Broker Check

Dealing With Disruptive Risks

December 26, 2019

This is an adaptation of a post by Bleu Azur Consulting ( The post was directed at large entities but organizations of any size can benefit.

Business leaders need to include disruptive risks in governance and oversight. These risks can have a major impact on a company's profitability, competitive position and reputation.

Disruptive risks fall into three categories:

  • Black swans - "unknown unknowns".   These are low probability, unpredictable risks "below the radar" of standard enterprise risk management.
  • Gray rhinos - "known unknowns". These are moderately to highly predictable risks which get overlooked due to inertia.
  • White elephants - "known knowns" ignored because of subjective rather than objective risk management.

It is imperative to respond to disruptive risks, but biases can distort decision making. These biases include:

  • Hindsight - underestimating risks not experienced and overestimating those that previously occurred. (For example, almost all businesses insure against tangible property loss, but  many still do not purchase cyber insurance, a more likely cause of loss today.)
  • Optimism - overestimating positive, and underestimating negative outcomes.
  • Confirmation - preference for information consistent with one's beliefs rather than objective assessments.
  • Groupthink or herd mentality - failure to consider alternative views.
  • Myopic, short term thinking ignoring long term consequences.
  • Preference for status quo.

These biases can be countered by diversity, objective data, and use of independent experts.

Officers and directors should consider these ten questions:

  1. Does our culture and agenda support oversight of disruptive risks?
  2. What are scenarios that could kill the company?
  3. What scenarios could increase market value
  4. Have we stress tested our most critical assumptions?
  5. Do we have early warning indicators for emerging risks?
  6. What opportunities have we missed due to inaction?
  7. If we operate "business as usual" what could be our greatest regrets?
  8. Are we honestly facing issues related to undesirable behavior or dysfunctional  culture? (A business' reputation is more important than protecting individuals.)
  9. Are we fighting fires without addressing root causes?
  10. Are we getting appropriate outside, forward looking information?

Here are five recommendations to enhance risk governance and oversight:

  1. Incorporate disruptive risks into the planning agenda.
  2. Ensure that enterprise risk management practices consider disruptive risks.
  3. Use scenario planning and analysis.
  4. Ensure that risk reports are effective; include market intelligence, performance and risk indicators, global and company specific "hot spots", early warning indicators and action triggers.
  5. Strengthen company culture to consider non-traditional views, question key assumptions and support continuous improvement.

Risks can provide opportunities as well as problems. Early recognition of "the next big thing" can avoid errors and give a company a competitive edge.When nothing is certain except uncertainty, it pays to be flexible.