Preparing for the Unpredictable

There may be some elephants in the board room from time to time, but what about Black Swans or Gray Rhinos? Many of us might be ignoring the warnings of risks to our business from “corporate Cassandras” — named for the priestess in Greek mythology who was cursed to pronounce true prophecies, but never to be believed. By understanding how risks manifest themselves, organizations can improve their business continuity planning and, ultimately, their resiliency.

In his 2007 book, Nichola Nassim Taleb coined the term Black Swan, an unpredictable and rare event that creates a long-lasting impact. The internet itself and the 9/11 terrorist attacks are considered Black Swans. But calling an event a Black Swan can be a scapegoat or an excuse for failing to plan: “Oh we never imagined that would happen…no one saw that coming!”

Black Swan Sightings

If we can’t predict Black Swans, shouldn’t it be impossible to prepare for them? Quite the opposite. In fact, there are techniques organizations can use to identify and prepare for Black Swans. In IBM’s 109-year history, our crisis management structure and emergency planning process have helped the company meet our customers’ needs during major power outages, floods, tsunamis and terrorist attacks. Comprehensive Business Continuity Planning is essential for preparing for the unlikely, but disruptive, Black Swan. Organizations can:

  • Conduct “what if” analyses to consider impacts to business-critical areas of the organization. Those that have the highest potential impact should have contingency plans designed to mitigate their impact.
  • Stress-test systems and processes. Disrupter Analysis or Chaos Monkey testing is one way to identify the unpredictable.
  • Plan your communications ahead of time. You may not be able to control the situation, but you can control what and how you communicate about it. Identifying key stakeholders, distribution lists and draft communications ahead of time will help to keep focus on the event rather than your lack of preparedness.

Recently, experts have suggested that the U.S. electric power grid might be vulnerable to three potential Black Swans: solar flares, Electro Magnetic Pulses (EMPs) and cyber threats. But cyber threats against the power grid, or our organizations, can no longer be considered Black Swans. Rather, they are examples of Gray Rhinos, a term first introduced in 2013 by policy analyst Michele Wucker.

Gray Rhinos are Everywhere

Gray Rhinos are highly probable events with significant consequences that are headed right for us. They differ from the “elephant in the room” precisely because Rhinos are talked about. Gray Rhinos are often heralded by corporate Cassandras, the technologically savvy worry warts of the organization who are pointing out the charging Gray Rhinos. Acknowledging them can force us to get comfortable with uncertainty and take action. Otherwise, we risk being trampled.

Putting off going to the doctor for testing when you sense there might be something wrong is a personal Gray Rhino. Climate change, extreme weather and national disasters are examples of societal Gray Rhinos that can impact an organization’s business continuity posture. The known vulnerabilities associated with the Internet of Things is another example. How do we make sure our Gray Rhinos are not turning into elephants in the room?

Become a Rhino Spotter

Learn to recognize the Rhinos present in your environment today. Ask your team and yourself: “What is the big issue facing our organization today that will trample us unless we do something?” Then start by breaking long-term strategy into short-term actions:

  • Take 15 minutes each day to imagine what it would take to stay resilient.
  • Do the hard work in turning ideas into action and devise a solution.

If you do not feel you have the power to make change, become the Cassandra and share the Gray Rhino opportunity with someone who does have the power.

Think about the Future

Don’t waste a perfectly good crisis. Let this current pandemic be an opportunity to hop on that Gray Rhino’s back, listen to the Cassandras among us and use the crisis to better prepare for next time.

More from Risk Management

2024 trends: Were they accurate?

4 min read - The new year always kicks off with a flood of prediction articles; then, 12 months later, our newsfeed is filled with wrap-up articles. But we are often left to wonder if experts got it right in January about how the year would unfold. As we close out 2024, let’s take a moment to go back and see if the crystal balls were working about how the year would play out in cybersecurity.Here are five trends that were often predicted for…

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today