We are only now realising the extent of the vulnerabilities that human development across the world has created. Last year, the Australian Risk Policy Institute highlighted that ‘innovation without governance is a global risk’ and more recently that ‘IT is the greatest risk to civilisation of all time.’ Alarmist? No. Pragmatic? Yes.

The complexity of our digital world has generated compounding and exponential vulnerabilities, risks and wicked problems never seen before. Global society has been built on a house of cards—from the intricacy of the financial world to the meta-grid of interconnectedness and interdependencies. Vulnerabilities are potential barriers and constraints that can manifest into an exponential-risk domino effect.

Michele Wucker’s landmark book, The gray rhino: how to recognise and act on the obvious dangers we ignore, well illustrates the risk mindset. Innovation over the past 50 years has been greater than ever before and brought untold benefits. But contrast that with today’s ‘hidden awareness’ of what’s happening outside public knowledge.

Two consequences have arisen through innovation. The first is an absence of thinking or concern about how we deliver innovation. For example, we welcome the new global economy without considering who produces computer chips and complex pharmaceuticals because it allows us to buy cheap imported goods, borrow easy credit and live beyond our means.

The second is a psychological dependency on digital evolution. The world has adopted false assumptions about this dependency. A few nations have campaigned strategically to advance political ends by leveraging dependency, ignorance, denial and arrogance. Others have failed to see, accept or protect against global vulnerability and are content to live in vertical silos (sometimes for commercial benefit) rather than make a paradigm shift towards network-centric risk thinking.

A holistic perspective is needed for sustained post-Covid recovery, based on a realistic strategic context, that shines a light on what has occurred and how it will continue to play out.

Importantly, a new way of thinking about risk is needed. Traditional thinking about and approaches to risk haven’t adjusted to the realities and needs of today. Static and linear risk management will continue to fall short, leaving decision-makers vulnerable. Belated protection against global vulnerability leading to recovery will only occur if the world embraces actuality and simplicity. Complexity is entrenched and an ongoing risk across society; it can’t be changed in the short term and must be embraced. Clarity and risk reduction are longer-term solutions, and planning alone is too late. We must respond to the now as well as plan for the future.

Encouragingly, the world has identified the two pillars required for recovery. One is a global convocation of free nations (including corporates) coming together and demonstrating unity of purpose. The second is an event galvanising society as a gamechanger. The investigations into the source of Covid-19 represent that event.

Recovery is possible but must be driven by strategic and integrated thinking and approaches based on simplicity, managing complexity and understanding the difference between ‘near time’ as the priority and ‘deep time’ as a future rock.

One of the world’s greatest policy challenges is to differentiate between vulnerability and risk. The world we live in faces unprecedented vulnerability. New thinking and a new approach are needed to conceptualise and apply risk. Vulnerability is defined as the potential for or possibility of strategic risks arising. However, current risk-management processes commence when a degree of probability exists. They often become mechanical and are frequently too late. Cyberattacks, the Covid-19 pandemic, the global financial crises and 9/11 demonstrate the shortcomings of traditional risk approaches. Risk management has not waxed strong in times of trouble.

A new approach to risk is available and gaining recognition. Industry leaders have identified that ‘risk policy’ is the missing link. Risk policy addresses potentiality and illustrates how vulnerabilities can be identified by introducing a paradigm change through transformational leadership, accessing network information for awareness and turning the focus to anticipation.

Informed and pre-emptive decision-making at the executive level can then provide protection against vulnerabilities, enhance resilience, build sustainability, encourage improvement and spur innovation. Risk policy looks ahead, anticipates and speaks to cause as well as effect—which are, in reality, inseparable.

ARPI’s submission to the parliamentary review of the Security Legislation Amendment (Critical Infrastructure) Bill 2020 highlighted the lack of awareness of developments in risk thinking and the out-of-date and demonstrably defective ‘risk management’ processes. These shortcomings could produce an ineffective statutory resilience framework for Australia with a failure to act faster.

Another example was emphasised during the royal commission into Australia’s natural disaster arrangements. ARPI argued that the review’s approach would entrench baseline, traditional ‘operational processes’ for risk management which have repeatedly failed and will continue to fail at significant times and levels. Rather than trying to react to existing isolated risks when it’s usually too late, resilience in the future must be approached from a perspective of potentiality. That is, the scale of the 2019–20 bushfires was foreseeable and, to an extent, preventable.

So, what needs to change? Decision-making must be informed and pre-emptive. In the case of the Black Summer bushfires, decision-making based on risk policy was needed before the fires occurred not just as a response to them. This decision-making must also be based on real-time local input through an intelligent, network-centric approach and framework, not in isolation or in cities working with limited information or within unhelpful jurisdictional boundaries.

Of course, those involved exercised best judgement in the moment, but arguably without the right information at the right time on the right issue. Informed decision-making is the essence of bushfire prevention and preparation. Network-centric approaches are the enabler.

Informed decision-making will only be achieved through a more contemporary risk policy approach. Paradigm change is required by governments to act pre-emptively. Our experience confirms that reactive, siloed, linear and traditional risk-management processes are not just ineffective, but are devastating and too late when the country is burning.