This week guest author Claire Powles discusses whether COVID-19 is a Black Swan within business continuity.
Many commentators labelled the COVID-19 pandemic as a ‘Black Swan’ event, but this is a misunderstanding about what a Black Swan actually is. This is not just a pedantic point. Understanding the difference moves COVID-19 from the list of events that governments and organisations could not be expected to prepare for to the list of events they should have prepared to handle. Claire Powles explains…
What are Black Swans?
The theory of Black Swan events was developed to categorise non-predictable, high-impact events. Nassim Nicholas Taleb first suggested the term in 2001 in his book, ‘Fooled by Randomness’. In 2007, he expanded on the concept in his better-known book, ‘The Black Swan’.
According to Taleb, a Black Swan event has three attributes:
“First, it is an outlier, as it lies outside the realm of regular expectations, because nothing in the past can convincingly point to its possibility. Second, it carries an extreme ‘impact’. Third, in spite of its outlier status, human nature makes us concoct explanations for its occurrence after the fact, making it explainable and predictable.”
Why COVID-19 is not a Black Swan
There are many articles from the past few months that assert that COVID-19 is a Black Swan, but taking even a cursory look at Taleb’s definition shows that COVID-19 is not a Black Swan. Why? Taleb says that for an event to be classified as a Black Swan “nothing in the past can convincingly point to its possibility.”
If we break this down further, we have experienced pandemics frequently, with the latest only a decade ago, in 2009. So, a pandemic was absolutely predictable.
Recent pandemics, for example, resulted from influenza viruses. Does this mean the current coronavirus pandemic was unpredictable and therefore a Black Swan? Again, this is not the case. Scientists have recorded evidence of past possible coronavirus pandemics. The SARS coronavirus outbreak that started in 2002 had the world nervously hoping it would be controlled before reaching pandemic status. A future coronavirus pandemic was completely predictable, and even if it was not named as such, national risk registers, such as the UK Government’s, contained separate entries for ‘Pandemic Influenza’ and ‘Emerging Novel Diseases’. Essentially, the potential for a pandemic developing from a non-influenza source was clearly identified.
Indeed, Taleb himself confirmed in a March 2020 article, ‘Corporate Socialism: The Government is Bailing Out Investors & Managers Not You,’ that COVID-19 is not a Black Swan.
“Had they read that book [The Black Swan], they would have known that such a global pandemic is explicitly presented there as a White Swan: something that would eventually take place with great certainty,” the article states.
High-consequence, low-probability events
Why is it challenging to prepare for high-consequence, low-probability events? Part of the answer is related to an innate human tendency to focus on immediate threats rather than risks that seem far in the future. Imminent low-level threats seem more important to us than high-level events, which we find hard to imagine. Our human tendency is to assume such things are unlikely to happen to us. If we determine that a severe pandemic is a once-in-a-century event based on current experience, this would be logged in a risk register as a high-consequence, low-probability event. Something with extreme impact, but unlikely to happen in any given year. Because of this human tendency, organisations often focus on probability rather than consequence, mistakenly seeing the once-in-a-century likelihood as meaning this event will occur many years into the future and can therefore essentially be disregarded.
David Ropeik, a well-known consultant and public speaker on risk perception, risk communication, and risk management, describes this phenomenon in the article, ‘The Psychology Of Risk Perception. Are We Doomed Because We Get Risk Wrong?’, stating “We’re counting on a risk perception system to save us that’s better designed to protect us from snakes and the dark than global abstractions laced with technological complexity and unknowns.”
This results in what Ropeik calls ‘optimism bias’ – human instinct is to be “overly optimistic about what lies down the road, when the details are hazy.”
This instinct also results in organisations, and even governments, failing to take high-consequence, low-probability events as seriously as they should, with the resulting failure to plan effectively for them.
Looking forward
What other high-consequence, low-likelihood events should we prepare for?
Are there other high-consequence, low-likelihood events that society is currently effectively ignoring?
Unfortunately, there is a long list.
Consider the following, all of which are predictable and some of which are inevitable (the only question being of ‘when’, not ‘if’. How many of these has your organisation considered and how many do you have plans for?
- An H5N1 pandemic
- A highly successful cyber attack on critical infrastructure, such as utilities or one of the major cloud-computing providers
- A Chemical, biological, radiological and nuclear (CBRN) attack on a highly populated central business district
- A severe space weather incident
- A nuclear winter type incident caused by a super volcano eruption.
There is another category of high-consequence event: those that are not low-likelihood events that we can see are already underway, but that are slow developers — more a ‘boiling frog’ event than a Black Swan, such as climate change or antibiotic resistance.
The COVID-19 pandemic is causing business continuity professionals to question the industry mantra that scenarios should not be planned for, rather only impacts should be considered. However, this approach may have been ineffective for the current pandemic.
Business continuity professionals are starting to accept the importance of playbooks – specific plans for specific scenarios where taking an impact-only approach does not provide enough specificity for effective business continuity.
However, scenario planning should always be approached with caution and balance. Though helpful for situations like COVID-19, it’s preferable to consider scenario planning as support to impact-based planning.
We don’t want to go back to the unusable 100+ page plans of old, right? Together, both approaches can provide more comprehensive resilience, while avoiding those behemoth plans.
For now, consider if your organisation would have benefited from a pandemic playbook? And, likewise, would it benefit from a playbook for the other high-consequence threats we’ve discussed here?
This article was originally posted on Continuity Central.
Author: Claire Powles, MBCI, Global Head of Software Services, for Assurance, Avalution and Clearview.
Claire has worked as a specialist within the business continuity industry for the last 10 years across various sectors in large international organisations and is experienced in all aspects of business continuity management including ISO 22301 certification.
