In 2008, Nassim Nicholas Talib published a book called “The Black Swan”. A Black Swan is defined as being an event which has three characteristics; it is highly improbable, has massive impact and, in a strange way, appears almost inevitable after the event! Due no doubt to the timing of the book’s publication relative to world events, the term Black Swan has crept into business language. So how do we protect our businesses from Black Swans?

Black Swan Events

Talib coined the term “Black Swan” from the story of the discovery that black swans existed. Before the discovery of the New World, the Old World assumed that all swans must be white. In other words, if a black swan had never been seen, then it was assumed that the possibility of a non-white swan was so improbable as to be non-existent.

Examples of recent Black Swan events are 9/11, the success of Google and the current global financial crisis. Many people would say that any or all of these examples could have been predicted, but even if some people did foresee these events then no significant mitigating actions were taken or their impact would not have been so great.

For most growing businesses, a Black Swan event would be a risk, that has not been explicitly considered and that would lead to a major setback for the business and even complete business failure.

So why doesn’t risk management cope with Black Swans?

Traditional risk management relies on identifying risks based on the experience of the teams involved in the enterprise. If the risk is outside the experience of the group it is unlikely to be considered. Even if it is considered it is likely to be prioritised very low by being allocated such an extremely low probability rating.

Risk management is not really designed to identify Black Swan events. Risk management concentrates of managing the risks to the enterprise that would have a significant impact and have a reasonable probability of occurring. This is simply a way of prioritising all potentially “bad events” so that time and resource can be allocated. It is appropriate for ongoing business operations to focus on risks in this way, but this means that by applying traditional risk management methods, most Black Swan risks will not be identified and any Black Swan risks that are considered will be not be actioned due to their very low probability.

Brainstorming risks is highly unlikely to capture Black Swans. The exercise will either be too narrow, by staying within the comfort zones of the participants, or too broad by considering risks that are not relevant to your business (eg earthquakes in a non-earthquake zone).

In addition, the negative connotations of the word “risk” means that people have to change the way in which they think in order to identify negative events. A much more effective way to operate is to use ABCD Risk Management and consider the strategic assumptions of the business ie what are the things that must happen for your business strategy to succeed. Thinking assumptions rather than risks also helps to keep you focussed on the objectives of the business and grounds any “out-there” risks in the context of your enterprise.

The assumptions are analysed for risk using Sensitivity and Stability. Assumptions that are rated as CC or above are considered to be “risky assumptions”. However, up to this point, this is still a form of risk analysis and not Black Swan analysis.

Black Swan Assumption Analysis

So how do we use Assumption Analysis to identify Black Swans? Firstly we need to identify the strategic assumptions for our business. The strategy statement should be broken down into its constituent assumptions i.e. the things that need to happen to ensure that the strategy is achieved. Aim for about 10-20 assumptions and ensure that you consider both internal and external factors as much as possible.

The Sensitivity of the assumptions should all be rated as Cs or Ds or they are not really strategic! The Stability ratings could take any rating from A-D. However, unlike risk management, it is not the CC and above rated assumptions that we are interested in – these would be handled as “risks” and be part of the ongoing (strategic) risk management process. Black Swan assumptions will be rated as Sensitivity D and Stability A or B ie they will have a massive impact if they don’t hold but are considered to be fairly or very stable.

 We then need to further test the assumptions by considering relevant risk drivers in the world that could potentially affect our business strategy to a massive extent eg:

  • Market changes eg oil prices, currency fluctuations, credit availability etc.
  • Socio-political changes eg change of government, adoption of Euro etc.
  • Health crises eg flu pandemic, fall-out from dirty bomb etc.

Note that we are not looking for minor events here (eg oil prices rise by 10% per annum) but massive events (eg oil prices triple in 12 months) and the compound effect of events occurring together.

We can then use these drivers to challenge the Sensitivity and Stability ratings and change them if appropriate. It is important to note that it may not be possible to undertake an effective assessment of risk drivers without engaging an external industry expert to challenge the internal thinking. Some limited degree of academic input or management consultant involvement may pay dividends in breaking down what Irving Janis calls “Groupthink” – i.e. the tendency for homogeneous teams to fight too hard for consensus and to not consider alternative viewpoints – and therefore miss Black Swans.

An effective risk driver approach will inevitably move more assumptions into the risk management category where they can be dealt with appropriately. This will leave us with a small number of assumptions that are rated as D Sensitivity and A or B Stability and these are our potential Black Swan assumptions and events.

Managing Black Swans

These Black Swan assumptions will need to be considered completely separately from the risks. By their very nature, you do not think that they will happen and therefore you will not be pre-disposed to take action. You basically have one choice – to de-sensitise your business to the effects of the assumptions, but you have two ways in which this can be accomplished – proactively or reactively.

Proactive means that you will take action now to reduce the potential impact later. This could be done by building in redundancy or standby systems, creating emergency systems, tightening procedures etc.

Reactive would be to define contingency plans if the Black Swan did materialise. These may range from quite sophisticated to very basic if that is all that can be realistically done eg replacing automatic systems with totally manual ones.

The highly unlikely nature of Black Swans will tend to lead you towards reactive rather than proactive approaches but this is not always the right thing to do – think 9/11!

And of course the big factor is likely to be cost but this must be weighed against the potential massive impact if the Black Swan materialises. In the tsunami of 2004, 230,000 lives were lost and $15B of damage was done because the cost of a warning system, estimated at around $30m, was considered too expensive. That works out at $130 per life lost.

Good Black Swans

A final point to note is that Black Swans can be good as well as bad for your business. Some of the biggest business successes seemed highly unlikely but today Google and eBay are massive global businesses, the iPod has outsold all expectations and more recently the use of Twitter seems to be growing exponentially. Consequently, when considering your strategic assumptions, don’t just look for the risks, look for investment opportunities.