Risk is a Process, Not an Event

Risk is a Process, Not an Event

share this

In risk management there is an old adage that complex systems fail in complex ways. Yet, many risk management approaches deal with risk as if it were a discrete, time-defined event, rather than a dynamic process that is highly volatile. Certain types of risk are acute in nature, but all risk lives along a continuum that is shaped by time and is compounded by action (or inaction). Nassim Taleb in his books Black Swan and Antifragile popularized the notion that fat-tailed (or leptokurtic) events are not as rare as once thought, calling for new frameworks for coping with their likelihood and, critically, surviving them altogether.

To begin with a stylized probability distribution of risk can serve as a useful guide for how to think about risk and how it evolves by severity and likelihood. The left-hand side of the diagram highlights high probability low-impact risks that are traditionally mitigated or optimized in a firm’s business model. These are acceptable attritional risks that many firms’ bear and have figured out over many years of observations how to mitigate. I call this the Fragile Domain, as organizations that do not adequately absorb or mitigate these risks tend to break easily.

The next category is the Robust Domain. Here lie unexpected losses or, to borrow from Donald Rumsfeld the so-called “known unknowns.” The risk priority in this category is to transfer risk and remain vigilant to emerging threats and exposures. By transferring this category of risk firms gain a fixed price on uncertainty that can be built into their pricing models and overall strategy. They also gain robustness afforded by the liquidity and response of the private market (or risk pools) and by the process of diversifying away potentially crippling losses. Using a recent example, I would place Sony’s cyber terrorist attack in this domain. Judging by the upsurge in cyber liability insurance, the market agrees that transferring these risks is the right approach. This category often produces systemic risk when risks are “transferred” but not actually removed from the system, much as we saw during the 2008 financial crisis.

A brief etymology is needed to accurately explain the powerful concept of antifragility and the last domain in this model. Nassim Taleb coined the term antifragile as he found there was no useful antonym to fragile in the English language (e.g. something that would benefit from shocks). If fragile means easily broken and robust implies something that will remain in the same state, then antifragile implies something that by default becomes stronger with shocks. An apt classical example would imply that the Sword of Damocles is fragile, for it is held by a string; Phoenix is robust as she rises from the ashes in the same state; and Hydra is antifragile for the more you attack and cut off a head, the stronger Hydra becomes. Uber would be an example of a firm that benefits from antifragility in its business model. The more governments and angered taxi drivers protest Uber’s arrival, the stronger demand becomes among prospective passengers. It is also difficult to “kill” a firm whose drivers and customers alike are part of a distributed on-demand business model.

The airline industry, notwithstanding its razor thin profit margins, is also considered antifragile as each calamity does not cripple the entire system, but rather strengthens overall air safety. The concept of near miss management that has been codified in aviation has broad applications outside of this industry. Even cyber risk management, for example, can benefit from this approach, if firms would only destigmatize the advent of a security breach and develop a central clearing house to report and record these losses. The risk priority in the Antifragile Domain is survival and the general theme is that large losses, or black swans, are not nearly as rare as once thought and firms would be wise to prepare for their arrival.



Dante disparte


Dante Disparte is a member of ASP’s Business Council for American Security and the founder and CEO of Risk Cooperative, a strategy, risk and capital management firm focusing on mid-market opportunities, market expansion and equity investments on a global scale.

Prior to forming Risk Cooperative, Mr. Disparte served as the Managing Director of Clements Worldwide, a leading insurance brokerage with customers in more 170 countries. Mr. Disparte is a specialist in strategy and risk reduction through the design and delivery of comprehensive risk solutions of worldwide scope. He is credited with designing the world’s first card-based life insurance program for the United Nations, a plan that has placed more than a half billion USD of risk with the markets in more than 150 countries. This innovation was heralded as one of the top product innovations of 2011 by the MENA Insurance Review. Mr. Disparte serves as the Chairman of the board of the Harvard Business School Club of Washington, D.C., and on Harvard Business School’s global alumni board. He is a founding member of the Business Council for American Security and an advisory member with the American Security Project.

Stay up to date!

Join our mailing list to receive weekly newsletters and exclusive invites to upcoming events.

You have Successfully Subscribed!