Spotting the Gray Rhinos Charging Toward Your Business Continuity Posture

May 21, 2020
|
co-authored by Linda Bell
|
3 min read

Preparing for the Unpredictable

There may be some elephants in the board room from time to time, but what about Black Swans or Gray Rhinos? Many of us might be ignoring the warnings of risks to our business from “corporate Cassandras” — named for the priestess in Greek mythology who was cursed to pronounce true prophecies, but never to be believed. By understanding how risks manifest themselves, organizations can improve their business continuity planning and, ultimately, their resiliency.

In his 2007 book, Nichola Nassim Taleb coined the term Black Swan, an unpredictable and rare event that creates a long-lasting impact. The internet itself and the 9/11 terrorist attacks are considered Black Swans. But calling an event a Black Swan can be a scapegoat or an excuse for failing to plan: “Oh we never imagined that would happen…no one saw that coming!”

Black Swan Sightings

If we can’t predict Black Swans, shouldn’t it be impossible to prepare for them? Quite the opposite. In fact, there are techniques organizations can use to identify and prepare for Black Swans. In IBM’s 109-year history, our crisis management structure and emergency planning process have helped the company meet our customers’ needs during major power outages, floods, tsunamis and terrorist attacks. Comprehensive Business Continuity Planning is essential for preparing for the unlikely, but disruptive, Black Swan. Organizations can:

  • Conduct “what if” analyses to consider impacts to business-critical areas of the organization. Those that have the highest potential impact should have contingency plans designed to mitigate their impact.
  • Stress-test systems and processes. Disrupter Analysis or Chaos Monkey testing is one way to identify the unpredictable.
  • Plan your communications ahead of time. You may not be able to control the situation, but you can control what and how you communicate about it. Identifying key stakeholders, distribution lists and draft communications ahead of time will help to keep focus on the event rather than your lack of preparedness.

Recently, experts have suggested that the U.S. electric power grid might be vulnerable to three potential Black Swans: solar flares, Electro Magnetic Pulses (EMPs) and cyber threats. But cyber threats against the power grid, or our organizations, can no longer be considered Black Swans. Rather, they are examples of Gray Rhinos, a term first introduced in 2013 by policy analyst Michele Wucker.

Gray Rhinos are Everywhere

Gray Rhinos are highly probable events with significant consequences that are headed right for us. They differ from the “elephant in the room” precisely because Rhinos are talked about. Gray Rhinos are often heralded by corporate Cassandras, the technologically savvy worry warts of the organization who are pointing out the charging Gray Rhinos. Acknowledging them can force us to get comfortable with uncertainty and take action. Otherwise, we risk being trampled.

Putting off going to the doctor for testing when you sense there might be something wrong is a personal Gray Rhino. Climate change, extreme weather and national disasters are examples of societal Gray Rhinos that can impact an organization’s business continuity posture. The known vulnerabilities associated with the Internet of Things is another example. How do we make sure our Gray Rhinos are not turning into elephants in the room?

Become a Rhino Spotter

Learn to recognize the Rhinos present in your environment today. Ask your team and yourself: “What is the big issue facing our organization today that will trample us unless we do something?” Then start by breaking long-term strategy into short-term actions:

  • Take 15 minutes each day to imagine what it would take to stay resilient.
  • Do the hard work in turning ideas into action and devise a solution.

If you do not feel you have the power to make change, become the Cassandra and share the Gray Rhino opportunity with someone who does have the power.

Think about the Future

Don’t waste a perfectly good crisis. Let this current pandemic be an opportunity to hop on that Gray Rhino’s back, listen to the Cassandras among us and use the crisis to better prepare for next time.

Beth Dunphy
Deputy Chief Information Security Officer (CISO), IBM Security

With 24 years in the Information Security field, Beth Dunphy is the Deputy Chief Information Security Officer (CISO) for the IBM Security business unit. She ...
read more