Black Swans: How to Prepare for Low-Probability, High-Impact Events

By Lowers & Associates,

Black Swans: How to Prepare for Low-Probability, High-Impact Events

Risk management is a top priority for businesses that seek to avoid or minimize potential losses. Often, their efforts are focused on the threats that are most likely to transpire and could result in the most significant damages, those “high-probability, high-impact” events such as product liability lawsuits or employee theft. These organizations direct an inordinate amount of their attention to the upper right quadrant of the Risk Impact/Probability Chart because they believe, understandably, that these will be resources well spent.

But what about the oft-overlooked lower right quadrant of risk management, those “low-probability, high-impact” events? Consider human-caused or natural disasters like tsunamis, active shooters, stock market crashes, or major oil spills. These events, dubbed Black Swan events by author Nassim Nicholas Taleb, while infrequent in occurrence, have massive economic consequences that extend well beyond the initial point of impact.

In this blog, we present three strategies to help businesses mitigate their risks and gain control over the scope of loss should a ‘Black Swan’ incident happen.

1. Conduct Scenario-based Planning

Scenario-based planning is different than its more common counterpart, strategic planning. “Scenario planning attempts to capture the richness and range of possibilities, stimulating decision-makers to: consider changes they would otherwise ignore,” noted economist Paul J.H. Shoemaker in his paper, Scenario Planning: A Tool for Strategic Thinking.

Shoemaker uses the following to illustrate his point:

When Brigadier General Billy Mitchell proposed early in the 20th century that airplanes might sink battleships by dropping bombs on them, U.S. Secretary of War Newton Baker remarked, “That idea is so damned nonsensical and impossible that I’m willing to stand on the bridge of a battleship while that nitwit tries to hit it from the air.”

In scenario planning, managers don’t just brainstorm scenarios based on their current experiences, which can lead to overconfidence and tunnel vision, but rather “construct a series of scenarios that can expand their imaginations to see a wider range of possible futures.” They need to find a balance in planning for specific known events and those that are rare or unexpected and then identify commonalities that are relevant to both kinds of disruptions. This provides a better long-term perspective and forces companies to be proactive, rather than reactive, in mitigating potential threats.

Examples of Black Swan Events

2. Carry Out a Threat Assessment

Once an organization has identified a set of likely commonalities from high-impact events, it must conduct threat assessments against them. If we have a retail presence and a tornado suddenly wipes out the entire area around our business, do we know how we’ll proceed? How can customers buy from us when our store no longer exists? Do our employees know our emergency preparedness protocols? If any of our suppliers were also impacted by the tornado, do we have other backup options? Do we have a disaster recovery plan? What about business interruption insurance? How will we notify the public, our lenders and suppliers, and other stakeholders about the status of our situation?

The assessment should cover, at a minimum, the following areas:

  • Human Safety
  • Immediate Physical Damage
  • Long-term Disruptions (Supply Chain, Lenders)
  • Communication (Law Enforcement, Victims, Employees, Bystanders)
  • Reputation Management
  • Overall Business Continuity Plan

3. Prepare a Comprehensive Situation Response

Much, but not all of the needed responses to a high-impact event will have been identified during the threat assessment. It’s essential that management teams don’t simply stop at the threat identification phase, however, but that they take the next step of creating and disseminating those plans, keep them up-to-date, and review or practice them regularly.

Strategies around each of the threat areas above should be developed. For example, employee lists and associated contact information need to be current and accessible. Evacuation drills need to be practiced. Redundant, offsite data storage needs to be in place. Buildings need to be brought up to code and made secure.

Because ‘Black Swan’ events are characterized by high uncertainty, it may be challenging for businesses to quantify their likely economic impact. For this reason, the authors of the book, Dynamic Risk Analysis in the Chemical and Petroleum Industry, recommend that “the notions of cost and benefit need to be broadened.” They advise using “a disproportion (adjustment) factor…in favor of safety” when quantitative data is unavailable.

Planning for the Unknown

Writer Alan Gleeson sums up the low-probability, high-impact planning dilemma well in his article, Why Planning Becomes More Important with Uncertainty. “Since time immemorial, people have sought to predict the future. Until the emergence of the relatively modern concept of ‘risk’ and the development of probability theory in the 17th century, predictions about the future had traditionally been the preserve of soothsayers such as Nostradamus. … All these years later, and despite our progress, we still lack the ability to predict the future. Nevertheless, by considering various risks and probabilities, we can aim to understand some likely future scenarios to a greater degree.”

If your organization seeks strategies for mitigating risk and planning for ‘Black Swan’ events, please contact Lowers & Associates.

Early Identification: Key to Effective Risk Management

By Lowers & Associates,

Risk practitioners tend to categorize risks based on the level of knowledge about the occurrence (known or unknown) and the level of knowledge about the impact (known or unknown).[1]  Known risks can be prioritized by level of impact and likelihood of occurrence and a plan forms accordingly. … Continue reading

  Category: Risk Management
  Comments: Comments Off on Early Identification: Key to Effective Risk Management

[Infographic] The Impact of Workplace Violence

By Lowers & Associates,

workplace violence infographic

Violence in the workplace undeniably affects the individuals who are directly attacked. But the impact also extends far beyond these direct victims to co-workers, clients, executives, shareholders and even out to the community. There are direct losses related to medical bills, workers’ comp and legal fees, as well as indirect losses reflected in diminished productivity, low morale and negative publicity – all of which can damage a company’s reputation long-term. The impact is extensive and can carry a tremendous cost.

“It is not just the victims, who are injured… the workplace also pays a price with disengaged performance and increased health risks… It is imperative, to the business bottom-line, that employees are protected…” — The Roadmap to Mental Health and Excellence at Work, 2005

Prevention is key.

Learn about what constitutes workplace violence, who is at the greatest risk, and what can be done to proactively predict, prevent, and quickly recover from incidents in our latest infographic.

… Continue reading

Why Hope is Not a Risk Management Strategy

By Lowers & Associates,

Low-probability, high-impact events are something that most individuals and organizations would rather ignore. After all, chances are it won’t happen to you. Serious workplace violence events, active shooter incidents, and other unsavory threats are on the rise but it’s easier to assume it will happen to someone else. We don’t want to think about our own mortality or that of our organizations. Instead, we hope it won’t happen to us, to our employees, to our customers, or to our communities.

But then there are these facts:

  • 18% of all crimes committed occur in the workplace
  • Jury awards in workplace violence cases typically run in the millions of dollars
  • 70% of active shooter incidents occur in business or educational environments
  • Workplace violence is the number one cause of workplace fatalities for women

… Continue reading

Threat Assessment: Knowing Your Risks

By Lowers & Associates,

threat assessment

The ultimate goal of any security program is to manage and mitigate risks. What do we mean by risk? In its broadest sense, risk can be defined as the likelihood of loss of anything having value, including people, facilities, information, equipment, and reputation. In a sense specific to security and loss prevention, risk is the probability that a particular threat will exploit a given vulnerability, leading to an unwanted result.

Knowing your risks is the obvious first step. But what is the best approach? And where do you go from there? Here are some key considerations:

Identifying Threats

First and foremost, identifying the threats to your business is instrumental. It is likely that your institution already has experience with a number of risk factors, but it is important to understand the rate in which new threats arise. It is crucial, therefore, to monitor emergent threats targeting your industry. This can often be accomplished by reading trade publications, engaging in discussions at industry conferences and loss prevention forums, and by obtaining case studies. Also, a number of sources provide crime metrics, some of which are industry specific, and can be very beneficial in identifying threats. … Continue reading