“Life is inherently risky. There is only one big risk you should avoid at all costs, and that is the risk of doing nothing.”
– Denis Waitley
“Creative risk-taking is essential to success in any goal where the stakes are high. Thoughtless risks are destructive, of course, but perhaps even more wasteful is thoughtless caution which prompts inaction and promotes failure to seize opportunity.”
– Gary Ryan Blair
“It’s not because things are difficult that we dare not venture. It’s because we dare not venture that they are difficult.”
– Seneca
“People who don’t take risks generally make about two big mistakes a year. People who do take risks generally make about two big mistakes a year.”
– Peter F. Drucker
“Don’t be afraid to take a big step. You can’t cross a chasm in two small jumps.”
– David Lloyd George
“Two roads diverged in a wood, and I… I took the one less traveled by, and that has made all the difference.“
– Robert Frost
“The most important thing to remember is this: to be ready at any moment to give up what you are for what you might become.”
– W. E. B. Du Bois
Vulnerability is a weakness, or simply some area where you can experience significant damage. Everybody and everything has points of significant vulnerability to various events and situations, whatever these may be.
Most businesses and organizations address some vulnerabilities that are identified through routine risk analysis and management activities. Risk analysis typically starts with situations or events that can be identified and quantified, at least roughly, in terms of probabilities of occurring.
The focus of such analysis is often on the causal events or situations – think supply chain disruptions due to chaotic international port shipping flows. Such things do happen so often now in our presently-inconvenient reality.
However, causal events and situations with extremely low probability of occurrence, or those for which such likelihoods simply cannot be estimated, are typically ignored. You know, black swan things like COVID, and lockdowns, and vaxx mandates. And what next?
Black swans are different in that they cannot be foreseen in nature, magnitude, or timing. Like COVID (we will be living with the consequences of this unforeseen black swan critter for years). It sure exposed a lot of vulnerabilities in almost every organization and business – forcing most to deal with the consequences post-event/situation.
But there are more than just black swan threats out there.
Dealing with “zero-probability” events and situations that could happen
You can probably think of a sizable list of things that “could happen” but have either zero-likelihood (our best guess, anyway) or an unknowable likelihood (we can’t even take a wild guess). Basically, just “possible” things.
I’ll bet that very few out there have ever thought much about such “possible-but-highly-unlikely” situations and events and how they might affect your business or organization. The reasons probably include both “will never happen” and “too many possible things to address”. Like COVID and its unlikely consequences.
The underlying problem is that there are roughly a zillion “possible” situations and events of this nature. It just isn’t practical to deal with even a tiny fraction of these. So, why worry about them until one (or a bunch) happens?
Fatalism then may be the only sensible response?
If I can’t do anything about it, why should I worry about it?
Some might consider this a viewpoint of fatalism: “Fatalism is a family of related philosophical doctrines that stress the subjugation of all events or actions to fate or destiny, and is commonly associated with the consequent attitude of resignation in the face of future events which are thought to be inevitable.”
What will be, will be. Or, as Doris Day in the far distant past sang it, Que Sera Sera.
I don’t know about you, but this line of thinking seems to me to be quite a bit overly-restrictive. Yes, there are many things that will happen regardless of whatever I do, whether “predestined” or simply randomly occurring – wherever the cards may fall, but there is still a lot of room for me to adapt and create. And to strengthen significant weak spots.
Herein lies the important point: While I can’t do much about the nasty behavior of the world or reality, I sure can figure out how best to protect myself against whatever happens to come along. Planning for whatever.
Vital to recall here that “whatever” includes black swan whatevers, not just the universe of more-or-less identifiable whatevers that can only be described. Ones with likelihood “zero” (or so we guess), or just plain unknowable (and “unguessable”).
Address your specific vulnerabilities rather than impact causes
While there are almost an infinite number of possible situations or events – I have called them “whatevers”, there are relatively few points of vulnerability actually available for any of these to mess with. Better yet, these points of vulnerability are relatively easy to identify for the most part.
A point of vulnerability is where significant damage could occur for any, or a combination of, uncountable reasons and causes. A point of weakness.
The only thing that an organization or business can do in this hugely uneven situation is to address any of its internal, or external-but-internally-caused, vulnerabilities. This approach addresses only strengthening options that are fully or largely under our internal control.
Identifying and prioritizing your vulnerabilities – where are you most exposed?
There are four main types of vulnerability: human-social, physical, economic, and environmental. Typically, at least one or more of these is ignored or insufficiently addressed. Fundamental starting point: Where are you most exposed?
Your first response may be “To what?” but this is missing the critical point. You have certain kinds of exposure to whatever happens out there in reality because of the way in which you have designed and operated your business or organization. You created (or accepted) whatever significant exposure may exist, whether you did so knowingly or not.
Your vulnerabilities exist either because you created them or because you have allowed existing ones to persist.
Eliminate or minimize weaknesses? This seems kind of like the thing a high-performance athlete might do when looking for any areas of weakness that might be addressed in a practical manner, say by different training or diet.
Note that a “weakness” such as being four inches too short for the particular sport you compete in is not a weakness in reality. It is a choice that you made. As a corrective action, you might be able to switch to a different sport where height is not important as skill.
The next black swan and its “COVID?”-buddy, or WWW III, may be on the way
Most of us appear to have survived, more or less, the ravages of our 2020 black swan COVID-19 event and its subsequent hits. Everything we did was reactive unless you were among the very few who saw it coming early enough to act in anticipation. Very, very few, yes?
This post assumes that there are other black swans and highly-unlikely events on the near-term way and suggests that now might be a great time to prepare for whatever shows up. Probably won’t be COVID or even WWW III but the odds of something big happening are close to 100%.

Prioritizing vulnerabilities for strengthening
This seems pretty straightforward once you have identified and characterized as many vulnerabilities as you can. As part of this process, each should have been assigned a potential damage range estimate and an estimate of costs and duration of the appropriate strengthening efforts.
Prioritization would generally be based on size of potential damage, followed by costs and duration of strengthening efforts. The usual stuff.
A few candidates for what might be next
What events or situations might impact you and cause your business serious damage? The correct answer here is “Who knows?”. The vital message is only that your business has been designed and operated to contain vulnerabilities, some or many of which may be affected by whatever comes along. Nobody from outside did this. Left uncorrected, any damage you may sustain will then be largely self-inflicted, or allowed.
While black swan events and situations are completely unforeseeable, there is always so much stuff going on out there that we can see – at least to some extent. This in turn may help suggest a possible set of priorities for vulnerability strengthening.
Some examples that recently caught my eye:
China. Inscrutable China is up to its old tricks of causing huge disruptions for obscure reasons. ZeroHedge early in May 2022 notes that:
“The three largest cities in China are going to be removed from the world market. According to analysts, at least 40% of China’s GDP has been taken offline and this was before lockdowns began in Beijing. The vast majority of this GDP is directly related to global manufacturing. Removing it means removing the flow of containers from the world economy.”
“The loss of trucking capacity in China means that raw materials and components can’t get from the ports to factories and finished goods can’t leave the factories to the ports to be put on ships for export. The temporary blip (dead cat bounce) was likely containers that were already in the queue at the port prior to the lockdowns.”
“Since factories can’t receive new components or raw materials, they will also stop operating once their supplies are exhausted. Supply chains involve large webs of suppliers that are interconnected and just because one supplier is online does not mean that other suppliers are. Once they shut down, it will take much longer to bring them up to full productivity.”
This situation would have only a minor impact on your business of course since you have by now wisely multi-sourced all of your critical components or designed out of products anything that has only a single source. You have, of course?
Russia. Following Russia’s incursion into Ukraine, European and US politicians cleverly decided that it would be a good idea to confiscate Russian external assets (including $300 Billion of Eurobonds and cash reserves of Euros and US Dollars) and to ban some Russian banks from SWIFT. This is big money even for a major nation like Russia.
The big question here in my mind is whether this was an error on Russia’s part leaving itself so completely exposed, or maybe this was intentional. Hmmm … leaving a serious vulnerability wide open seems way too dumb even for all but the most inept governments (of which there are so many).
In any case, the point is that the vulnerability may have been left in place, or even created, for more important underlying purposes.
Stagflation. Stagflation is the nasty combination of a dollar inflation and a decrease in economic demand (typically measured by GDP). Causes? Irrelevant in this context because you can’t do anything about either. Your focus needs to be on how either or both might affect various points in your specific business.
Dollar Collapse. Forget about the machinations of the Fed and big banks and a host of other culprits and players. Nothing you can do about any of their destructions. What is important is the purchasing power of your earnings (assuming dollars to keep complex things simple).
If you are buying mostly “locally” – that is, in dollar-based economies, the impact of dollar valuations internationally may not be major for you. But if your sourcing is heavily offshore from regions that are shifting away from the dollar, you may well have a problem that will likely get much worse. Up to 70–90% of the global population is arguably in the Chinese/Russian camp via their association with the Shanghai Cooperation Organization and other mutual arrangements and agreements that exclude the US and Western Europe.
Banks. Money in the bank or equivalent isn’t yours anymore: it is a loan. Good as money in the bank no longer works, assuming that it ever did. Not only do you not have possession of the real value it formerly had, but all you now have is a digital ledger entry that reflects the bank’s good intentions to protect that value and to return it at least fully intact when you request. Good luck with that fantasy, as they say.
Fuel. Ever-rising fuel prices, especially diesel. Again, causes are irrelevant since they are beyond control of anyone not in the TPTB club. What is relevant is that transport fuel prices get quickly built into the costs of nearly everything that is transported. From GasBuddy.com on May 9, 2022, “Consumers to feel effects of record high diesel prices says GasBuddy”::
“For the third consecutive week, the nation’s average gas price has risen, climbing 13.6 cents from a week ago to $4.31 per gallon Monday according to GasBuddy data compiled from more than 11 million individual price reports covering over 150,000 gas stations across the country. The national average is up 19.6 cents from a month ago and $1.36 per gallon higher than a year ago. The national average price of diesel has risen 22.6 cents in the last week and stands at $5.52 per gallon.”
“Gasoline and diesel prices alike saw strong upward momentum last week as oil prices continued to climb after the EU signaled its desire to sanction Russian oil. In addition, U.S. petroleum inventories saw yet another weekly decline as we near the start of summer driving season,” said Patrick De Haan, head of petroleum analysis at GasBuddy. “Not only are diesel prices at a record high, they are at their largest differential to gasoline on record, surpassing the 98-cent difference in 2008 and currently standing at a $1.20 per gallon premium. While motorists filling with gasoline have seen a slight rise in prices, diesel’s surge will be a double whammy as diesel prices will soon be passed along to retail channels, further pushing up the cost of goods.”

Have you identified the input products and service vital to your business that will be most impacted by fast-rising costs? Do you have plans in place to deal in almost real-time with this near-certainty? Of course you do.
Some impacts from whatevers can be opportunities in disguise
Here, your “vulnerability” may be mostly one of missing out on a major opportunity. The “damage” consists of what you might have been able to create, but did not.
Well, this is inconvenient, yes? If an event or situation in the vast sea of whatevers strikes, but cause little or no “damage” to my business or organization, the real damage lies in what I failed to see and take advantage of. Kind of a negative vulnerability.
Okay, so how might I address such negative vulnerabilities in practice? How can I figure out which situations and events, generally known today as chaos, contain opportunities potentially of value to me and my organization?
You are probably doing some of this today as you develop plans for taking advantage of changes that you can readily see and characterize. What I am suggesting here goes beyond what you can see and describe at the moment and is related to your vulnerabilities.
Bottom line:
Major impact events are coming. For certain. But nature, magnitude, and timing? Mostly unforeseeable. These just happen, whether by fate, predestination, or a random dice-thrower. All you know for sure is that some big things are coming along. The best you can do in this case is to identify your points of greatest vulnerability and to figure out how to minimize the possible impact effects. From possible but highly-unlikely whatevers.