Preparing for the Unpredictable

There may be some elephants in the board room from time to time, but what about Black Swans or Gray Rhinos? Many of us might be ignoring the warnings of risks to our business from “corporate Cassandras” — named for the priestess in Greek mythology who was cursed to pronounce true prophecies, but never to be believed. By understanding how risks manifest themselves, organizations can improve their business continuity planning and, ultimately, their resiliency.

In his 2007 book, Nichola Nassim Taleb coined the term Black Swan, an unpredictable and rare event that creates a long-lasting impact. The internet itself and the 9/11 terrorist attacks are considered Black Swans. But calling an event a Black Swan can be a scapegoat or an excuse for failing to plan: “Oh we never imagined that would happen…no one saw that coming!”

Black Swan Sightings

If we can’t predict Black Swans, shouldn’t it be impossible to prepare for them? Quite the opposite. In fact, there are techniques organizations can use to identify and prepare for Black Swans. In IBM’s 109-year history, our crisis management structure and emergency planning process have helped the company meet our customers’ needs during major power outages, floods, tsunamis and terrorist attacks. Comprehensive Business Continuity Planning is essential for preparing for the unlikely, but disruptive, Black Swan. Organizations can:

  • Conduct “what if” analyses to consider impacts to business-critical areas of the organization. Those that have the highest potential impact should have contingency plans designed to mitigate their impact.
  • Stress-test systems and processes. Disrupter Analysis or Chaos Monkey testing is one way to identify the unpredictable.
  • Plan your communications ahead of time. You may not be able to control the situation, but you can control what and how you communicate about it. Identifying key stakeholders, distribution lists and draft communications ahead of time will help to keep focus on the event rather than your lack of preparedness.

Recently, experts have suggested that the U.S. electric power grid might be vulnerable to three potential Black Swans: solar flares, Electro Magnetic Pulses (EMPs) and cyber threats. But cyber threats against the power grid, or our organizations, can no longer be considered Black Swans. Rather, they are examples of Gray Rhinos, a term first introduced in 2013 by policy analyst Michele Wucker.

Gray Rhinos are Everywhere

Gray Rhinos are highly probable events with significant consequences that are headed right for us. They differ from the “elephant in the room” precisely because Rhinos are talked about. Gray Rhinos are often heralded by corporate Cassandras, the technologically savvy worry warts of the organization who are pointing out the charging Gray Rhinos. Acknowledging them can force us to get comfortable with uncertainty and take action. Otherwise, we risk being trampled.

Putting off going to the doctor for testing when you sense there might be something wrong is a personal Gray Rhino. Climate change, extreme weather and national disasters are examples of societal Gray Rhinos that can impact an organization’s business continuity posture. The known vulnerabilities associated with the Internet of Things is another example. How do we make sure our Gray Rhinos are not turning into elephants in the room?

Become a Rhino Spotter

Learn to recognize the Rhinos present in your environment today. Ask your team and yourself: “What is the big issue facing our organization today that will trample us unless we do something?” Then start by breaking long-term strategy into short-term actions:

  • Take 15 minutes each day to imagine what it would take to stay resilient.
  • Do the hard work in turning ideas into action and devise a solution.

If you do not feel you have the power to make change, become the Cassandra and share the Gray Rhino opportunity with someone who does have the power.

Think about the Future

Don’t waste a perfectly good crisis. Let this current pandemic be an opportunity to hop on that Gray Rhino’s back, listen to the Cassandras among us and use the crisis to better prepare for next time.

More from Risk Management

ICS CERT predictions for 2024: What you need to know

4 min read - As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights…

How I got started: Ransomware negotiator

4 min read - Specialized roles in cybersecurity are proliferating, which isn’t surprising given the evolving threat landscape and the devastating impact of ransomware on many businesses.Among these roles, ransomware negotiators are becoming more and more crucial. These negotiators operate on the front lines of cyber defense, engaging directly with cyber criminals to mitigate the impact of ransomware attacks on organizations.Ransomware negotiators possess a unique blend of technical expertise, psychological insight and negotiation skills that allow them to navigate the high-stakes environment of ransomware…

The UK energy sector faces an expanding OT threat landscape

3 min read - Critical infrastructure is under attack in almost every country, but especially in the United Kingdom. The UK was the most attacked country in Europe, which is already the region most impacted by cyber incidents. The energy industry is taking the brunt of those cyberattacks, according to IBM’s X-Force Threat Intelligence Index 2024.The energy sector is a favorite target for threat actors. The complexity of systems and the reliance on legacy OT systems make them easy prey. Because of the critical…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today