia condemned the operation as undermining stability on the continent and countered with a fake blog account and doctored photo claiming a child was killed during the exercises. 102 The Kremlin was even more incensed when, in October 2018, NATO conducted the largest military exercise since the Cold War, Trident Juncture, with 50,000 troops from 31 nations (including non-members Finland and Sweden) participating in maneuvers in Norway, the Baltic Sea, and the North Atlantic. Defense Minister Sergei Shoigu warned that NATO’s exercise was simulating offensive military action against Russia. 103

Other factors contribute to the sense of uncertainty. Given Trump’s frequent criticisms of NATO allies, the Russian leadership might suspect the U.S. president would not honor Article 5 of the treaty and respond militarily to a Russian incursion in the Baltic states. Putin may be willing to gamble on NATO’s unwillingness to counter Russian adventurism in the Baltic region and thereby risk precipitating a nuclear war. According to one Russian analyst, Moscow’s leaders are confident in their ability to win a nuclear conflict, so the question for the West is whether the costs in blood and treasure of defending these small, distant nations can really be justified. 104 More realistically, any Baltic conflict is likely to follow a version of the Ukraine scenario, with Moscow intervening indirectly (and defensively, from the Russian perspective) to protect threatened Russian compatriots.

Russia further complicates NATO calculations by employing cyber attacks and disinformation that present the alliance with a dilemma of either overreacting and risking war or doing nothing and demonstrating the organization’s impotence. Moscow’s asymmetric approach derives from its relatively weak conventional capabilities and the absence of useful allies in Europe to balance against NATO.

To summarize, Russia’s geographically vulnerable position makes political developments in Eastern Europe and the Caucasus far more salient to Russia’s security than to America’s. Efforts by the United States and Europe to promote democracy and, by extension, consolidate Western influence in Eastern Europe erode the buffer zone and (from Moscow’s perspective) threaten Russian security. Russia’s actions in the “near abroad” have been aggressive. Its goals, however, appear to fall short of reestablishing imperial control over former Soviet space. The U.S. and European response, consisting of military exercises, limited troop deployments, economic sanctions, and political support for Russia’s enemies, increases Russia’s sense of vulnerability and leads to responses in kind.

Alliance Politics and the Security Dilemma

Theoretically, states form alliances in a multipolar world to balance powerful adversaries and enhance their security. 105 But in a unipolar environment, states may have few options in forming alliances to balance a competitor. In a unipolar world, the rationale for alliances is much weaker, and the incentives among weaker members to free-ride and to draw the dominant power into situations where it has few or no vital interests (the moral hazard problem) are great. As the Soviet Union collapsed, NATO expanded from 16 alliance members in 1991 to the present 29, and the organization decided to go out-of-area. The security rationale became less focused but still was perceived in Moscow as a threat to Russian interests.

When the Warsaw Pact collapsed, the alliance decision to preserve NATO, expand its membership, and go out-of-area violated Moscow’s expectations that the United States would reciprocate Russia’s cooperative moves. In security dilemma terms, the United States defected, and the unipolar order excluded the possibility of Russia restoring a comparable alliance to balance NATO. At various points Mikhail Gorbachev, Yeltsin, and Putin all expressed interest in joining NATO within a revised European security framework, but that option was not seriously considered in Brussels or Washington.

With so few reliable allies in Europe, eroding NATO unity has become a key goal for enhancing Russian security. The deployment of additional NATO forces in northern Europe has led Russia to prioritize its foreign policy and defense relationship with Belarus, the last authoritarian state in Europe and a dubious ally at best. Belarus and Russia are joined in a Union State, and Belarus is a member of the Eurasian Economic Union and Collective Security Treaty Organization, but President Alexander Lukashenko maintains his country’s independence by balancing between Russia and the West. 106 Lukashenko refused Russia’s request for a Russian air base in 2013, conducted joint military exercises with the Chinese in 2015, and in 2019 sought to purchase U.S. crude oil in an attempt to reduce dependence on Russia. Considering the poor performance of the Eurasian Economic Union and Moscow’s obvious attempt to dominate the organization, Belarus has kept channels open to the European Union and the United States. Moscow has played down differences, however, with Foreign Minister Lavrov praising Belarus for its support in the U.N. General Assembly on issues relating to Crimea, Syria, and Georgia. 107 Putin has expressed support for the beleaguered dictator in the wake of widespread protests against manipulation of the 2020 presidential election. 108

Russia’s isolated position has also led the Kremlin to emphasize ties with “rogue regimes” including Syria, Iran, and Venezuela. These states are hostile to America and can be counted on to support Russian initiatives. These bilateral relationships are not alliances, but they do allow the Kremlin to exercise influence beyond Russia’s immediate borders. Moscow’s support for these regimes complicates American foreign policy and reinforces the perception of Russia as a spoiler in global politics.

To the east, Russia has discovered a far more important partner in China. Much of Russia’s pivot toward Asia can be explained by the hostile European environment, the Kremlin’s interest in constraining American power, and the need to legitimize Kremlin rule by affirming Russia’s great-power status. 109 On virtually all indicators, the United States remains the world’s most powerful country, but China ranks second on many measures. Russia is the equal of the United States (and China’s superior) only in nuclear weapons. On all other dimensions, especially economic and demographic, it operates from a position of weakness. Russia’s “strategic partnership” with China is clearly directed against the United States and presents significant challenges to Washington. Under the Trump administration, the Russo-Chinese partnership has strengthened, notwithstanding the president’s conciliatory rhetoric toward Moscow. 110

Russia’s isolated position has also led the Kremlin to emphasize ties with “rogue regimes” including Syria, Iran, and Venezuela. These states are hostile to America and can be counted on to support Russian initiatives.

The Chinese-Russian relationship is not a formal alliance, and while the two countries may engage in a form of balancing against the dominant power, they also hedge against each other in the Asia-Pacific. 111 However, policymakers in Washington remain nervous about close military cooperation between Moscow and Beijing. As relations between the United States and Russia, and those between the United States and China, have deteriorated, the Russian-Chinese defense relationship has become more openly directed against American military hegemony in Eastern Europe and the Western Pacific, respectively. Russian-Chinese military cooperation consists of arms sales, 112 joint military exercises, and anti-terrorism coordination through the Shanghai Cooperation Organization. Russia’s military modernization program has led to an expansion of offensive and defensive capabilities in the western and southern military districts, while China’s ballistic missile buildup, the development of attack submarines, and the island construction activities in the South China Sea constrain the U.S. Navy’s ability to maneuver in the Western Pacific. 113

As noted earlier, the United States faces joint opposition from Russia and China to U.S. deployment of anti-ballistic missile systems in Eastern Europe and East Asia. Russia and China see the potential for regionally based anti-ballistic missile systems, together with those located in the United States, as an “interlinked global defensive network” that would erode their strategic deterrents. 114 This is especially threatening given the Nuclear Posture Review ’s emphasis on technological development and blurring the distinction between nuclear and conventional weapons. 115 Since the American position threatens the strategic deterrents of both Russia and China, the administration’s nuclear posture is another factor pushing Russia and China closer together.

In addition to its vital partnership with China, Russia is hedging in Asia by developing ties with India, Japan, South Korea, Pakistan, and the Association of Southeast Asian Nations. Russian analysts assert that the global order is changing and the West is losing its five-century dominance of global affairs. Since the United States failed to subordinate Russia and China as junior partners within the liberal international order, it is now returning to a policy of containment, trying to force countries to take sides in a new bipolar order through the Trump administration’s Indo-Pacific strategy. 116 The United States considers Russia a “revitalized malign actor” in the Indo-Pacific, one that is using economic, diplomatic, and military instruments to reestablish presence and influence lost after the collapse of communism. In addition, Russia frequently collaborates with China to oppose the United States in the U.N. Security Council, promoting a multilateral world order that will weaken the United States and reduce its global influence. 117

Rhetoric notwithstanding, the United States remains dominant in global politics in large part through the hub-and-spoke system of alliances in the Indo-Pacific and through an enlarged NATO in Europe. Alliances are one means by which states augment their power, but the current alliance structure favors only the United States. Russia is severely disadvantaged on this dimension. The United States is in a far stronger position, despite tensions within NATO over burden sharing and uncertainty regarding U.S. willingness to defend small and distant members of the alliance. Moscow perceives NATO as a security threat, or at least claims to — and not without reason. Russia cannot balance NATO and the United States through a roughly equal alliance, as it did during the Cold War, and so must resort to asymmetric measures that are threatening to NATO’s small Eastern European members. Actions on both sides feed into the security dilemma.

If a broad security dilemma approach has value for explaining the downward spiral in Russian-American relations, we should expect tit-for-tat responses to initiatives in the political, military, and alliance realms. We can never be certain that any given action provokes a reaction, but the evidence presented here suggests that in certain cases the security dilemma was operating. In others, the utility of the approach is less apparent.

First, the evidence suggests that NATO expansion did not pose a direct military threat to Russia. U.S. and European troop deployments and military spending declined dramatically from 1990 through 2015. 118 Instead, enlargement symbolized Russian weakness, practically eliminated a historical buffer zone, demonstrated Russia’s inability to control events along its borders, and dismissed Russia’s interests as a great power. NATO’s involvement in the Balkans and U.S. efforts to secure alliance membership for Georgia and Ukraine were justified by the United States as attempts to enhance European security. For Moscow, these actions were offensive in nature, directed against vital Russian interests, resulting in the Kremlin’s use of military force against both countries.

Second, conventional vulnerability, combined with American anti-ballistic missile complexes deployed and planned in Eastern Europe, led Russia to cheat on the INF Treaty and develop new strategic weapons more capable of negating American ballistic missile defenses. Two decades of military budget increases under Putin supported conventional and nuclear modernization. 119 These increases can be explained as defensive sufficiency (simply catching up after the massive declines of the 1990s), or as positioning Russia for offensive regional operations. The Trump administration, like its predecessor, has interpreted these Russian strategic advances as aggressive and has greatly accelerated America’s nuclear program while renouncing arms control agreements, continuing the cycle of strategic modernization and heightening mistrust. 120

Third, U.S. support for color revolutions, the Arab Spring uprisings, and Russia’s White Revolution would not generally be considered an offensive military threat and so would seem not to relate to the security dilemma. Russia’s concept of full-spectrum warfare, however, holds support for popular uprisings to be an existential threat to allies and to Putin’s authoritarian regime. Here, Russian responses to U.S. actions are clear — Moscow has taken a range of actions to contain political threats to Russia and its partners. For the United States, Russia’s interference in U.S. elections and attacks on the American system of democratic government, Moscow’s willingness to violate the sovereignty of neighboring states and its disinformation campaign are viewed as offensive threats — an attempt to destabilize Western societies and compensate for inferior kinetic capabilities. But these measures can also be viewed as defensive, as asserted by Russia’s Ministry of Defense, based on the perception that the West is using information technology (liberal democratic propaganda) as a component of its military strategy. 121

Finally, the two sides have occasionally found various avenues for cooperation. The downward spiral in relations has been interrupted at various points — after the 9/11 terrorist attacks, early in the Obama reset, and during the surge in Afghanistan. At times, Russia and the United States find they have common interests, but the level of distrust and hostility precludes cooperation in many areas.

U.S.-Russian relations exhibited remarkable continuity from the second half of Obama’s administration through Trump’s first term. The two sides reduced channels of communication, trust remained very low, and each side interpreted the other’s behavior as aggressive and threatening. Reflexive anti-Russian positions are evident on both sides of the American political spectrum, while Russian elites have become uniformly anti-American in the Putin era. 122 In short, the two countries appear to be engaged in a downward spiral arising from a security dilemma, where each side perceives a serious threat from the other and takes countermeasures that further provoke insecurity within the adversary.

The security dilemma argument is predicated on defensive realism, the assumption that states are seeking sufficiency in capabilities to deal with threats rather than the clear superiority argued by offensive realists. 123 If this approach is correct, and assuming neither side is acting as a greedy power, then tensions in U.S.-Russian relations can be lowered through measures designed to reduce uncertainty and build trust. 124 Russia’s behavior since the end of the Cold War suggests that it clearly perceives the West — specifically the United States — as a threat. The United States is far superior in conventional weapons, boasts considerably more (and more reliable) allies, and has frequently acted without restraint in its dealings with Russia and other countries. At the same time, Russian behavior under Putin has been highly aggressive, threatening to its neighbors, and is frequently outside the boundaries of international law.

In short, the two countries appear to be engaged in a downward spiral arising from a security dilemma, where each side perceives a serious threat from the other and takes countermeasures that further provoke insecurity within the adversary.

Historically, Russian grand strategy has alternated between imperialism and defensiveness, shaped by a combination of perceived vulnerability of the homeland and opportunities for expansion along the periphery. 125 Soviet foreign policy followed much the same pattern of expansion and coexistence, as one leading scholar described it. 126 U.S. policies since 1992 have been largely indifferent to, or ignorant of, the historical context — the destruction visited on Russia in the 20th century — and Russian leaders perceive the West as taking advantage of Russian weakness. Policymakers in Washington mistakenly assumed that the expansion of friendly democratic states along Russia’s periphery and their incorporation into NATO would enhance American security without threatening Russian interests. Moscow’s response, in the form of military intervention in the “near abroad,” informational warfare against the United States and its allies, and a program of weapons modernization, was viewed as the aggressive behavior typical of a revanchist authoritarian regime. Washington responded by deploying forces to Eastern Europe, imposing a wide range of sanctions, and ratcheting up its already formidable military machine.

How, then, can the two countries slow or reverse the escalatory logic of the security dilemma? One obvious first step would be to increase diplomatic and military-to-military communication and to have more frequent consultations within the NATO-Russia Council to improve trust and reduce the possibility of an accidental engagement. More transparency is needed — especially by Russia — during military exercises. Each side needs to reassure the other that its intentions are purely defensive, although given the level of mutual suspicion that may prove difficult to accomplish.

Second, reaching a settlement on Ukraine would be a major step forward. Ukrainian President Volodymyr Zelensky has indicated a willingness to talk with Moscow, and the Russian public appears to be increasingly weary of the conflict. One possibility would be to grant some form of autonomy to Donetsk and Luhansk in exchange for an end to hostilities and territorial and security guarantees for Kyiv, followed by the deployment of a multilateral peacekeeping force. The United States cannot and should not accept Russian sovereignty over Crimea. But restoring the peninsula to Ukrainian control is highly unlikely in the near future. Treating Ukraine as a de facto buffer zone between Russia and Europe may be controversial, but a solution along these lines could reassure Russia and lower tensions. 127 Such an arrangement would likely involve taking NATO membership off the table for Ukraine (and for Georgia), although NATO should at the same time reaffirm clear support for the security and territorial integrity of its current members.

Third, the two sides need to ratchet back their interference in each other’s internal affairs. Russian meddling in the 2016 and 2020 presidential elections and its use of information warfare against the United States and its allies has contributed to the high levels of distrust and suspicion. The United States could, and should, continue to voice support for democratic ideals and is justified in criticizing authoritarian governments, but Washington should curtail active attempts at regime change. In any event, Western support for color revolution-style popular uprisings has waned as the results have proved mixed at best.

Fourth, an arms race involving a new generation of weapons is highly destabilizing. The INF Treaty may be dead, but Russia and the United States should agree to extend the New START Treaty, which expires in February 2021. Equally important, they should begin negotiations on limiting the development and deployment of potentially destabilizing hypersonic and stealth weapons, and tactical nuclear systems, which could be incorporated under an expanded New START agreement. Since Russian and Chinese nuclear hypersonic programs are more advanced than those of the United States, Washington would benefit by limiting these systems. And negotiations, even in the absence of formal agreements, would generate information about the other side’s capabilities and intentions and would help reduce the suspicions that fuel the security dilemma. Shifting to a no-first-use policy on nuclear weapons would also reduce tensions, though neither side is likely to agree to such a proposal.

Addressing the security dilemma does not mean acquiescing to all of Russia’s demands, but it does suggest that treating Russia with the respect due a great power might lower tensions and lay the groundwork for more substantive agreements. The United States need not concede a sphere of influence to Moscow in the former Soviet space, but it should recognize that Russia has genuine security concerns regarding NATO expansion and democracy-promotion efforts in the former republics. The point is to reduce uncertainty and mistrust that could lead to an unintentional clash, which could rapidly escalate to large-scale conventional or nuclear conflict.

Charles E. Ziegler is professor of political science and university scholar at the University of Louisville. He is the author or editor of five books and over 100 scholarly articles on foreign policy and domestic politics in Russia and Eurasia and has held fellowships from the Council on Foreign Relations, Fulbright Program, IREX, and Hoover Institution. He is the faculty director for the Grawemeyer Award for Ideas Improving World Order and executive director of the Louisville Committee on Foreign Relations. He is currently working on a book on Russia in the Pacific region.

Acknowledgements: I would like to thank Gregory Brew, Michael Brown, Doyle Hodges, Van Jackson, and the anonymous reviewers of the Texas National Security Review for their helpful comments on earlier versions of the manuscript.

Image: Dmitry Ivanov , CC BY-SA 4.0

1 Adam Entous and Greg Miller, “U.S. Intercepts Capture Senior Russian Official Celebrating Trump Win,” Washington Post , Jan. 5, 2017, https://www.washingtonpost.com/world/national-security/us-intercepts-capture-senior-russian-officials-celebrating-trump-win/2017/01/05/d7099406-d355-11e6-9cb0-54ab630851e8_story.html .

2 Robert Legvold, Return to Cold War (Cambridge: Polity, 2016). For an argument against characterizing relations as a new Cold War, see, Andrei P. Tsygankov, Russia and America: The Asymmetric Rivalry (Cambridge: Polity, 2019).

3 Marvin Kalb, Imperial Gamble: Putin, Ukraine, and the New Cold War (Washington, DC: Brookings, 2015); David E. McNabb, Vladimir Putin and Russia’s Imperial Revival (New York: Routledge, 2016).

4 Agnia Grigas, Beyond Crimea: The New Russian Empire (New Haven, CT: Yale University Press, 2016).

5 Ingmar Oldberg, “Is Russia a Status Quo Power?” UlPaper , no. 1 (2016), published by the Swedish Institute of International Affairs, https://www.ui.se/globalassets/butiken/ui-paper/2016/is-russia-a-status-quo-power---io.pdf .

6 Michael McFaul, “Russia as It Is: A Grand Strategy for Confronting Putin,” Foreign Affairs 97, no. 4 (July/August 2018): 82–91, https://www.foreignaffairs.com/articles/russia-fsu/2018-06-14/russia-it .

7 Stephen Sestanovich, “Could It Have Been Otherwise?” The American Interest 10, no. 5 (May/June 2015): 6–15, https://www.the-american-interest.com/2015/04/14/could-it-have-been-otherwise/ .

8 Stephen F. Cohen, War with Russia? From Putin & Ukraine to Trump & Russiagate (New York: Skyhorse Publishing, 2019).

9 Dimitri K. Simes, “Delusions About Russia,” National Interest 163 (September/October 2019): 5–16, https://nationalinterest.org/feature/delusions-about-russia-72321 .

10 Daniel Deudney and G. John Ikenberry, “The Unravelling of the Cold War Settlement,” Survival 51, no. 6 (2009): 39–62, https://doi.org/10.1080/00396330903461666 .

11 Putin’s March 2014 address justifying the annexation of Crimea referenced Kosovo six times. “Address by President of the Russian Federation,” President of Russia, March 18, 2014, http://en.kremlin.ru/events/president/news/20603 ; Steve Gutterman, “Russia Uses 1999 NATO Bombing in Media War Over Crimea,” Reuters , March 24, 2014, https://www.reuters.com/article/us-ukraine-crisis-russia-kosovo/russia-uses-1999-nato-bombing-in-media-war-over-crimea-idUSBREA2N0SC20140324 .

12 John J. Mearsheimer, “Why the Ukraine Crisis Is the West’s Fault,” Foreign Affairs 93, no. 5 (September/October 2014): 77–89, https://www.foreignaffairs.com/articles/russia-fsu/2014-08-18/why-ukraine-crisis-west-s-fault .

13 Michael E. Brown, “The Flawed Logic of NATO Expansion,” Survival 37, no. 1 (1995): 34–52, https://doi.org/10.1080/00396339508442775 ; Michael E. Brown, “Minimalist NATO: A Wise Alliance Knows When to Retrench,” Foreign Affairs 78, no. 3 (May/June 1999): 204–18, https://www.jstor.org/stable/20049354 .

14 Thomas L. Friedman, “Foreign Affairs; Now a Word From X,” New York Times , May 2, 1998, https://www.nytimes.com/1998/05/02/opinion/foreign-affairs-now-a-word-from-x.html .

15 M.E. Sarotte, “How to Enlarge NATO: The Debate Inside the Clinton Administration, 1993–95,” International Security 44, no. 1 (Summer 2019): 7–41, https://doi.org/10.1162/isec_a_00353 .

16 Joshua R. Itzkowitz Shifrinson, “Deal or No Deal? The End of the Cold War and the U.S. Offer to Limit NATO Expansion,” International Security 40, no. 4 (Spring 2016): 7–44, https://doi.org/10.1162/ISEC_a_00236 .

17 Andrei P. Tsygankov, Russophobia: Anti-Russian Lobby and American Foreign Policy (New York: Palgrave Macmillan, 2009); Andrei P. Tsygankov, Russia and the West from Alexander to Putin: Honor in International Relations (Cambridge: Cambridge University Press, 2012).

18 Robert Jervis, Perception and Misperception in International Politics (Princeton, NJ: Princeton University Press, 1976); Robert Jervis, “Cooperation Under the Security Dilemma,” World Politics 30, no. 2 (1978): 167–214, https://www.jstor.org/stable/2009958 ; Ken Booth and Nicholas J. Wheeler, The Security Dilemma: Fear, Cooperation and Trust in World Politics (New York: Palgrave Macmillan, 2008); Shiping Tang, “The Security Dilemma: A Conceptual Analysis,” Security Studies 18, no. 3 (2009): 587–623, https://doi.org/10.1080/09636410903133050 .

19 Booth and Wheeler, The Security Dilemma , 4.

20 Jervis, Perception and Misperception in International Politics .

21 Charles E. Ziegler, “Russian-American Relations: From Tsarism to Putin,” International Politics 51, no. 6 (2014): 671–92, https://www.doi.org/10.1057/ip.2014.32 .

22 Jervis, Perception and Misperception , 67–76. See also, Charles L. Glaser, “The Security Dilemma Revisited,” World Politics 50, no. 1 (1997): 171–201, https://www.jstor.org/stable/25054031 .

23 George S. Beebe, The Russia Trap: How Our Shadow War with Russia Could Spiral into Nuclear Catastrophe (New York: Thomas Dunne, 2019).

24 Andrei A. Sushentsov and Maxim A. Suchkov, “The Nature of the Modern Crisis in U.S.-Russia Relations,” Russia in Global Affairs , Jan. 17, 2019, https://eng.globalaffairs.ru/number/The-Nature-of-the-Modern-Crisis-in-US-Russia-Relations-19914 .

25 Andrej Krickovic, “Catalyzing Conflict: The Internal Dimension of the Security Dilemma,” Journal of Global Security Studies 1, no. 2 (2016): 111–26, https://doi.org/10.1093/jogss/ogw002 .

26 Emma Ashford, “Not-So-Smart Sanctions: The Failure of Western Restrictions Against Russia,” Foreign Affairs 95, no. 1 (January/February 2016): 114–23, https://www.foreignaffairs.com/articles/russian-federation/2015-12-14/not-so-smart-sanctions .

27 Tang, “The Security Dilemma,” 595.

28 Tang, “The Security Dilemma,” 599, 620–21.

29 Andrej Krickovic and Yuval Weber, “Commitment Issues: The Syrian and Ukraine Crises as Bargaining Failures of the Post-Cold War International Order,” Problems of Post-Communism 65, no. 6 (2018): 373–84, https://doi.org/10.1080/10758216.2017.1330660 .

30 Jervis, “Cooperation Under the Security Dilemma,” 183.

31 Stephen Kotkin, “Russia’s Perpetual Geopolitics: Putin Returns to the Historical Pattern,” Foreign Affairs 95, no. 3 (May/June 2016): 2–9, https://www.jstor.org/stable/43946851 .

32 Barry R. Posen, The Sources of Military Doctrine: France, Britain, and Germany Between the World Wars (Ithaca, NY: Cornell University Press, 1984), 15–18.

33 Robert Jervis, “Was the Cold War a Security Dilemma?” Journal of Cold War Studies 3, no. 1 (Winter 2001): 39, https://doi.org/10.1162/15203970151032146 .

34 See, Andrey A. Sushentsov and William C. Wohlforth, “The Tragedy of US-Russian Relations: NATO Centrality and the Revisionists’ Spiral,” International Politics 57 (2020): 427–50, https://doi.org/10.1057/s41311-020-00229-5 ; and Michael Kofman, “Drivers of Russian Grand Strategy,” Frivarld , April 2019, http://frivarld.se/wp-content/uploads/2019/04/Drivers-of-Russian-Grand-Strategy.pdf .

35 Alexander Lanoszka and Michael A. Hunzeker explore competing arguments for revisionist and defensive models of Russian behavior in Conventional Deterrence and Landpower in Northeastern Europe (Carlisle Barracks, PA: U.S. Army War College Press, March 2019), http://www.alexlanoszka.com/lanoszkahunzekerssi.pdf .

36 Tang, “The Security Dilemma,” 601.

37 “Valerii Gerasimov Speech to the Academy of Military Sciences,” Krasnaia zvezda , March 4, 2019, http://redstar.ru/vektory-razvitiya-voennoj-strategii/?attempt=1 .

38 Wade Boese, “Leaked Documents Detail U.S. ABM Strategy: GOP Says Limited NMD Plans Are Not Enough,” Arms Control Association , May 2000, https://www.armscontrol.org/act/2000-05/news/leaked-documents-detail-us-abm-strategy-gop-says-limited-nmd-plans-not-enough .

39 Greg Thielmann, “The National Missile Defense Act of 1999,” Arms Control Association , 2009, https://www.armscontrol.org/act/2009-07/national-missile-defense-act-1999 ; Elizabeth Becker and Eric Schmitt, “G.O.P. Senators Tell Clinton They Oppose Him on ABM Treaty and Defense System,” New York Times , April 22, 2000, https://www.nytimes.com/2000/04/22/world/gop-senators-tell-clinton-they-oppose-him-on-abm-treaty-and-defense-system.html .

40 “ABM Treaty: Putin Statement December 13, 2001,” Department of Defense, Office of Strategic Deterrence and Capabilities, https://www.acq.osd.mil/tc/abm/ABM-PutinDec13.htm . The Russian Duma delayed bringing up the treaty for ratification and then rejected it after the United States left the ABM Treaty. Russia was dissatisfied with the limitations in START II, and in any case, Putin and Bush signed the Strategic Offensive Reductions Treaty (SORT) in May 2002.

41 Ulrich Kühn and Anna Péczli, “Russia, NATO, and the INF Treaty,” Strategic Studies Quarterly 11, no. 1 (Spring 2017): 73, https://www.jstor.org/stable/26271591 . Bush administration plans to deploy anti-ballistic missile systems in Poland and the Czech Republic were abandoned when the Obama administration created the European Phased Adaptive Approach to defend against Iranian intermediate-range missiles. See, Ian Williams, “Achilles’ Heel: Adding Resilience to NATO’s Fragile Missile Shield,” CSIS Brief , Aug. 5, 2019, https://www.csis.org/analysis/achilles-heel-adding-resilience-natos-fragile-missile-shield .

42 Robert M. Gates, Duty: Memoirs of a Secretary at War (New York: Vintage Books, 2015), 159–60, 398–404.

43 From Nikolai Sokov, former Soviet nuclear negotiator and senior fellow at the Middlebury Institute. In, Dave Majumdar, “Why Russia Fears America’s Missile Defenses,” National Interest , Sept. 29, 2017, https://nationalinterest.org/blog/the-buzz/why-russia-fears-americas-missile-defenses-22533 .

44 Vladimir Putin, “Presidential Address to the Federal Assembly,” President of Russia, March 1, 2018, http://en.kremlin.ru/events/president/transcripts/statements/56957 ; Nuclear Posture Review , U.S. Department of Defense, February 2018, https://media.defense.gov/2018/Feb/02/2001872886/-1/-1/1/2018-NUCLEAR-POSTURE-REVIEW-FINAL-REPORT.PDF .

45 Keir Giles with Andrew Monaghan, European Missile Defense and Russia (Carlisle Barracks, PA: U.S. Army War College Press, 2014), 12–18, http://www.dtic.mil/dtic/tr/fulltext/u2/a607174.pdf .

46 The Embassy of the Russian Federation to the United Kingdom of Great Britain and Northern Ireland, “The Military Doctrine of the Russian Federation,” Dec. 25, 2014, 27, https://rusemb.org.uk/press/2029 ; Bettina Renz, Russia’s Military Renewal (Cambridge: Polity Press, 2018), 172.

47 Alexey Arbatov, “Understanding the US-Russia Nuclear Schism,” Survival 59, no. 2 (2017): 34, 55–56, https://doi.org/10.1080/00396338.2017.1302189 .

48 Kimberly Marten, “NATO Enlargement: Evaluating its Consequences in Russia,” International Politics 57 (2020): 401–26, https://doi.org/10.1057/s41311-020-00233-9 .

49 Sergey Sukhankin, “From ‘Bridge of Cooperation’ to A2AD ‘Bubble’: The Dangerous Transformation of Kaliningrad Oblast,” Journal of Slavic Military Studies 31, no. 1 (2018): 15–36, https://doi.org/10.1080/13518046.2018.1416732 .

50 Leonid Kosals, “Russia’s Elite Attitudes to the NATO Enlargement: Sociological Analysis,” NATO-EAPC Research Fellowship Final Report (Moscow: 2001), https://www.nato.int/acad/fellow/99-01/kosals.pdf . NATO ranked fourth in perceived threats behind terrorism, low competitiveness in the global economy, and backwardness in science and technology.

51 Vladimir Putin, “Speech and the Following Discussion at the Munich Conference on Security Policy,” President of Russia, Feb. 10, 2007, http://en.kremlin.ru/events/president/transcripts/24034 .

52 “The Military Doctrine of the Russian Federation,” Feb. 5, 2010, https://carnegieendowment.org/files/2010russia_military_doctrine.pdf ; “The Military Doctrine of the Russian Federation,” 2014, 12.

53 Andrei P. Tsygankov, “The Sources of Russia’s Fear of NATO,” Communist and Post-Communist Studies 51, no. 2 (2018): 101–11, https://doi.org/10.1016/j.postcomstud.2018.04.002 . Also see, Jim Goldgeier, “Promises Made, Promises Broken? What Yeltsin Was Told About NATO in 1993 and Why It Matters,” War on the Rocks , Nov. 22, 2019, https://warontherocks.com/2019/11/promises-made-promises-broken-what-yeltsin-was-told-about-nato-in-1993-and-why-it-matters-2/ .

54 National Security Strategy of the United States , The White House, December 2017, 3 https://www.whitehouse.gov/wp-content/uploads/2017/12/NSS-Final-12-18-2017-0905.pdf .

55 National Security Strategy , 2.

56 “Kommentarii Departmenta informatsii i pechati MID Rossii v sviazi c novoi Strategiei natsional’noi bezopastnosti SSHA [Comments from the Russian Foreign Ministry’s Department of Information and Press on the New US National Security Strategy],” Ministry of Foreign Affairs of the Russian Federation, Dec. 19, 2017, http://www.mid.ru/ru/foreign_policy/news/-/asset_publisher/cKNonkJE02Bw/content/id/2996962 .

57 Tom Balmforth, “What a Difference a Year Makes: Russian Lawmakers Pan Trump’s Security Doctrine, Kremlin Sees Silver Lining,” Radio Free Europe/Radio Liberty , Dec. 19, 2017, https://www.rferl.org/a/russia-reaction-us-security-doctrine-trump-putin/28927351.html .

58 Summary of the 2018 National Defense Strategy of The United States of America: Sharpening the American Military’s Competitive Edge , U.S. Department of Defense, 2018, 2, https://dod.defense.gov/Portals/1/Documents/pubs/2018-National-Defense-Strategy-Summary.pdf .

59 Fyodor Lukyanov, “Trump’s Defense Strategy is Perfect for Russia,” Washington Post , Jan. 23, 2018, https://www.washingtonpost.com/news/theworldpost/wp/2018/01/23/national-defense-strategy/ .

60 See the remarks by Minister of Defense Sergei Shoigu, “Shoigu: deistviia NATO vynuzhdaiut Rossiiu prinimat’ otvetnye mery dlia bezopastnosti [Shoigu: NATO’s Actions Force Russia to Retaliate for the Country’s Security],” TASS , Feb. 27, 2019, https://tass.ru/armiya-i-opk/6164133 .

61 Elias Götz, “Strategic Imperatives, Status Aspirations, or Domestic Interests? Explaining Russia’s Nuclear Weapons Policy,” International Politics 56 (2019): 810–27, https://doi.org/10.1057/s41311-018-0168-7 .

62 Putin, “Presidential Address to the Federal Assembly.”

63 See, Matthew Gault, “Russia’s New Nuclear Missiles Squeeze Response Time,” Scientific American , March 27, 2019, https://www.scientificamerican.com/article/russias-new-nuclear-missiles-squeeze-response-time/ . In August 2019, a test of the Burevestnik cruise missile at the Nenoksa site in northern Russia resulted in the explosion of a small nuclear reactor, demonstrating the risks of nuclear-powered cruise missiles.

64 Richard H. Speier, George Nacouzi, Carrie A. Lee, and Richard M. Moore, Hypersonic Missile Nonproliferation: Hindering the Spread of a New Class of Weapons (Santa Monica, CA: RAND, 2017); Gault, “Russia’s New Nuclear Missiles Squeeze Response Time.”

65 Kristin Ven Bruusgaard, “Russian Strategic Deterrence,” Survival 58, no. 4 (2016): 7–26, https://doi.org/10.1080/00396338.2016.1207945 .

66 Vladimir Putin, “Meeting of the Valdai International Discussion Club,” President of Russia, Oct. 18, 2018, http://en.kremlin.ru/events/president/news/58848 .

67 On the role of the Russian Orthodox Church in the country’s national security policy and nuclear weapons, see, Dmitry (Dima) Adamsky, “Russian Orthodox Church and Nuclear Command and Control: A Hypothesis,” Security Studies 28, no. 5 (2019): 1010–39, https://doi.org/10.1080/09636412.2019.1662483 .

68 Vadim Shtepa, “Privedet li padenie Tret’ego Rima k Tret’ei mirovoi voine? [Will the Fall of Third Rome Lead to World War III?],” RKK ICDS , Oct. 23, 2018, https://icds.ee/ru/privedet-li-padenie-tretego-rima-k-tr/ .

69 The agency’s funding for Fiscal Year 2019 was projected to more than double to $256.7 million. Matt Stroud, “Inside the Race for Hypersonic Weapons,” The Verge , March 6, 2018, https://www.theverge.com/2018/3/6/17081590/hypersonic-missiles-long-range-arms-race-putin-speech .

70 Dave Majumdar, “The U.S. Military Is Going All In on Hypersonic Weapons,” National Interest , Aug. 14, 2018, https://nationalinterest.org/blog/buzz/us-military-going-all-hypersonic-weapons-28767 .

71 Kelley M. Sayler, “Hypersonic Weapons: Background and Issues for Congress,” Congressional Research Service, July 11, 2019, https://fas.org/sgp/crs/weapons/R45811.pdf .

72 Nuclear Posture Review , U.S. Department of Defense, Feb. 2, 2018, https://media.defense.gov/2018/Feb/02/2001872886/-1/-1/1/2018-NUCLEAR-POSTURE-REVIEW-FINAL-REPORT.PDF .

73 Katarzyna Zysk, “Escalation and Nuclear Weapons in Russia’s Military Strategy,” The RUSI Journal 163, no. 2 (2018): 4–15, https://doi.org/10.1080/03071847.2018.1469267 .

74 Kofman, “Drivers of Russian Grand Strategy.”

75 Kristin Ven Bruusgaard, “The Russian Rogue in the New Nuclear Posture Review,” Policy Roundtable: The Trump Administration’s Nuclear Posture Review, Texas National Security Review , Feb. 13, 2018, https://tnsr.org/roundtable/policy-roundtable-trump-administrations-nuclear-posture-review/ .

76 Joint Chiefs of Staff, Nuclear Operations , June 11, 2019, III-3, V-3, https://fas.org/irp/doddir/dod/jp3_72.pdf .

77 Hans M. Kristensen and Matt Korda, “Tactical Nuclear Weapons, 2019,” Bulletin of the Atomic Scientists 75, no. 5 (2019): 252–61, https://doi.org/10.1080/00963402.2019.1654273 .

78 Seyom Brown, “The Trump Administration’s Nuclear Posture Review (NPR): In Historical Perspective,” Journal for Peace and Nuclear Disarmament 1, no. 2 (2018): 268–80, https://doi.org/10.1080/25751654.2018.1494092 . For an excellent extended discussion of the Nuclear Posture Review by six leading experts, see, “Policy Roundtable: The Trump Administration’s Nuclear Posture Review,” Texas National Security Review , Feb. 13, 2018, https://tnsr.org/roundtable/policy-roundtable-trump-administrations-nuclear-posture-review/ .

79 “Comment by the Information and Press Department on the New US Nuclear Posture Review,” Ministry of Foreign Affairs of the Russian Federation, Feb. 3, 2018, http://www.mid.ru/en/foreign_policy/news/-/asset_publisher/cKNonkJE02Bw/content/id/3054726 .

80 “NATO and the INF Treaty,” NATO, Aug. 2, 2019, https://www.nato.int/cps/en/natohq/topics_166100.htm .

81 David E. Sanger and William J. Broad, “U.S. to Tell Russia It Is Leaving Landmark I.N.F. Treaty,” New York Times , Oct. 19, 2018, https://www.nytimes.com/2018/10/19/us/politics/russia-nuclear-arms-treaty-trump-administration.html .

82 “Kremlin Not Welcoming Termination of INF Treaty when no Hints at New One Exist,” TASS , Oct. 23, 2018, http://tass.com/politics/1027327 .

83 “Bolton Says U.S. not Blackmailing Russia with INF Pullout Pledge,” Radio Free Europe/Radio Liberty , Oct. 22, 2018, https://www.rferl.org/a/us-russia-bolton-meeting-moscow-lavrov-putin-trump-inf-nuclear-gorbachev/29556555.html ; “Putin: Russia Will Target Nations Hosting U.S. Missiles,” Radio Free Europe/Radio Liberty , Oct. 24, 2018, https://www.rferl.org/a/putin-russia-target-nations-hosting-u-s-missiles/29562100.html .

84 Vladimir Putin, “Speech and the Following Discussion at the Munich Conference on Security Policy,” President of Russia, Feb. 10, 2007, http://en.kremlin.ru/events/president/transcripts/24034 .

85 Vladimir Frolov, “Russia’s Superpower Status Teeters with INF Treaty,” Moscow Times , Oct. 24, 2018, https://themoscowtimes.com/articles/russias-superpower-status-teeters-with-inf-treaty-op-ed-63293 .

86 “Russia May Develop Land-based Kalibr Cruise Missile by End of Year — Source,” TASS , Feb. 7, 2019, https://tass.com/defense/1043620 .

87 See, Yury E. Federov, “Continuity and Change in Russia’s Policy Toward Central and Eastern Europe,” Communist and Post-Communist Studies 46, no. 3 (2013): 315–26, https://doi.org/10.1016/j.postcomstud.2013.06.003 .

88 Dmitri Trenin, “Russia’s Spheres of Interest, not Influence,” Washington Quarterly 32, no. 4 (2009): 4, https://doi.org/10.1080/01636600903231089 . Medvedev’s remarks were carried on several Russian TV channels on Aug. 31, 2008, shortly after the war with Georgia.

89 See, Rajan Menon and Jack Snyder, “Buffer Zones: Anachronism, Power Vacuum, or Confidence Builder?” Review of International Studies 43, no. 5 (2017): 962–86, https://doi.org/10.1017/S0260210517000122 . Their analysis suggests that the conditions for Ukraine to serve as an effective buffer state are absent.

90 Elias Götz, “Putin, the State, and War: The Causes of Russia’s Near Abroad Assertion Revisited,” International Studies Review 19, no. 2 (2017): 228–53, https://doi.org/10.1093/isr/viw009 .

91 Michael Schwirtz, “Kyrgyzstan Seeks Russian Help to Quell Unrest,” New York Times , June 12, 2010, https://www.nytimes.com/2010/06/13/world/asia/13kyrgyz.html .

92 For a range of Western perspectives on the motivations behind Russian actions in Ukraine, see the special issue of Contemporary Politics : “Russia, the West, and the Ukraine Crisis,” 22, no. 3 (2016), https://www.tandfonline.com/toc/ccpo20/22/3 .

93 Denis Volkov, “Anti-American Sentiment in Post-Soviet Russia: Dynamics and Contemporary Characteristics,” Russian Politics and Law 56, nos. 1–2 (2018): 119–20, https://doi.org/10.1080/10611940.2018.1686923 .

94 Mearsheimer, “Why the Ukraine Crisis Is the West’s Fault.”

95 See, Federov, “Continuity and Change in Russia’s policy Toward Central and Eastern Europe”; Tsygankov, “The Sources of Russia’s Fear of NATO.”

96 For a critique of the “hybrid warfare” concept, see, Bettina Renz, “Russia and ‘Hybrid Warfare,’” Contemporary Politics 22, no. 3 (2016): 283–300, https://doi.org/10.1080/13569775.2016.1201316 . The Russian perspective, ironically, is derived from its interpretation of Western strategy.

97 Jen Judson, “Funding to Deter Russia Reaches $6.5B in FY19 Defense Budget Request,” Defense News , Feb. 12, 2018, https://www.defensenews.com/land/2018/02/12/funding-to-deter-russia-reaches-65b-in-fy19-defense-budget-request/ ; Paul D. Shinkman, “Trump Proposes Cutting Key Fund to Deter Russian Aggression,” U.S. News & World Report , March 12, 2019, https://www.usnews.com/news/politics/articles/2019-03-12/trump-proposes-cutting-key-fund-to-deter-russian-aggression .

98 “Kremlin Says U.S. Military Presence in Poland Would Undermine European Stability,” Radio Free Europe/Radio Liberty , May 30, 2018, https://www.rferl.org/a/kremlin-says-us-military-presence-poland-undermine-european-stability/29258405.html .

99 Dave Johnson, “ZAPAD 2017 and Euro-Atlantic Security,” NATO Review , Dec. 14, 2017, https://www.nato.int/docu/review/2017/also-in-2017/zapad-2017-and-euro-atlantic-security-military-exercise-strategic-russia/EN/index.htm .

100 Johnson cites Western estimates of 60,000–70,000 troops participating in the Zapad exercise. Keir Giles suggests the media, NATO officials, and some military analysts greatly exaggerated the number of Russian forces involved in Zapad-2017. Keir Giles, “Russia Hit Multiple Targets with Zapad-2017,” Carnegie Endowment for International Peace , Jan. 25, 2018, https://carnegieendowment.org/2018/01/25/russia-hit-multiple-targets-with-zapad-2017-pub-75278 .

101 Johnson, “ZAPAD 2017.” Giles assessed the exercises as defensive, not offensive: “Zapad-2017 practiced countermeasures for two of Russia’s perceived greatest vulnerabilities: protection of its border regions and prevention of hostile actors exploiting fissures in Russian society or in the alliance with Belarus.” See, Giles, “Russia Hit Multiple Targets with Zapad-2017.”

102 Eric Schmitt, “In Eastern Europe, U.S. Military Girds Against Russian Might and Manipulation,” New York Times , June 27, 2018, https://www.nytimes.com/2018/06/27/us/politics/american-allies-russia-baltics-poland-hybrid-warfare.html .

103 David Brennan, “Russia Furious as NATO Launches 31-Nation Military Exercise in Largest Drill Since Cold War,” Newsweek , Oct. 25, 2018, https://www.newsweek.com/russia-furious-nato-launches-31-nation-military-exercise-largest-drill-cold-1186904 .

104 Andrei Piontkovskii, “Khotiat li Russkie iadernoi voiny? [Do the Russians Want Nuclear War?],” Kasparov.ru , Nov. 16, 2018, http://www.kasparov.ru/material.php?id=5BEF2845504AC .

105 Glenn H. Snyder, “The Security Dilemma in Alliance Politics,” World Politics 36, no. 4 (1984): 461–95, https://www.jstor.org/stable/2010183 .

106 See, Ryhor Astapenia and Dzmitry Balkunets, Belarus-Russia Relations After the Ukraine Conflict (Minsk/London: Ostrogorski Centre, 2016), https://belarusdigest.com/papers/belarus-russia-relations.pdf ; Todd Prince, “Belarus’s Lukashenka, Weary of Russia Union, Seeks to Buy U.S. Crude,” Radio Free Europe/Radio Liberty , Aug. 23, 2019, https://www.rferl.org/a/belarus-lukashenka-us-oil-purchase-russia-reliance/30124113.html .

107 “Lavrov: NATO’s Military Build-up Near Russia’s Borders Requires Special Attention,” TASS , June 19, 2018, http://tass.com/politics/1010185 .

108 Andrew Higgins, “Embattled Belarus Strongman Travels to Russia to Seek Help from Putin,” New York Times , Sept. 14, 2020, https://www.nytimes.com/2020/09/14/world/europe/belarus-russia-lukashenko-putin.html .

109 On this, see, Jeanne L. Wilson, “Russia’s Relationship with China: the Role of Domestic and Ideational Factors,” International Politics 56 (2019): 778–94, https://doi.org/10.1057/s41311-018-0167-8 .

110 See, Richard J. Ellings and Robert Sutter, eds., Axis of Authoritarians: Implications of China-Russia Cooperation (Seattle, WA: National Bureau of Asian Research, 2018).

111 See, Alexander Korolev, “Systemic Balancing and Regional Hedging: China-Russia Relations,” Chinese Journal of International Politics 9, no. 4 (2016): 375–97, https://doi.org/10.1093/cjip/pow013 .

112 From 2000 to 2019, Russia supplied more weapons to China (just over $30 billion worth) than any other country except India (just under $35 billion). Stockholm International Peace Research Institute, Importer/Exporter TIV Tables, http://armstrade.sipri.org/armstrade/page/values.php .

113 Charles Dick, Russian Ground Forces Posture Towards the West (London: Chatham House, 2019), https://www.chathamhouse.org/publication/russian-ground-forces-posture-towards-west ; Richard Weitz, “Growing China-Russia Military Relations: Implications and Opportunities for U.S. Policy,” in Axis of Authoritarians , ed. Richard J. Ellings and Robert Sutter (Seattle, WA: National Bureau of Asian Research, 2018).

114 Weitz, “Growing China-Russia Military Relations,” 85–86.

115 Beebe, The Russia Trap , 110–13.

116 Sergei Karaganov and Dmitry Suslov, “A New World Order: A View from Russia,” Russia in Global Affairs , Oct. 4, 2018, https://eng.globalaffairs.ru/pubcol/A-new-world-order-A-view-from-Russia--19782 .

117 Indo-Pacific Strategy Report , U.S. Department of Defense, June 1, 2019, https://media.defense.gov/2019/Jul/01/2002152311/-1/-1/1/DEPARTMENT-OF-DEFENSE-INDO-PACIFIC-STRATEGY-REPORT-2019.PDF , 11–12.

118 See, Marten, “NATO Enlargement: Evaluating its Consequences in Russia.”

119 Russia’s military budget increased from $48 billion in 2008 to $82.6 billion in 2016, and then declined to $66.5 billion in 2017 and $61.4 billion in 2018. Spending in 2019 increased to $65.1 billion (in constant 2018 U.S. dollars). Stockholm International Peace Research Institute Military Expenditure Database, https://www.sipri.org/commentary/topical-backgrounder/2020/russias-military-spending-frequently-asked-questions . Michael Kofman and Richard Connolly argue that Russia’s actual expenditures are much higher — in the range of $150 billion to $180 billion annually from 2014 to 2018 when calculated in purchasing power parity. Michael Kofman and Richard Connolly, “Why Russian Military Expenditure Is much Higher than Commonly Understood (as Is China’s),” War on the Rocks , Dec. 16, 2019, https://warontherocks.com/2019/12/why-russian-military-expenditure-is-much-higher-than-commonly-understood-as-is-chinas/ . Even the higher estimate puts Russian spending at about one-fourth that of the United States.

120 Dmitri Trenin, “Russian Views of US Nuclear Modernization,” Bulletin of the Atomic Scientists 75, no. 1 (2019): 14–18, https://doi.org/10.1080/00963402.2019.1555991 .

121 “Kontseptual’nye vzgliady na deiatel’nost’ vooruzhennykh sil Rossiiskoi Federatsii v informatsionnom prostranstve” [Conceptual Views on the Activities of the Russian Federation Armed Forces in Information Space], Russian Federation Ministry of Defense, 2011, http://www.pircenter.org/media/content/files/9/13480921870.pdf .

122 Emma Ashford, “How Reflexive Hostility to Russia Harms U.S. Interests,” Foreign Affairs , April 20, 2018, https://www.foreignaffairs.com/articles/russian-federation/2018-04-20/how-reflexive-hostility-russia-harms-us-interests ; Sharon Werning Rivera and James D. Bryan, “Understanding the Sources of Anti-Americanism in the Russian Elite,” Post-Soviet Affairs 35, nos. 5–6 (2019): 376–92, https://doi.org/10.1080/1060586X.2019.1662194 .

123 Jervis, “Cooperation Under the Security Dilemma.”

124 See, Charles L. Glaser, “Political Consequences of Military Strategy: Expanding and Refining the Spiral and Deterrence Models,” World Politics 44, no. 4 (1992): 497–538, https://www.jstor.org/stable/2010486 .

125 On the history of Russia’s grand strategy, see, William C. Fuller Jr., Strategy and Power in Russia 1600-1914 (New York: Free Press, 1992); John P. LeDonne, The Grand Strategy of the Russian Empire, 1650-1831 (New York: Oxford University Press, 2004).

126 Adam B. Ulam, Expansion and Coexistence: Soviet Foreign Policy, 1917-1973 , 2nd ed. (New York: Praeger, 1974).

127 See, Thomas Graham, Rajan Menon, and Jack Snyder, “Ukraine Between Russia and the West: Buffer or Flashpoint?” World Policy Journal 34, no. 1 (2017): 107–18, https://doi.org/10.1215/07402775-3903592 .

Charles E. Ziegler

Joseph Stieb

Twenty years after the Iraq War began, scholarship on its causes can be usefully divided into the security school and the hegemony school. Security school scholars argue that the main reason the Bush administration decided to invade Iraq was to safeguard the…

Thinking About Post-War Ukraine

Henrik Larsen

As the war in Ukraine continues, it is not too early to consider the significant financial assistance that will be required to help Ukraine recover, once the war comes to an end. Henrik Larsen lays out a road map for how to ensure that post-war Ukraine can…

Marine Force Design: Changes Overdue Despite Critics’ Claims

Robert Work

The Marine Corps’ Force Design 2030, written under the direction of the 38th commandant of the Marine Corps, Gen. David Berger, has been the target of much criticism since its release in 2020. In this article, former Undersecretary of the Navy and Deputy…

Sign up to the TNSR newsletter:

IMAGES

Overview of the 5 Types of Strategic Risk
Strategic Risk Framework
Overview of the 5 Types of Strategic Risk
Strategic Risk Maturity Matrix
The Risk Management Framework
Risk Management

VIDEO

Top 5 facts/Hindi explain new viral videos
KPMG Risk Journey 2023
WCC Rules & Regulations Webinar
Easy Guide to Risk Management
Types of Risk 1/2
Managing Business Risk

COMMENTS

Strategic Risk Management: Complete Overview (With Examples)
Strategic Risk Management: A Complete Overview (With Examples) Execute strategy like Porsche, AstraZeneca & UNICEF. Try Cascade, the #1 Strategy Execution platform. Get started for free Article by Cascade Team — Published December 22, 2022 What is strategic risk? Strategic risk is the probability of the organization's strategy failing.
Strategic Risk Management 101: The Director's Guide
6 Steps to Building a Strategic Risk Plan: Define your business's objectives and strategy. As above, some of your risks will stem from your strategic decisions; others may impact them. Identifying your strategy and aims is an essential first step. Determine the measures you will use to monitor performance.
What is risk management?
Risk management is the process of identifying, assessing and controlling financial, legal, strategic and security risks to an organization's capital and earnings. These threats, or risks, could stem from a wide variety of sources, including financial uncertainty, legal liabilities, strategic management errors, accidents and natural disasters.
Strategic Risk Management: A Primer for Directors
"Strategic risk management" then can be defined as "the process of identifying, assessing and managing the risk in the organization's business strategy—including taking swift action when risk is actually realized."
What Is Strategic Risk and How To Manage It: A Definitive Guide
Strategy risks, or strategic risks, are events or decisions that can affect different areas of the business. These are often decisions that companies take that can be dangerous, but the potential outcome can outweigh the risk.
What Is Strategic Risk? 6 Types of Strategic Risk
Last updated: Aug 4, 2022 • 5 min read Strategic risk is the risk of potential failures in strategic planning, which may lead to a company not achieving its core objectives. Learn more about strategic risk and how it can impact your business's decision-making. Learn From the Best Arts & Entertainment Music Business Sports & Gaming Writing
Strategic Risk Management
Strategic risk management is the process by which the strategy of an organisation (or a strategic programme) is formally accessed for any risks that might affect them. You can deliver a project or programme on time, to budget and meet all your declared programme objectives; likewise, all your business operations could be functioning as expected.
5 Steps to Effective Strategic Risk Management
Strategic risk management is the process of identifying, quantifying, and mitigating any risk that affects or is inherent in a company's business strategy, strategic objectives, and strategy execution. Types of strategic risks may include: Shifts in consumer demand and preferences Legal and regulatory change Competitive pressure Merger integration
9 Strategic Risk Examples and How to Successfully Tackle Them
Strategic risk is a category of risk; alongside operational, financial, regulatory and other business risks, it forms part of the umbrella of risks your organization faces. When we look at strategic risk examples, they are generally defined as those that threaten a business's ability to set and implement its chosen strategy.
What is risk management and why is it important?
Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings. These risks stem from a variety of sources, including financial uncertainties, legal liabilities, technology issues, strategic management errors, accidents and natural disasters.
Risk Management
Risk management encompasses the identification, analysis, and response to risk factors that form part of the life of a business. Effective risk management means attempting to control, as much as possible, future outcomes by acting proactively rather than reactively.
Managing Risks: A New Framework
A U.S. investigation commission attributed the disaster to management failures that crippled "the ability of individuals involved to identify the risks they faced and to properly evaluate,...
10 Types of Risk Management Strategies to Follow in 2021
A risk management strategy is a structured approach to addressing risks, and can be used in companies of all sizes and across any industry. Risk management is best understood not as a series of steps, but as a cyclical process in which new and ongoing risks are continually identified, assessed, managed, and monitored.
What is a risk management strategy?
What is a risk management strategy? Having a risk management strategy is critical to dealing with the many risks that your organisation could face. Learn what this means and how to do it. Solutions SOLUTIONS Audit and risk
What Is Risk Management in Finance, and Why Is It Important?
Risk Management: In the financial world, risk management is the process of identification, analysis and acceptance or mitigation of uncertainty in investment decisions. Essentially, risk ...
What is MoSCoW Prioritization?
MoSCoW prioritization, also known as the MoSCoW method or MoSCoW analysis, is a popular prioritization technique for managing requirements. The acronym MoSCoW represents four categories of initiatives: must-have, should-have, could-have, and won't-have, or will not have right now. Some companies also use the "W" in MoSCoW to mean "wish.".
A holistic approach to risk management
On strategic opportunities and risk trade-offs, boards should foster explicit discussions and decision making among top management and the businesses. This will enable the efficient deployment of scarce risk resources and the active, coordinated management of risks across the organization.
A Crisis of Diverging Perspectives: U.S.-Russian Relations and the
Aspects of the relationship between Russia and the United States can be conceptualized as a security dilemma. Each side perceives a serious threat from the other and takes countermeasures that further provoke insecurity for the adversary. Bilateral ties have deteriorated as Russia and the United States engage in political and military competition. For Russia, the major threats are America's ...
Olga Zhuk
I am a person you can rely on for honesty and quality. Well-versed in leading strategic roles, I enjoy engineering customised solutions for business needs and piloting new ways of work. | معرفة المزيد حول تجربة عمل Olga Zhuk وتعليمه وزملائه والمزيد من خلال زيارة ملفه الشخصي على LinkedIn
Iana Morozova
4) Designed a strategic session for the top management of an international energy company and helped the team to adopt sustainability and climate strategy with more ambitious goals than market ...

Our forms are currently down.

9 Strategic Risk Examples and How to Successfully Tackle Them