Welcome to Rothstein Publishing!
How to See Gray Rhinos

How to See Gray Rhinos

By Dr Jo Robertson

The COVID-19 pandemic was not a “black swan” (catastrophic event that came out of the blue and no one saw coming), it was a “gray rhino” which had long been predicted but leadership everywhere overlooked. As we move forward from the pandemic to new challenges, how do we better ensure we have our eyes open so the next crisis doesn’t hit us unaware?

What is a Gray Rhino?

A gray rhino is a highly probable event with a great deal of impact which is dismissed or overlooked, perhaps because we’re not taking it seriously enough. The term was coined by “The Gray Rhino” author Michele Wucker to mean a danger which is obvious, visible, and charging straight at you.

I’ve been fascinated by gray rhinos my entire career. They’re probable – and likely events that have potentially catastrophic impacts – but they always have an element of uncertainty. It will happen sometime, but not this year. There’s a wide variety: from a company’s single source for a critical component, to a volcanic eruption, to a pandemic.

I’ve heard the COVID-19 pandemic called a black swan countless times and that baffles me. Virologists and economists have been raising the red flag for years.

In its annual report on global preparedness for health emergencies, The Global Preparedness Monitoring Board, convened by the World Bank and the World Health Organization, warned of the immediate need to prepare for a catastrophic fast-moving respiratory pandemic which would infect in excess of 50 million people and wipe out 5% of the world’s economy.

The Department of Health and Human Services headed a joint exercise called Crimson Contagion in 2019 to look at the U.S. government’s ability to respond to an influenza pandemic originating in China. Numerous public and private organizations tested the ability of the federal government and 12 states. The findings were dire, yet we still turned a blind eye.

Most public health experts had long maintained, after the SARS pandemic in 2003, the swine flu pandemic in 2009, and the Ebola epidemic in 2014, some kind of devastating pandemic was likely. That’s the definition of a gray rhino. We know it’s going to happen and we do nothing. By contrast, a black swan event is unexpected and no one sees it coming. COVID-19 was entirely predictable; indeed it had been predicted. As Wucker puts it, we have seen pandemics many times before and know they will continue to occur. “If you cannot picture another one coming you are willfully blind.”

We need to learn to heed the warning signs of a gray rhino hiding in plain sight and course correct.

If gray rhinos are hiding in plain sight, why can’t we see them?

Leadership, in many cases, exacerbated by those of us in the resiliency field, lead ourselves and our organizations into complacency that freak storms, severe earthquakes, lightning strikes, and pandemics are “just” going to occur once every 100 years. The likelihood of it happening this year is low, right?

Organizations usually have limited mitigation funds budgeted for resiliency. They want to make the best use possible, so they focus nearly exclusively on the high-likelihood-high-impact risks, accept the low-likelihood-low-impact risks, and put the medium-likelihood-medium-impact risks on the back burner.

Gray rhinos are high-likelihood-high-impact risks, but we fool ourselves into believing that although they are high-impact risks, they are low-likelihood of happening this year and can be pushed into the moderate risk category for mitigation down the road.

Fine tuning the way we’re looking at this will require a change of perspective. Two things are necessary to accomplish this and they go hand in hand.

  1. We need to reconfigure the way we do our risk assessments.
  2. We need to put in place better signal detectors and empower them to get the right warning to the right ears.

Changing the Way We Do Risk Assessments

A standard risk assessment seeks to categorize risks by probability (or likelihood) they’ll happen this year vs. the impact of that event happening to our organization, then plot where the risk falls on a heat map that might look something like Fig. 1, with varying nuances.

Often, because of the need to curtail spending on mitigation, we seek to refine just how serious the risks are with further categorization so we can better identify the riskiest of the risks on our heat map, introducing math into the equation so the worst risks are clearly in the red.

For example, a low-likelihood-low-impact risk might get a risk assessment “score” of 1. A medium-likelihood-medium-impact risk might get a risk score of 3 and a high-likelihood-high-impact risk might rate a 5. (See Fig. 2)

The scores assigned above are among the simplest. Some multiply likelihood by impact to come up with a risk score that further differentiates the biggest risks from risks that are more moderate. For example, in the scale below, a rating of 25 (for an almost certain likelihood with a severe consequence) would clearly trump the need to mitigate an unlikely or even a rare probability, even if it still bears a severe consequence because its risk score is only 5-10. Nothing to bother with this year, all things considered. (See Fig. 3)

Clearly, I am oversimplifying this. Often there will be more nuance and more boxes but the end result is typically the same. The risks which fall into the upper right box or boxes where the extremely impactful almost certain risks reside are those that get targeted for remediation. Those which fall into the lower left boxes where the rarest most insignificant risks lie are merely accepted because they’re not likely to happen. Even if they did, the consequence would not be great so no need to spend precious budget. Mitigation of the risks in the other boxes fall somewhere in between, but typically end up being deferred to another year or at least until the risks in the upper right quadrant have been pulled into control.

Gray rhinos lurk in the lower right quadrant. They would be high-consequence events if they occurred, but it would seem unlikely or even rare for such an event to hit this year. To pull the gray rhinos forward out of the tall grass so we can see them better requires us to stop guessing about the likelihood of the event happening this year. In fact, why are we rating the y-axis (likelihood) on equal footing with the x-axis (impact) at all? If we decrease the importance of the likelihood axis and increase the significance of the impact axis, our gray rhinos become red rhinos, clearly in need of mitigation. (See Fig. 4)

Signal Detection

The second component of why we don’t see gray rhinos is because we may need to put in place better signal detectors and empower them to get the right warnings to the right ears.

As discussed in my book, “Executing Crisis: A C-Suite Crisis Leadership Survival Guide,” identifying an escalating crisis before it becomes a crisis is the ultimate act of crisis management. But most organizations have no idea how to do this.

Much of the inability to identify an escalating issue before it reaches a crisis level is that most organizations approach the identification of crisis with a reactive mindset. Thresholds for convening the organization’s crisis team often focus on the occurrence of a certain level of damage.

The larger the organization, the harder it can be to identify a circumstance that is escalating (while it is still escalating instead of after it has escalated) and to report it to the right level where leadership can respond quickly. After the fact, it is often easy enough to recognize there were signals which would have portended that something was derailing, but those signals didn’t get to the right people who could have done something about them.

In most cases, leaders are not the signal detectors. We are.

As risk managers, we need to lead our leaders by tuning them to the signals we have picked up on. Rather than continue to perpetuate a false sense of security based on risk assessments which are truly no more than hopeful guesses and wishful thinking, we need to focus our leaders on uncomfortable truths. No matter the likelihood, the impact is what matters.

Gray rhinos hide in plain sight. As risk managers, we’ve probably uncomfortably seen them out of the corner of our eyes but waited for them to charge before reporting they were there in the first place. Now that the COVID-19 gray rhino is out in the open, we can use this opportunity to flush out the others still lurking in the bushes and see them for what they are.

It’s time we revised the way we look at risks and rhinos.


This article originally appeared in Disaster Recovery Journal.


Dr. Jo Robertson

Dr. Jo Robertson has a Ph.D. in crisis management and 20 years of experience keeping Fortune 500 companies out of crisis. She is the author of the our-newest-author-dr-jo-robertson-at-rothstein-publishingbestselling book on crisis leadership “Executing Crisis: A C-Suite Crisis Leadership Survival Guide,” available from Rothstein Publishing or on Amazon. Dr. Robertson will be speaking about “The New Rules of Crisis Leadership” at DRJ Fall 2020.