FST JOURNAL

Last year was the hottest since global records began. When winter came, it was one of the wettest on record, causing widespread flooding. Something that even Abu Dhabi, to the surprise of those living there, experienced. I have for some years been arguing[1] that we should expect more, and deeper, crises. Sadly, that forecast is being amply borne out by events, and not just over climate, as a result of serious cyberattacks and a compromised information space, technological disruption from advanced AI and quantum science and the risk of further pandemics, and all against the background of war in Europe, conflict in the Middle East, and civil wars and famines in Africa. Border security, energy security, supply chain security, materials security, health security, and food security are all now part of the national security conversation. 

Growth from crisis 

Of course, good things are happening at the same time. We have the benefit of more disease resistant crops, clean energy becoming more available, vaccines more quickly engineered and new horizons opening with big data exploitation and AI discovery of protein folding. We can also remind ourselves that serious crises have arisen for humankind in the past too, and the species has survived and multiplied, but I argue that today as citizens we are more vulnerable than ever to crisis. Global air transport shrinks distances, and climate change does not respect borders, yet decisions remain stubbornly national as we saw with Covid-19. We are highly vulnerable to major disruption in critical infrastructure of all types due to our growing dependence on complex digital networks, big data and always-on connectivity.  And that is without the public realizing just how far the systems on which daily life depends are now digitized. Increasingly our lives will be steered by the outputs of advanced generative AI. It is becoming urgent to develop a consensus on the ethical framework to govern the incorporation of such systems into the processes that support our everyday life, and how best to communicate to users their inherent uncertainties. 

The difference between an emergency, crisis and disaster

It is, I believe, helpful to distinguish here between emergencies, crises and disasters. Even in the best regulated circumstances emergencies do arise – to governments, to communities, to businesses and to families. The public knows that emergencies happen all the time in business and certainly in government. The public rightly expects contingency plans to have been drawn up that can be adapted to circumstance and that there are emergency services trained to work together and ready to deploy. We can identify likely types of emergency, and prepare accordingly. Wise organizations have rehearsed plans for business continuity and have communications strategies ready to inform staff, customers, suppliers and investors when disruptions occur.

But crises are different in scale and intensity. They turn our world upside down. I use the rubber levers test. You pull the standard emergency responses levers but these do not produce the desired results on the ground. Problems multiply, new threats arise, opening the possibility of a slide into disaster.  Some of the steps we take to try to control the situation seem to make matters worse. At least for a while, events seem out of control.

That out-of-control feeling can be deeply unsettling, especially for those used to being in charge and used to knowing what to do. And used to being able to dictate how their day is to be spent and the priorities for attention. In crisis, it is the circumstances that dictate. For that reason,I have preferred not to use the term ‘crisis management’. It is the crisis that is managing you. Being in crisis can therefore be deeply scary. 

Surviving a crisis

How well those in charge respond in crisis matters enormously to how things will turn out. In crisis, existing tensions are amplified and tempers fray, and some may try to take advantage of the situation. All amply demonstrated by the evidence so far to the Covid-19 Inquiry. The complexities of any decent analysis of what to do in crisis certainly cannot be conveyed in hurried WhatsApp exchanges. We need process that helps to create a ‘containing environment’ for the heightened emotions that stress brings. It also reduces the risk of erratic judgements driven by personality clashes – or personal ambitions by those seeking to take advantage of the situation. Surviving crisis is a team sport.

Nations that take preparation for crisis seriously (and I would highlight the Nordic nations as good examples) put a significant effort into improving the state of national, organisational and personal resilience. Given the state of our world, ‘resilience’ has therefore a claim to be the word of the year in government and business. The UK national Resilience Framework document uses the word no less than 556 times.[2] The National Risk Register includes 61 references.[3] President Biden’s recent National Security Memorandum on Critical Infrastructure Security and Resilience NSM 22 of 30 April 24 has over 50 references. The first Pentagon US Industrial Strategy has 21 resilience references about highlighting the urgent need to restore supply chain resilience. The new European Defence Industrial Strategy puts maintaining resilience alongside defence readiness and security, as EU strategic objectives NATO is committed to the development of National Resilience Plans (NRP).  There are all indicators of a recognition that we are lacking something under the heading ‘resilience’ that would help.

Resilience is by origin an engineering term, the ability of a material to absorb energy when it is subjected to an external force but then able to release that energy after the impact. It is easy to explain why sea walls – a crucial part of national infrastructure subject to crashing waves in winter – need to be resilient. In simple cases, we could integrate the area under the stress-strain curve to derive a measure of the resilience of the material. In practice, however, absolute measures of the overall resilience of a complex non-linear system are not available - think of the disruption of the container ship blocking the Suez canal, or it could be jamming of a GPS network on which a maritime supply chain depends. Ideally, we should be demanding resilient network design so that the systems we all depend upon resume functioning after a short period of emergency readjustment. It is hard, in the current state of knowledge, to see how we might quantify for a Board seeking to allocate scarce investment the ‘right’ level of spending on organisational resilience or informational resilience (another concept that demands further research) against the threats and hazards of the future. ‘Resilience’ is therefore, at best, a metaphor and a broad one at that.

The best approach may be to identify at least the most glaring vulnerabilities in business continuity, keeping stocks to smooth out disruptions in supply, having the capacity to manufacture locally, and maintaining dormant capacity that can quickly be brought into use. 

Some crises burst upon us without the possibility of much if any warning, such as Carrington events from solar activity or tsunami from undersea earthquakes. But slow burn crises are in many ways the hardest to deal with since the situation will have been allowed to worsen over months or possibly years. Crisis comes through failure to spot the problem early enough, so there is an obvious mitigation in improving our scanning of the international, environmental technological and social spheres to spot trouble brewing. But as sadly happens, it may be that there were warning signs but they went unheeded. That can be because those providing the warnings were not sufficiently trusted, or their findings did not fit the prevailing political narrative, or the problem appeared too expensive to fix, or the time was simply not right to tackle such a problem. Examples, both macro and micro, abound. 

Good leaders when trouble looms quickly mobilise their top team and bring extra resource to bear to discover innovative ways through the situation. And they apply what has been called adaptive resilience to identify lessons contemporaneously, so that the organisation can emerge from the crisis experience stronger as well as wiser. We should therefore be more open about identifying generic vulnerabilities to a range of possible disruptions. The British government has already in its published Resilience Framework expanded the meaning of the resilience metaphor to cover the ability to anticipate, assess, prevent and mitigate upstream, as well as the ability to bounce back from crisis when it happens.  

The lesson is I hope sinking in[4]: expect more frequent, and deeper, crises over the coming decade and spot them as early as possible, identify in advance our vulnerabilities (including our dependence on digital data, connectivity and data science) to major classes of disruption and invest in improving resilience accordingly, giving priority to measures that have a wide applicability.