Stakeholding adversaries

I'm intrigued by the notion of 'adversaries' being classed and treated as 'stakeholders' for risk management purposes.

Adversaries' interests, concerns, requirements and expectations are (on the whole) diametrically opposed to the organisation's and its more conventional stakeholders. However, as with all stakeholders (e.g. owners, workers, partners, suppliers, customers, authorities, communities, society ...), they are willing to invest in achieving the outcomes they desire - including tools and techniques such as malware, deception, stealth, coercion, training camps and AI.

Adversaries comprise a diverse and unbounded category of people and organisations, dynamic and responsive, sometimes collaborating, sometimes competing. Most are outsiders but adversarial insiders can be significant threats due to their knowledge, access and opportunity - insiders colluding with outsiders, even more so.

Consider, for instance, the possibility that some shareholders might have acquired their shares specifically in order to influence, harm or disrupt the business, anticipating returns on their investments other than the usual financial profits. Think competitors, maybe, or activist groups opposed to whatever the organisation does.

Some adversaries are highly knowledgeable, competent, determined, motivated even driven and fearless. If rules, ethics and laws are barely considered or simply ignored, if penalties and sanctions up to and including death lose their bite, deterrent controls are neutralised, leaving preventive, detective and corrective controls or other forms of risk treatment - avoid, share or accept, take your pick!

I wonder, do your risk workshops, business continuity exercises, security architectures, system security engineering, incident response plans and so forth consider and treat adversaries as if they were stakeholders? Do you systematically and deliberately get to 'know your enemy'? How do you notionally put yourself in their shoes, seeing things from their warped perspectives, challenging the usual presumptions about everyone being largely compliant, predictable, benign or only mildly malicious?