Thinking Long and Wide: The Value of Horizon Scanning

In 2008, the Institute for the Future, a nonprofit think tank focused on long-term planning, created a massive multiplayer game to forecast what the world might look like in 2019. More than 7,000 people played Superstruct and explored dozens of scenarios about what might happen over the next decade, both good and bad. One of those potential futures involved a global pandemic of “respiratory distress syndrome” that forced extended periods of quarantine – an unnervingly prescient forecast from the vantage point of 2020.

The possibility of a global pandemic has never been a secret. New diseases are constantly evolving, and scientists frequently warn us that some of them will inevitably be both highly contagious and hard to stop. Nonetheless, in 2019, no one could have said with any certainty that a global health crisis would happen the following year. Even though many governments have long had guidelines to direct their response to a mass disease outbreak, the COVID-19 pandemic took much of the world by surprise.

So how is it that even as the human and economic weight of the crisis brought entire industries to their knees, some companies were able to shift quickly into crisis mode – or pivot to new opportunities or business models – and remain standing?

By definition, unexpected events happen unexpectedly, but in a global, interconnected world, they are becoming more common. Disease is just one of the many unpredictable factors, from simmering geopolitical tensions to the growing impacts of climate change, that are increasingly likely to disrupt business operations. You don’t need to know exactly when, where, and how a massively disruptive event will happen to understand that it’s possible and needs to be planned for.

Business resilience planning, disaster recovery, and in-house risk management teams play a critical role in preparing companies to survive risks they know are possible. However, they fall short in preparing companies for risks they don’t already know about. Business leaders can no longer argue that they can’t know what they don’t know. As fast and unpredictable change makes past data less relevant to future planning, they need to look beyond what they already know. They need foresight – and to get that, they need tools beyond the company’s own data that let them scan the horizon for possible outlier events and prepare for the potential business impact, however unlikely.

Business man placing wooden block on a tower concept risk control

Hunting for black swans

Business leaders often use the metaphor of the black swan to refer to an event so uncommon that it’s just this side of nonexistent. The saying comes from Europe, where all swans are white other than the occasional mutant, and it’s been around for so long that the Roman poet Juvenal used it 1,900 years ago. But futurist Jamais Cascio, who helped create Superstruct’s underlying scenarios, thinks the saying is long overdue for retirement. After all, it’s been more than three centuries since a Dutch explorer returned from Australia with the news that the swans there were black.

“There were lots of people in other parts of the world who knew about black swans; it’s just that no one had asked them,” Cascio points out. “That’s the critical flaw of [the metaphor]. There’s likely someone who does know about the existence of the thing you believe is impossible, but no one is listening to them.”

There are two kinds of companies. One doesn’t worry about a thousand-year flood. The other decides to worry about it because this might be the year it happens.

In other words, a so-called black swan event may not be as rare or unlikely as you think. But you can’t know how rare it is – or isn’t – and prepare accordingly unless you expand and diversify your existing inputs (from employees, outside experts, external data, etc.) to see if something or someone tells you the equivalent of “Actually, where I come from, black swans are ordinary.”

In fact, risks that businesses once thought so unlikely that they weren’t worth planning for – like a global supply chain interruption lasting for weeks or months or a corporate infrastructure that needs to support a shift to a 100% remote workforce that happens virtually overnight – are now increasingly possible, even though they aren’t predictable.

There are now two kinds of companies. One decides not to worry about a thousand-year flood because it only happens once every thousand years. The other decides to worry about it because this might be the year. As unexpected disruptions become more frequent, affect more places simultaneously, and have more severe and lasting effects, we need to accept that this might be the year – and choose to improve our ability to swim, float, and build a dam, all at the same time.

Security guard watching monitors in control room

The limits of data – and human nature

We’ve grown used to thinking of data as an incredibly powerful tool for managing risk and disruption. In the process, though, we’ve forgotten that for all its power, data has limits.

These are just a few ways in which data trips us up:

We treat individual data points as trends and, with insufficient data, try to extrapolate from where we are to where we might be going.

We try to translate research studies directly to corporate use without accounting for the differences between controlled laboratory conditions and the looser atmosphere of a business organization.

We forget that data is backward-looking by definition and can’t account for abrupt changes and discontinuities. Algorithms, which depend on historical data, can’t predict or anticipate something that has never happened before.

We let data lead us into deterministic thinking. We assume that a trend line projected into the future is both true and inevitable, forgetting (or ignoring) that what happened in the past may not continue happening in the future.

Then there are the innate challenges we bring to analyzing any situation – the human brain’s many inescapable cognitive biases that keep us from interpreting data accurately. Thinking, Fast and Slow, the bestselling book by Nobel Memorial Prize in Economic Sciences laureate Daniel Kahneman, is a good introduction to some of these biases:

And, of course, we ignore or actively deny data we don’t like. Consider the meatpacking industry, which was warned as long ago as 2006 that meat-processing plants were at high risk of becoming vectors for a highly contagious disease. Infectious disease experts and emergency planners begged them to prepare, but the industry insisted that the disaster scenarios of absenteeism, plant closings, uncontrolled community spread, and food shortages were unrealistic and excessive. Yet as we all know, COVID-19 brought all of that to pass.

We think of data as a powerful tool for managing risk and disruption. But we also can forget that for all its power, data has limits.

The limits of data go beyond the challenges and pitfalls of interpreting it. Data – especially internal data – can only help us approximate the kinds of disruptions we may confront. For example, looking at climate change trends lets us anticipate that at some future point, some parts of the globe will probably become unlivable, that this will force huge population shifts, and that these mass migrations will probably spread new diseases on a warming planet.

Every company generates and uses data. But how do you turn it into a high-value asset?

However, data can’t account for wild cards or multiple interconnected crises. So we can’t say exactly what these diseases will be, how they will spread, or how that will impact global systems. Nor can we predict unexpected impacts that have yet to reveal themselves, like a previously unknown effect of atmospheric carbon dioxide or the development of a new form of antiviral medication.

We need data. But we also need new lenses through which we can view that data, to look at new things we haven’t encountered yet and to determine which questions we should be asking.

Businesswoman examining crystal ball in office

Crystal balls for unknown risks

Your company is like the Titanic when it relies only on what it already knows about itself: It might know that it’s in iceberg territory, but it can’t see that there’s an iceberg on the horizon or that the bit of ice visible above the water is only the tip of a much larger danger.

There are many methodologies for identifying what the future may hold and how to adapt to it. A resilient business will spot and evaluate potential risks using three common tools:

Horizon scanning is the method of constantly reviewing what’s happening in the world – scientific developments, political shifts, public health trends, emerging topics on social media, and more – to identify issues that your business doesn’t typically consider and to ask whether they might impact your business in the near or distant future. The average business leader who reads an article in early January 2020 about a mysterious flu-like disease in Wuhan, China, may have thought it was vaguely interesting but irrelevant; a leader in the habit of scanning the horizon or hiring someone to do so would be more likely to think that it might not remain confined to Wuhan. Essentially, horizon scanning is the practice of thinking that something seemingly unrelated to your business might actually be relevant.

Causal layered analysis is the process of drilling down into different levels of meaning in any foresight project. On the top level, you may be trying to determine how climate change will impact your business in 10 years. Causal layered analysis asks you to dig deeper to consider the societal and economic causes of climate change, the worldviews that underlie those societal and economic causes, and the underlying ideas that need to shift in order for the company to adapt to climate change.

Start up team working on horizon planning together

Similarly, the leverage points framework developed by Donella H. Meadows, one of the inventors of the field of systems thinking, provides a dozen increasingly powerful ways in which to intervene in and transform a company, organization, or other system. Each approach digs deeper into what causes a system’s behavior and provides a deeper level of transformation. At the first and simplest level, a company would try changing parameters – the numbers that rule the basics of how it operates, for example – by tweaking wages and product prices to affect profits. At a more complex level, a company might change the structure of processes – that is, where resources and information flow – to change feedback loops, essentially rewiring how the business operates. And at the ultimate level, the company might question all of its assumptions about how and why the system works the way it does – which might result, for example, in an online bookseller morphing into one of the foundation stones of the global Internet or a leading stock market declaring that corporate diversity must become table stakes for publicly held companies.

We need data. But we also need new lenses through which we can view that data, to look at conditions we haven’t encountered and to figure out which questions we should be asking.

Scenario planning puts horizon scanning and the deeper analysis to work by generating a list of “what ifs” about the things you see on the horizon and exploring all the ways they might play out – and, in particular, how two or more different uncertainties might intersect in useful or risky ways. Scenario planning generates distinct alternative narratives about the future, often including ones you may think are unrealistically positive or negative, so you can explore what each of those narratives might mean to your business if it comes to pass. For example, what if a promising new development in battery technology reaches the market? What if your competitor adopts that technology before you do or vice versa? What if you adopt the technology only for new products? What if you retrofit existing products to incorporate it? What if the public embraces the technology, or decides it’s too expensive, or believes a rumor that it’s dangerous? What if it really does turn out to be dangerous? And so forth.

“The value of scenario work comes from the way it can provide a framework to apparent randomness,” Cascio says. “It creates a structure to compare and contrast the different possible outcomes of a given issue.” That makes it more feasible to plan what your business might do to prepare for each possible outcome.

Three business people discuss graphs on screen in meeting room

Planning is business vaccination

One easy way to understand these methodologies is to think of them as vaccines, he suggests. They sensitize an organization to weak signals and early warnings of potentially dangerous change so that it knows when and how to act when the change arrives.

When you imagine all the ways in which the present might evolve over months or years, you should assume that you’ll eventually need a plan to prevent, cope with, or react to something negative, says Fiona Williams, a partner in Deloitte & Touche LLP’s Risk & Financial Advisory practice. An existing risk mitigation program is a good starting point, she says: a company may never have considered the specific likelihood of a global health emergency, but if it had already planned for third-party supply chain risks, different ways to maintain liquidity, or a scenario in which employees couldn’t come into the office, it’s probably struggling less than another organization that hadn’t given those possibilities any thought.

Unfortunately, as Kahneman and others document, this lack of preparedness is a very human problem. Just as many companies resisted spending on cybersecurity until after their systems had been compromised, many companies don’t invest in anticipating the future until after an unwanted future starts to seem possible. So before anything else, your company needs to commit to the idea that even if worst-case scenarios are unlikely, they’re likely enough.

Mozilla, for example, had an established office of foresight and planning but decided to eliminate it in early 2020, which may have been the worst possible time to back away from strategic foresight, as Cascio notes. Since then, the company has struggled. In August, it announced that its “pre-COVID plan is no longer workable” and laid off nearly a quarter of its workforce to prepare for the expiration of its deal that made Google the default search engine in the Firefox browser. Since this deal accounted for the majority of its revenues, Mozilla’s future is at risk – and by deciding to stop gaming out possible futures just before a massively disruptive event occurred, the company left itself without the very resources that would have helped it figure out how to remain profitable and viable.

In a broad-based approach to scanning the horizon for long-term risks, a company needs to commit to the idea that even if worst-case scenarios are unlikely, they’re still possible.

Another possible pitfall is identifying long-term risks but failing to develop a plan fast enough to fend off the consequences. The U.S. Army Corps of Engineers, for example, had spent years projecting the risks of a direct hurricane hit to New Orleans and developing options for addressing them – but it had yet to act on its plan when Hurricane Katrina destroyed the levees protecting the city in 2005. The Army survived, as did New Orleans, but at least 1,800 people died in a storm that caused US$125 billion in damage, and parts of the city have yet to be rebuilt.

Uncertainty is here to stay. By imagining multiple destinies, companies can prepare for anything.

Other companies assume they’re protected by their size, importance, or resources, which would let them coast through disruption through sheer inertia – but the factors that seem to be protecting them could change in an instant. In 2000, for example, Cascio worked with a massive multinational company that was convinced it was too big and necessary to fail. It only wanted him to project all the different ways in which its future could be bright. When the global economy nosedived in 2002, the company had no plans to cope and went out of business.

To be fair, planning for the worst case isn’t feasible for every business. Some companies simply lack the resources to devote to planning for multiple possible futures. Those that are focused on short-term efficiency and profits may decide it’s not worth spending money to plan for high-consequence but low-possibility outcomes. But that means accepting that one possible future is one in which your organization doesn’t survive. If your organization can make the effort, then it should.

“Planning for the unpredictable often means making hard choices or spending money that won’t deliver an immediate ROI, so companies tend to see it as a cost center, not a profit center,” Cascio notes. “It’s difficult for a lot of companies to understand how foresight and planning today leads to profits 10 years down the road.”

Shot of a programmer connecting to a user interface while working in an office at night

Building the means to sense and respond

Williams of Deloitte recommends that companies start their attempts at looking into the future by documenting known risks, tracking trends and KPIs to identify other potential risks, assessing dependencies, and ensuring a strong leadership team.

After that, it’s time to build the metaphorical muscle memory that lets you respond quickly to events. Simulations and exercises that explore how your organization would respond to a variety of risks let you project and record each step you would take in a variety of circumstances. What would you do if your supply chain were damaged? How would you cope if an entire department lost access to your IT infrastructure for an extended period of time? What would happen if your entire leadership team became unavailable at once? If you have an established plan for each of those eventualities, Williams points out, you’ll be better positioned to respond quickly if any of them happen instead of trying to figure out what to do in the heat of the moment.

Long-range risk management is not like budgeting for unscheduled maintenance. You’re planning how to cope with massive disruptions, like strengthening your supply chain to deal with potential regulatory changes created by Brexit or managing when to schedule nonemergency surgeries while providing adequate care to patients in a pandemic.

“It’s not just having your one pivot ready,” Cascio says. “It’s having a toolkit of pivots planned out so you can pick the right one for the moment. And the pivot may be doubling down on what you’re already doing.”

As companies scan the horizon and develop scenarios, they must not only consider where unexpected risks may arise but how likely they are, how they will damage the business if they occur, how to mitigate them, how to recover if it hasn’t mitigated them, and most importantly, what signals indicate that the scenario is becoming reality.

Remember, you aren’t trying to create actionable paths for risks you’ve already anticipated. Long-range risk management is not like budgeting for unscheduled maintenance. You’re planning how to cope with massive disruptions, like strengthening your supply chain to deal with potential regulatory changes created by Brexit or managing when to schedule nonemergency surgeries while providing adequate care to patients in a pandemic.

Shot of a young businessman taking a break at his desk

From foresight to proactivity

Scanning the horizon for potential risks and opportunities isn’t just about trying to plan your organization’s future. It’s about directing the organization toward the future you want – and that’s not a one-and-done project. You have to keep revisiting your potential futures as the world changes.

Data does have a role to play in helping you keep track of those changes. Artificial intelligence (AI) and machine learning are invaluable tools for sifting through everything from obscure news items to social media sentiment to find tidbits of potentially relevant information, categorize them, and connect the dots between them. But even industry-leading prediction platforms can only go so far. As AI continues to evolve, large organizations need greater certainty than predictive analytics can deliver, at a greater scale and over longer timeframes. It’s up to humans to use scenario planning, experience, and intuition to imagine the previously hard-to-imagine and to plan for it.

Williams suggests that companies that don’t already have an enterprise foresight team to help the organization understand and measure risks and opportunities can consider creating one to advise leadership on what to prioritize and how quickly to act.

It’s also critical to look beyond the C-suite – and beyond the company or even your industry – for help imagining and developing as many diverse possible futures as you can. In other words, you’re looking for the people who know about black swans.

Once you’ve constructed scenarios about what the future could look like – not next week or next month, but in the next three, five, or ten years – you can determine what you need to do in order to thrive in each of those potential futures. If you prepare for all of them, you’ll be better prepared to handle the actual future, which probably won’t look exactly like any of them but is likely to include bits and pieces of all of them.


Spelling Out Potential Business Risks

If you aren’t sure what risks you might be facing, work your way through these two lists of top 10 risks from the World Economic Forum’s 2020 Global Risks Report and ask yourself how each of these might affect your organization:

Top 10 Risks by Likelihood

  1. Climate action failure
  2. Natural disasters
  3. Biodiversity loss
  4. Human-made environmental disasters
  5. Data fraud or theft
  6. Cyberattacks
  7. Water crises
  8. Global governance failure
  9. Asset bubbles

Top 10 Risks by Impact

  1. Climate action failure
  2. Weapons of mass destruction
  3. Biodiversity loss
  4. Extreme weather
  5. Water crises
  6. Information infrastructure breakdown
  7. Natural disasters
  8. Cyberattacks
  9. Human-made environmental disasters
  10. Infectious diseases

Companies can also take a calculated risk by choosing not to plan for specific scenarios, but the board of directors and top management all need to agree on that. A company’s leadership has the ultimate responsibility for adopting a process and models for quantifying their risks, deciding whether or not to act on them, and choosing how much to prepare and invest if they do choose to act, says Williams. It can’t be left to one executive or a small risk management team.