Author: Dr David Rubens
ISBN No: 9781398609754
Review date: 06/05/2024
No of pages: 321
Publisher: Kogan Page
Publisher URL:
https://www.koganpage.com/product/strategic-risk-and-crisis-management-9781398609754
Year of publication: 03/02/2023
Brief:
Strategic Risk and Crisis Management A Handbook for Modelling and Managing Complex Risks
price
£39.99 paperback
How can Dr David Rubens’ book – all about how things go wrong, and how at best you can be a ‘high reliability organisation’ – be a comfortable, even calming read? Yet that’s how David’s first book makes Mark Rowe feel. He explains:
Yes, David’s book might not be ideal reading if you are feeling at all vulnerable at 40,000 feet in an airliner. Sitting safely on the first floor of a building, despite its subject – what lies behind failures in crisis management and what to do about it – I felt strangely relaxed while reading it. Partly because I have known the author for nigh on 20 years, and have interviewed him several times, most recently only last month, featured in the February print edition of Professional Security Magazine, and so was ready for what he said. Partly, there’s something reassuring about being in the company (as it were) of someone who knows what they are talking about, and can make sense of (to quote from the very first line of the preface) a world ‘in state of flux’.
As David said to me last month, this book arises from his doctorate from the University of Portsmouth as a ‘pracademic’. As David sets out at the very start, ‘planetary-level changes’ are affecting every one of us, and while you would wish that our leaders – moral, political and in business – had the technical know-how and the authority to ‘take hard decisions in uncertain times’, it’s not so; and those changes are going to continue for the foreseeable (how long is that?!) future.
You can regularly find David speaking at industry events – he’s pictured at the rostrum at the 2019 IFSEC exhibition; and I recall chairing a Brunel University day-long conference last summer when David was an (online) speaker. This book, then, is David’s working out at length of his messages. I must admit I didn’t go from page one but first flipped to the penultimate chapter 12, on case studies – which were, mainly from the UK: the 2017 Wannacry cyber attack as it hit the National Health Service; the drone (or drones? or no drones at all?!) that closed Gatwick Airport in December 2018; the snowstorm in Texas in 2021; and the Manchester Arena suicide bombing of May 2017.
I turned first to the Gatwick pages because of the mystery. David points out that whether there was a drone or how many wasn’t so much the matter at issue, but the difficulty of restarting after the crisis (because how can you prove that something, if ever there as a threat, is no longer there?). As David says, ‘we must differentiate the external event from the crisis’. Hurricane Katrina was an event; the failure of those in authority to respond to the damage in New Orleans was the crisis. Likewise, it wasn’t so much the drone that closed the airport for three days, ‘but the failure of the airport management in general, and risk managers in particular, to prepare for a situation that was not only predictable but, in the present risk climate, almost inevitable’.
David actually doesn’t answer the mystery of Gatwick (‘we are still waiting for the authoritative post-incident report’) but does spell out the lessons. First; keep up your risk register. Second, ‘risk management is always about judgement’, and risk appetite, because seldom does the dust clear, literally or figuratively, so that you know the danger has passed (as it generally does in Hollywood movies in time for the hero and heroine to embrace, to uplifting music and the closing credits). The first time an event happens, whether man-made or an act of nature, such as a flood requiring an evacuation, it’s always chaotic. That’s ‘almost inescapable’, but you learn to deal with a crisis by living through one.
As that implies, crisis management and resilience as set out by David are about communication (towards the making of decisions, whether at bronze, silver or gold level), exercising and testing, and learning from ‘near misses’ (things like drone incursions don’t burst out of nowhere, there’s usually other cases). In the broadest sense David’s seeking to understand the world; and giving it a risk rating.
As that implies, David’s subject matters to more than security-risk and business continuity managers. He covers also the story of the container ship that blocked the Suez Canal for days in 2021, that affected global supply chains. Complexity, David states, drawing on academics in this field, ‘makes failure inevitable’. To return to his preface: “The complexities of the modern world have gone beyond our abilities to have a complete understanding of the hyper-connected systems that we are dependent on.” Hence, the uneasy sense that in the global financial collapse of 2008, or covid-19 from 2020, no-one had oversight, and in any case no-one fully understood.
David closes with the academically-expressed idea of a ‘wicked problem’ (a social or cultural problem so complex, it’s difficult or impossible to solve).
Why, then, my sense of calm even on emerging from the other side of David’s book? Because of the sheer rationality throughout, the sense you have as a passenger in a car driven by someone you trust, who meanwhile in conversation puts the world to rights. Such are the scale and impact of events, David can’t right the world, but at least he has advanced our understanding; and through his Institute of Strategic Risk Management (ISRM), is gathering the like-minded. Bravo!
