General Stanley McChrystal’s Top 3 Risk Management Lessons for Business Leaders

In the 1930s, with the horrific images of the First World War still fresh, the French constructed a massive line of fortifications along their border with Germany, the Maginot Line, to prevent the risk of repeating the carnage they’d experienced. But when the dreaded Second World War materialized, their expensive insurance policy proved insufficient, and ultimately ineffective. In 1940, the Germans simply went around the Maginot Line and, using the new tactics of blitzkrieg, defeated France in six short weeks.

Like the Germans–and like the networked decentralized terrorist organizations of today–the coronavirus is a fast-moving threat that opportunistically mutates, becoming more dangerous. Even vaccines, our trusted defense against the invasion, are proving less impregnable than we’d hoped.

Threats are ever-changing and impossible to accurately predict. We exhaust ourselves in trying to pinpoint and counter the next threat when our focus should instead be on addressing our vulnerabilities–weaknesses that we can control. That’s the argument I make in my latest book, Risk: A User’s GuideHere are the book’s best parts: 

The greatest risk to us…is us

The varied responses, and vastly different outcomes, to COVID-19 are a case in point. Although nations around the globe faced an almost identical public health threat from the virus, responses and death tolls varied widely. What does this tell us? The virus is not the critical variable–humans are. Weaknesses in the ability to detect the threat of COVID-19, assess its impact, respond successfully, and learn as new variants approach left many nations unnecessarily vulnerable–and millions died from our failures.

What can we learn from this? Rather than be concerned with external threats that are impossible to identify and prevent, organizations should look instead to what they can actually control. It’s impossible to avoid or defeat every threat, but business leaders can focus on strengthening known weaknesses and vulnerabilities. Take Uber, for example: The rideshare company was laser-focused on profitability, but failed to recognize its toxic corporate culture. It was the latter (controllable) threat that ended up damaging the company. 

Focus on the system  

COVID-19 forced us to pay attention to our immune systems. Like the human immune system, organizations should have a “Risk Immune System,” made up of 10 Risk Control Factors (including timing, communication, diversity, and structure), overseen by leadership, that determine how teams respond to risk.  Like a series of interconnected dials, these control factors work together to calibrate our response to risk. Consider the oil & gas industry, where companies must consider external risks–such as price volatility and increasing regulation–but also the internal vulnerabilities of a challenging and a grueling safety regime. Only by acting and adapting safely and at the right time, incorporating diverse perspectives and maintaining appropriate work protocols, can their efforts be both profitable and safe. Maintaining a healthy, integrated system–not a collection of disconnected entities–provides us a robust defense.

It’s up to you

We are our own greatest risk–but potentially our greatest strength as well. Terrorist organizations and COVID-19 remind us that the range of threats is ever-increasing and constantly evolving. 

Fortunately, we aren’t powerless. Focus on and address your vulnerabilities. Capabilities within yourself and your organization can be strengthened–it takes only commitment and a bit of sweat. When the Big Bad Wolf appears, knock him out.

Newsletter Signup

Subscribe to our weekly newsletter below and never miss the latest news.