The number of top risks, forecasts, and preventions lists issued by organizations and companies of all kinds seems to have grown dramatically, particularly between November and the end of February to straddle each new year. Or maybe it’s just that more and more of them have crossed my desk.
What are these lists good for? It’s important to understand that they are about gauging perceptions of risk, not actual probabilities. That’s an important distinction. Estimating risk probabilities is a way of feeling more in control, but it’s up to us whether we just feel more power over a situation or actually put our knowledge to work.
Risk perceptions can drive investment decisions, strategic planning, policy making, news cycles, purchasing decisions, pricing, and many risk mitigation behaviors (or lack thereof). They are central to social, political, and business trends. The more people agree about the biggest risks they face collectively, and the more power they feel they have to do something about them, the more likely they are to act to head off that risk.
From 2016-2020, I compiled an annual meta-list of top risks, forecasts, outlooks, and trends and analyzed which risks appeared most often and most urgently. These were the kinds of risks I describe as gray rhinos: obvious, probable (depending on your definition of probable), talked-about, and giving us a choice to respond. Last year, I took a pause — partly because one particular risk (ahem) was front and center and partly because the number of lists was getting unwieldy.
This year, I’ve decided to put the exercise on ice indefinitely for three reasons. First, with more than five dozen lists on the radar and counting, it was getting too unwieldy and would have required another level of sorting by type. Second, the exercise had fulfilled its purpose of pointing out that many people and organizations DO see risks coming; it’s their choice to respond or ignore them. Third, and most important, I want to focus more intently on redirecting our attention to how decision makers respond to the gray rhinos charging at them.
There’s a feedback loop between risk and response: the sooner we actively recognize a threat, and the more people with the power to avert it do, the lower the risk is. And while there’s no shortage of risk lists, there is an attention deficit when it comes to improving responses and holding accountable decision makers who fail to respond.
Some notable lists do look at responses.
Since its creation 75 years ago, the Bulletin of the Atomic Scientists’ Doomsday Clock has become a universally recognized indicator of the world’s vulnerability to catastrophe from nuclear weapons, climate change, and disruptive technologies –and whether our actions are increasing or reducing those risks.
For the second year in a row, a distinguished panel at the Bulletin set the 2022 Clock at 100 seconds to midnight -a sobering estimation of less than two minutes and the closest ever to civilization-ending apocalypse. The farthest it has been is 17 minutes in 1991.
Andy Revkin of the Columbia Climate Institute invited me to comment on this year’s Clock setting alongside a distinguished panel including Jeff Schlegelmilch, author of “Rethinking Readiness”; Bina Venkataraman, author of The Optimist’s Telescope; and distinguished board members of The Bulletin Raymond Pierrehumbert, Sharon Squassoni, and Daniel Holz. Read more, watch and listen to the conversation HERE.
World Economic Forum Global Risks Report
This year’s World Economic Forum Global Risks Report includes a new section in which respondents judged the effectiveness of international mitigation efforts in 15 risk areas. The results were sobering: Respondents rated trade facilitation, international crime, and weapons of mass destruction as the areas with most effective efforts –but even so, only 12.5% of respondents thought so. On the other end of the spectrum, most respondents felt that international mitigation efforts had, in effect, not started: artificial intelligence, space exploitation, cross-border cyberattacks and misinformation and migration and refugees.
The 2022 Global Risks Report identifies areas where the world has been backsliding since the start of the Covid-19 pandemic, particularly societal and environmental risks with “social cohesion erosion” and “livelihood crises” taking the top spots. Other risks identified as having worsened significantly are debt crises, cybersecurity failures, digital inequality and backlash against science.
To their credit, surveys around cyber security often include questions about how prepared respondents feel their organizations are –and whether their behavior justifies those expectations.
Take ransomware. A recent Global Threat Landscape Report from FortiGuard Labs, published in September 2021, reported that 94% of organizations reported being concerned about the threat of a ransomware attack; 76% were very or extremely concerned. Notably, 96% said they were at least moderately prepared for such an attack.
Harsh reality, however, did not match up to that level of confidence. “[T]here is an apparent disconnect between their feelings of preparedness and the tools and plans they have in place to address an attack,” Fortinet warned. “For example, less than half have a strategy that includes such things as network segmentation (48%), forensics abilities (34%), testing ransomware recovery methods (28%), or red team/blue team exercises (13%) to identify weaknesses in security systems. They also place critical security technologies, like secure email gateways (33%), network segmentation (31%), UEBA (user and entity behavior analytics) (30%), SD-WAN (13%), and sandboxing (7%) at the bottom of their list of tools they consider essential for securing themselves against ransomware.”
Similarly, when it comes to digital disruption there are tools for gauging readiness. Cisco’s Digital Readiness Index, for example, compares 141 countries based on seven factors determining how well they were adapting to digital disruption.
Top Questions to Ask
There are dozens and dozens of other top-risk/forecast/outlook/trends lists out there. Next week, I’ll analyze some of those in greater depth. First, however, I want to share some insights that I hope will be useful to you as you evaluate the lists most relevant to your work or come up with your own.
1) What perspective is the list written from? Is it focused on industry trends? Market predictions? Geo-political trends?
2) Who decided what went on the list and in what order? An analyst, a group within one company, a survey of many participants?
3) What are the parameters including time frame and risk definitions? Does the list consider impact, likelihood, or both?
4) How did this list shift from past years? Which risks moved up or down in the rankings and why?
5) Did predictions from past years end up happening? (Corollary: How much does that matter?)
Each question matters as you consider how heavily to weight the information in your own strategic process.
Your Own Top Risks
I get asked all the time what I see as the top gray rhinos facing the world or a particular industry or business. Though I have definite opinions on this subject, I always preface my answer with a comment that the concept is most effective when each person or organization defines gray rhinos for themselves. Each perspective is distinct: one person’s threat is another’s opportunity.
It’s a mistake to rely solely on other organizations or analysts’ top risks lists because it’s unlikely that another one will align precisely with factors that affect you. Those lists can, however, be helpful in defining opportunities and providing a way to check to see if there’s anything you might have missed.
Make your own list before you look at other lists, however. This will help you to avoid the anchoring effect, which pulls your mind toward information you’ve heard recently. Stretch your imagination but remember that you’re more likely than you probably think to push obvious, chronic risks to the back burner even when they remain dangerous.
Ask yourself how your top risk perceptions compare to industry or macro trends? Is there an opportunity in moving quickly to address the problem, whether through products that provide solutions or policies that create resilience?
Above all, once you’ve assessed top risks, be brutally honest about how well you are responding to it. How we respond depends on how quickly a risk gets our attention, how much impact and probability we assign to it, how much risk we’re willing to bear, who we feel holds the responsibility for dealing with it, and how much power we feel that each of us and others has to deal with it effectively.
Next week, I’ll take a closer look at some of the other lists out there. Stay tuned.
Read more about risk perceptions in my new book, YOU ARE WHAT YOU RISK: The New Art and Science of Navigating an Uncertain World.
This article is part of my LinkedIn newsletter series, “Around My Mind” – a regular walk through the ideas, events, people, and places that kick my synapses into action, sparking sometimes surprising or counter-intuitive connections.
To subscribe to “Around My Mind” and get notifications of new posts, click the blue button at the top right corner of this page . Please don’t be shy about sharing, leaving comments or dropping me a private note with your own reactions.
For more content, including guest posts and ways to engage me for keynotes, workshops, or strategic deep dives, please visit www.thegrayrhino.com.