Deep dive: how businesses can build resilience against black swan events

Rare, unpredictable and capable of reshaping industries and economies in a flash, Black Swan events are seemingly risk management Kryptonite.

The 9/11 attacks in 2001, the Global Financial Crisis in 2008, and the COVID-19 pandemic in 2020 all demonstrated how our world can be completely upended in ways few had foreseen.

These events not only reshaped lives, they exposed vulnerabilities in systems previously believed to be resilient, prompting a rethinking of how businesses and governments prepare for the unpredictable.

While Black Swan events are by definition highly unpredictable, the risk management brief remains simple: be prepared for everything.

But just how plausible is that?

WHAT CAN BUSINESSES LEARN?

“Black Swan events are unpredictable and carry extreme consequences,” says Alexandre Oliveira, a supply chain expert and member of risk-related councils and boards. “However, past disruptions have revealed patterns that businesses can learn from.

“Traditional risk models often fail under extreme conditions, making it essential for companies to integrate scenario planning and stress testing into their frameworks, accounting for cascading risks and systemic vulnerabilities.

“Organisations that responded effectively to past crises had robust governance structures that enabled fast, data-driven decision-making, balancing immediate responses with long-term strategic adjustments.”

Oliveira adds that the COVID pandemic underscored the risks of over-reliance on single suppliers or geographies, highlighting the need for diversification, nearshoring and digital supply chain visibility.

“Companies that foster a culture of resilience – where employees at all levels are encouraged to think critically and adapt – demonstrate stronger recovery capabilities. These lessons highlight the importance of agility, governance and strategic foresight in mitigating the impact of extreme disruptions,” he says.

“It is a mistake to try to predict and mitigate for Black Swans. Such action is expensive and fruitless. Instead, we should allow flexibility”

Hélène Galy, WTW research network director, says that businesses can learn from previous Black Swan events by reflecting on the vulnerabilities that these events revealed, especially if they have been more severely affected than their peers.

“Businesses should also reflect on where their horizon scanning came close to spotting those events, and what assumptions were made that dismissed those events as unlikely. Are these assumptions still creating bias in the current risk management framework?” she says.

Paul Foy, founder of risk management firm Value Performance, cites the example of the 9/11 attacks. While a Black Swan event, the US managed to bounce back.

“A few factors were at work. The determination of the American people that they would not be bullied, the robustness of their financial systems allowing business as normal to be resumed fairly quickly and flexibility of the system and people,” he explains.

“It is a mistake to try to predict and mitigate for Black Swans. Such action is expensive and fruitless. Instead, we should allow flexibility, which also requires distribution of responsibility.”

ARE THEY REALLY JUST GREY RHINOS?

Professor Joe Parcell, director for the Center for Risk Management Education and Research at Kansas State University, says there is a growing belief within the risk community that Black Swan events are better described as Grey or Brown Rhino events.

“Unlike the Black Swan, which is entirely unpredictable, the rhino analogy suggests that you can see the threat coming – but stopping it is another matter entirely,” he says.

“A few minutes each month exploring ‘what-if’ scenarios and identifying the best response options can make a big difference”

Parcell explains that the theory emerged after the 2008 recession, when some experts saw the downturn coming by analysing extensive data and mapping the probabilities of multiple negative outcomes happening simultaneously.

“The traditional Black Swan mindset suggests that you can’t prepare – when the unexpected strikes, you deal with it and move on. But the rhino analogy represents a shift in thinking.”

“Businesses and governments are increasingly adopting a mindset that even low-probability events are worth discussing. A few minutes each month exploring ‘what-if’ scenarios and identifying the best response options can make a big difference when rare crises hit.”

HOW CAN RISK MANAGERS BUILD RESILIENCE?

“Some scenarios require little preparation, while others demand more detailed planning,” continues Parcell. “With the shift toward the rhino analogy, leaders – particularly risk managers – are increasingly focusing on vision-scoping potential events that could cause low, medium or high levels of disruption.”

Parcell says many companies are now building reactive risk management strategies for low-probability events with medium to high disruptive potential.

“Take the COVID-19 pandemic as an example: while it’s impractical to allocate ongoing resources for a once-in-a-century event, leaders have learned that response strategies can be mapped out in advance. One crucial lesson is knowing who to have at the table when a rhino event occurs. In these situations, speed of problem-solving becomes essential,” he says.

Galy suggests developing ‘as-if’ scenarios, to allow impact quantification and wargaming of the scenario ramifications. For example, a repeat of the Carrington Event allows you to understand and quantify exposures to geomagnetic storms and potential financial losses, including both direct and indirect impacts, and the long-tail of disruptive impacts on the business, its supply chain, its employees and customers.

He adds: “Involve multiple corporate and business functions in scenario design and planning, not only the risk function. This will help to implement effective measures to mitigate the risks uncovered by those scenarios.”.

A CONTINUOUS EYE ON CYBER RISKS

For Oliveira, boards and executive teams must embed resilience into strategic decision-making, ensuring that risk mitigation is a continuous and dynamic process.

“Predictive analytics can help identify weak signals of emerging risks, allowing companies to take pre-emptive action,” says Oliveira.

“Ensuring access to liquidity, diversifying revenue streams, and maintaining operational redundancies can mitigate the financial strain of unexpected shocks.”

“By leveraging DI, organisations can better navigate the complexities of today’s volatile environment.”

He says that with digitalisation accelerating, cyber threats pose a growing existential risk, making continuous investment in cybersecurity frameworks, crisis simulation exercises, and incident response protocols critical.

“Ultimately, resilience is not about predicting the next Black Swan but about building the agility and adaptability to navigate the unknown.”

Decision intelligence (DI), Oliveira concludes, offers a framework that integrates data science, social science, and managerial science to improve decisionmaking processes.

“By leveraging DI, organisations can better navigate the complexities of today’s volatile environment. Utilising advanced analytics to process vast amounts of data can uncover hidden patterns and early warning signals of potential disruptions, allowing organisations to anticipate and prepare for unlikely but impactful events.”