Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino.
What To Know About Black Swans:
- Nassim Nicolas Taleb introduced the business world to the concept of the Black Swan in his 2007 book by that name. He described Black Swans as unpredictable events that are beyond what is expected and have potentially severe consequences.
- Since Black Swans are by definition unforeseeable events it does not make sense to try to predict them. Just know that historically this type of event can be hard to recover from or can produce the greatest opportunities.
- So how do you prepare for the unpredictable?
- Invest in preparedness, not in prediction
- Do not over-optimize
- Ensure agile decision-making processes
- Intentionally gather information on the business environment
- Understand dependencies
- Retain dry powder for investing in unforeseen opportunities
- Ensure resiliency of business processes and IT systems
What to Know About Gray Rhinos:
- Michele Wucker introduced the term Gray Rhino at the World Economic Forum in 2013 then later in a book by the same name to describe events we should all see coming but overlook because we don’t take them seriously enough (see Matt Devost’s OODAcast interview of Michele Wucker). A Gray Rhino is a highly probable, high impact, yet neglected threat.
- Ignoring obvious threats is, unfortunately, part of human nature. Government policy makers and business leaders both need to put processes in place to mitigate this human bias to ignore certain dangers.
- Examples of Gray Rhino’s facing business and government today:
- Climate Change and its second order effects (increased wildfire, hurricane, food shortages)
- Financial Crisis which could include hyperinflation or, regionally, massive unemployment and starvation and migrant crisis
- Disruptive Technology Based Crisis which could include new competitive business threats or other changes to market dynamics. The risk of AI changing markets and crushing some businesses and the opportunity of creation of value is a key example.
- Cyber-attacks provide new ways of theft and geopolitical attack possibilities, and it is a risk that is unevenly understood so for most remains underdressed.
- Pandemic second order effects from current pandemic still coming, future pandemics predicted to be much more likely now, will be more frequent. This includes bacterial pandemics which experts warn are on the rise due to new anti-bacterial resistant strains.
- Space Based Attacks including force of nature (solar flare, asteroids) and nation-state attacks (including anti-satellite attacks).
- Major Geopolitical Events which could include revolution and dissolution of major nations and coalitions. Turmoil could change markets and disrupt supply chains.
- Regional Conflict hot spots include China-Taiwan, India-China LOC, India-Pakistan, Russia-Ukraine. Could cause disruption of global shipping and interruption of key supply lines.
- Taking action on potential future crisis events is made easier by scenario planning. Scenario planning seeks to identify which of the crisis events above are most likely to impact business and then develop outlines of potential/likely pressures and business impacts that come from that scenario. The result will be a list of concerns that can be considered when planning for business investments and other mitigation meetings.
Recommended Actions:
- Whether preparing for Black Swans or Gray Rhinos, improving business process resiliency lays a foundation for agility under crisis. So does improving security and resiliency of enterprise technology. Focus security and backups on data servers that hold assets that ransomware attackers want (consumer data, transaction information, business process data).
- Establish a dedicated threat intel and geopolitical information team using internal resources (not outsourced). We provide more information on how to do this in our special series on establishing an intelligent enterprise.
- Scenario planning is recommended. Start with key questions, then focus on creation of multiple planning scenarios
- Stay up to speed on the nature of the geopolitical threat situation, the cyber threat and global technology developments and encourage your staff to do the same. All can sign up for the free OODA Daily Pulse which can help keep your extended team informed on key issues.
About the Author
Bob Gourley
Bob Gourley is an experienced Chief Technology Officer (CTO), Board Qualified Technical Executive (QTE), author and entrepreneur with extensive past performance in enterprise IT, corporate cybersecurity and data analytics. CTO of OODA LLC, a unique team of international experts which provide board advisory and cybersecurity consulting services. OODA publishes OODALoop.com. Bob has been an advisor to dozens of successful high tech startups and has conducted enterprise cybersecurity assessments for businesses in multiple sectors of the economy. He was a career Naval Intelligence Officer and is the former CTO of the Defense Intelligence Agency.
Subscribe to OODA Daily Pulse
The OODA Daily Pulse Report provides a detailed summary of the top cybersecurity, technology, and global risk stories of the day.