In this thought‑provoking article, Charles Anderson of Pilgrims Risk Management Group examines how shifting global dynamics are reshaping the foundations of urban security. He explores how today’s volatile alliances, fragile supply chains, and rapid technological change are transforming what it means to manage risk in the modern city.
A challenging and evolving market
For most of the past three decades, security planning in cities could treat geopolitics as context rather than cause; it set the background tone but rarely wrote the score. That assumption no longer holds. The strategic environment is shifting in ways that are not just visible to specialists but tangible to operators on the ground. Global alliances are less predictable, supply chains are more fragile, grey zone competition is now a permanent feature of statecraft, and technology has collapsed the distance between global intent and local impact.
In this “always on” world, risk takes less time to travel and more effort to contain. You can see it in markets that swing on diplomatic signals. You can see it in the way disinformation can amplify an otherwise routine incident into a reputational crisis by the end of a single news cycle. And you can see it in the vulnerability of digital infrastructure, where the boundary between public service and private platform is increasingly porous, and failure in one domain cascades into the other.
Cities sit at the centre of these dynamics because they concentrate what geopolitics seeks to influence: people, capital, infrastructure, and visibility. A city is not simply a geography, it is a system of systems. Transport, energy, water, healthcare, finance, data – each node within those systems now has geopolitical relevance. An adversary does not just need to breach a perimeter to change conditions anymore; they can exert pressure through supply chains, regulatory levers, cyber intrusions, or information operations, all of which are more accessible, deniable, and scalable. The consequential attacks in this environment are often incremental rather than spectacular, a series of probing incidents that together degrade confidence, create friction, and absorb capacity.
Much has been written about the “blurring line” between war and peace, but the most practical consequence for the security industry is more mundane: ambiguity has become operationally expensive. When activity is deliberately designed to remain below thresholds that trigger formal escalation or emergency powers, responsibility drifts downward to those who manage everyday services. The security operator must decide whether a software anomaly is an engineering fault or a hostile reconnaissance step. The local authority must weigh the risks of a contentious protest that is simultaneously a civic right and a potential information operation. The security director of a data centre must treat a sudden change in power quality not only as a maintenance issue but as a possible attempt to test resilience. In each case, geopolitics is not the subject line, it is the subtext that changes the risk calculus.
If this sounds complex, it is. Yet it is also an invitation to reframe what “good security” looks like. In a volatile strategic landscape, the most valuable security asset is not a single technology or a single plan, but a posture or culture. Anticipatory, collaborative, and grounded in a candid understanding of dependencies. The posture begins with intelligence. Properly defined, this is not merely reporting or threat feeds, but the systematic conversion of information into decisions. It is horizon scanning that is actually tied to operational playbooks. It is geopolitical monitoring that translates into procurement choices, staffing plans, and vendor risk assessments. It is “red teaming” that tests narratives as well as networks, recognising that reputational disruption can be as damaging to a client’s functioning as a technical failure.
The second component of posture is integration. Security has always required partnership between public authorities and private operators, but the collaboration needed now is qualitatively different. It must move from just incident coordination to shared situational awareness, from information sharing as an aspiration to information sharing as an operational dependency. When a cyber intrusion targets a municipal system, the most valuable insights may sit with private sector telemetry. When a supply chain shock threatens public services, private logistics firms can often see the disruption forming days before it becomes visible in the retail environment. The hard part is not recognising the need for collaboration, but engineering it into daily workflows, agreeing thresholds for disclosure, aligning classifications to enable timely use, and building legal and governance frameworks that make partnership the default rather than the exception.
Technology, inevitably, sits at the heart of both opportunity and vulnerability. Artificial intelligence, automation, and advanced analytics can dramatically improve detection and response, but they can also create failure modes that are unfamiliar and harder to diagnose. The lesson for security leaders is twofold. First, insist on resilience as a design priority. Redundancy, contingencies, and manual fallbacks are not extras, they are core requirements for systems that must operate under stress. Second, treat governance as part of security. The way data is used, the transparency of algorithms, and the oversight of automated decision making all contribute to client, employee, or public acceptance and, therefore, to the freedom you have to deploy capability at scale.
What’s the start point, and what should we prioritise. The answer is unglamorous but reliable. Start with the map of dependencies, not the catalogue of threats. The same threat, for example, a hostile cyber campaign, will land differently depending on whether clients depend on a single facilities management vendor, whether the backup power is genuinely segregated, whether your cloud contracts include guaranteed forensic support during incidents, and whether your incident communications can bypass compromised systems. Dependencies reveal where to put the first attention, and the first exercise. They also reveal unlikely allies: the utilities operator who can provide surge power during a protest weekend, the fintech firm whose anomaly detection could flag fraud patterns that precede crime spikes, the university lab that can help validate open source narratives before they metastasise online.
It is also worth acknowledging that not all pressure is adversarial. Infrastructure, environment and non-threat related-shocks will test the same emergency response capacity that a security crisis would, and sometimes at the same time. The practical implication is to avoid designing single purpose resilience. Plans that only work for one scenario rarely survive first contact with the next. Instead, build modularity into response, communications channels that can scale, mutual aid agreements that can flex, training that emphasises decision making under uncertainty rather than rote compliance with a checklist. Leaders who practise ambiguity in exercises are less likely to freeze when it arrives in reality.
None of this absolves national institutions of their responsibilities. But waiting for national policy to settle before adjusting best practice is an unaffordable luxury.
The pace of change requires local initiative. If you run a control room, stability starts with your data hygiene and access controls. If you oversee multiple sites, resilience starts with knowing which suppliers sit within your supply chain and how quickly you can replace them. If you are a chief security officer in the private sector, influence starts with ensuring the board understands that security is not a cost centre chasing yesterday’s risks but a strategic function enabling continuity, reputation, and growth.
There is a final, more human point. The professionals who deliver security – operators, analysts, engineers, responders, guards – are being asked to hold more complexity than at any time in recent memory. They are being asked to detect faint signals without seeing ghosts, to move quickly without trampling rights, to be candid about uncertainty while still projecting control. Supporting them is part of the strategic task. That means investing in training that builds judgement as well as technical skill, creating rotation models that reduce fatigue, and giving teams the psychological safety to raise concerns about capability, governance, or ethics before those concerns turn into incidents.
What, then, does effective delivery look like in a world where geopolitics has become a daily operational variable? It looks like translating upstream dynamics into downstream readiness. It looks like security teams that can speak the language of procurement, technology, legal risk, and public communications, because that is where geopolitics shows up long before it appears on a threat board. It looks like exercises that combine cyber scenarios with misinformation surges and supply chain disruptions, because that is how crises arrive. It looks like leaders who treat partnerships as infrastructure, not as public relations accessories.
Ultimately, delivering security in this era is less about being omniscient and more about being adaptive. We cannot predict every shock. We can, however, shape how shocks propagate by tightening the links that matter and loosening those that concentrate risk. We can build public trust that buys time and space when decisions are hard. And we can cultivate a culture that treats geopolitics not as an abstraction for policy journals but as a practical variable in rostering, contracting, architecture, and response.
Geopolitics may be the topic, but the endpoint is very local. It is a hospital that stays open because energy contracts were diversified a year ago. It is the financial district that keeps trading because a transport failure stayed contained to one corridor. It is the protest that remained lawful and peaceful because engagement began early and the narrative space was managed as carefully as the physical space. This is what success looks like when strategy and operations finally meet, the city continues to function, the public remains confident, and the security profession retains the one commodity that matters most in a world of persistent change – credibility.
Charles Anderson
Global Lead: Operational Risk,
Intelligence, & Sustainability
Pilgrims Risk Management Group
