Black swans and how to find them: national approaches to managing risk
25 Oct 2018|

For a risk manager, few metaphors resonate more than that of a ‘black swan’ event. Equally interesting is the historical link between this term denoting low likelihood but extremely significant disruptive events and Australia. Europeans thought black swans didn’t exist in nature until the early exploration of southeast and western Australia established their presence and delivered an anomaly to extant beliefs of natural history.

In popular media, Nicholas Taleb describes a ‘black swan’ as follows: ‘First … it lies outside the realm of regular expectations, because nothing in the past can convincingly point to its possibility. Second, it carries an extreme impact. Third, in spite of its outlier status, human nature makes us concoct explanations for its occurrence after the fact, making it explainable and predictable.’

Such events are difficult to anticipate, let alone predict. They may generically be described as surprises that emerge from the fog of everyday life. An important goal of strategic risk assessment is the identification and mitigation of the most likely disruptions, ahead of lower probability events.

A key consideration in national security risk assessment is that not every event that could occur will occur. Investment in resources to prevent, mitigate and recover from disruptive events should be sensitive to this fact. Anticipating and preventing ‘black swan’ events remain a key consideration of all high-level risk assessments, particularly for those related to national security.

Comprehensive risk assessment is key to the delivery of national security outcomes and is a central aspect of the analytical kernel of thinking for many countries.

The United Kingdom, for example, maintains a national risk register. This work (underpinned by a classified risk assessment) provides advice to members of the public about the types of plausible threats and emergency disruptions (expressed as ‘risks’) that they may face in the short to medium term. The register, which is updated as needed, also provides information about government support services and advice about how communities themselves can be proactive. It is a great example of risk communication.

Since 2013, Canada has used an ‘all hazards’ risk taxonomy to guide thinking about national risk analyses. It uses two analytical lenses to consider threats to national security. The first focus is on adaptive or malicious sources: criminals, terrorists or foreign state actors. The second focus is on non-malicious sources: unintentional, health, natural and emerging phenomena and/or technologies.

A further example of deep expertise is Singapore’s risk assessment and horizon scanning program, which has developed over a number of years and has reached a high level of sophistication.

Australia doesn’t have a nationally coordinated multi-agency risk assessment framework. It is important to note, though, that we are not bereft of strategic efforts on risk reduction. We are currently developing deep insight into disaster resilience capabilities and vulnerabilities to natural hazards through the work of the National Resilience Taskforce and other work underway in Australian emergency management.

Our state governments have also been active in developing risk-based approaches to the disruptions they face. A critical fact, however, is that national security is not a state responsibility. A gap in Australia’s strategic policy arrangements is the absence of an up-to-date national security strategy.

The latest version of the strategy was released in 2013. The creation of the Department of Home Affairs, recent white papers and increased understanding of new and unexpected or underappreciated threats to Australia’s interests mean this strategy is now well past its use-by date.

In addition to ensuring greater coordination among relevant departments and agencies, an updated strategy would support the assessment of new vulnerabilities (and reassessment of existing ones), as well as allowing for prioritisation of effort and funding allocation.

Most of the international examples of national risk assessment frameworks and processes noted above operate in concert with a whole-of-economy security strategy. Assuming economies of scale exist for updating our ageing national strategy alongside developing a national risk assessment capability, international risk assessment practice suggests several core elements should be incorporated, including:

  • a comprehensive threat taxonomy framework—incorporating both malicious and non-malicious threats across domestic and international contexts
  • a common risk lexicon—ensuring participating agencies ‘speak the same language’
  • communities of practice established across central agencies that use a standardised assessment methodology which applies an all-hazards/threats approach with input from both closed and open information sources
  • Australia-specific horizon-scanning capabilities that support both general policy development and detailed assessments at agency and national levels.

There will always be the possibility of ‘black swan’ disturbances that provide lessons for policymakers. Australia must sustain both a capability to detect these events ahead of their appearance and mitigate the harm they cause. If we don’t achieve that, we may have to endure voyages of painful discovery after the swans find us.