Improving resilience stress-testing


By Dr. Gianluca Pescaroli, University College London, Email:

The crisis triggered by the Coronavirus disease 2019 (Covid-19) pandemic exposed the interdependencies and vulnerabilities of our societies. It has been the last of many wake-up calls revealing the systemic nature of risk and our reliance on technology. Despite all the precursors and the inclusion in the risk registers, most of the world was still unprepared.

A large part of the research published in the last year analysed the direct impacts of the pandemic, such as infection rates, hospitalisations, or public behaviours developing new evidence for the field. However, the implications for crisis management are much wider. Our sector needs to consider more than ever before the implications of complex scenarios, cascading effects and compounding factors for developing new strategies of resilience (Pescaroli and Alexander 2018).

It’s something that has been under our eyes all this time. The concurrency of the pandemic with other natural hazards, such as earthquakes in Spain and California, forest fires in China, flash flooding in Milano and Palermo, has challenged first responders across the globe. Infrastructure providers experienced ICT disruption triggered by intentional or unintentional causes, such as cyber-attacks in Israel or technical failures in London. Organisations had to consider better the effects of coronavirus, including the possibility of civil unrest or long-range supply disruptions. Is it all this so new that we needed a global pandemic to take some actions?

It’s time to go beyond our existing approach to continuity planning. Let’s consider together the results of our European Survey (N=3029), that was developed in mid 2020 and targeted the wider public (Pescaroli et al. 2021). The aim of our research was to understand how Covid-19 could be amplified by societal vulnerability to cascading and interconnected risks. It can be noted that before the outbreak of the Covid-19 pandemic, our respondents considered an epidemic in Europe to be rather unlikely.

It was perceived as an ‘emergency’ when it started spreading in Italy, more than being associated with the global or local scales. In other words, only a minority of the respondents reached the conclusion the event was something that needed an exceptional and immediate action upon hearing the news of the contagion in China: it was at the spreading of the pandemic in Italy represented a critical ‘tipping point’ that changed the perception of Covid-19 from being a faraway event, to a collective and real crisis to be dealt with.

National civil protection services were perceived as inadequately prepared for such an event. The most important reasons for the spreading of the virus were indicated as international mobility, followed by lockdown measures that were implemented too late, and just a minority of answers considered the deadliness of the virus. These outcomes highlight the need for reinforcing the supranational governance and the importance of going beyond the use of hazard-oriented “reasonable worst-case scenarios”.

It’s not just a matter of managing primary threats.  It can be observed that cascading events can be contained by actions aimed at reducing those vulnerabilities that could exacerbate secondary crises, such as critical dependencies on certain technologies or assets.  Some practical challenges can be associated with understanding how complex scenarios affect networked infrastructure or services beyond the healthcare sector.

Our data shows changes in behaviours that have not been understood in their implications for longer term resilience building, such as the use of online banking and financial services or the increased reliance of phone and internet services. Similarly, public concerns were mostly centred on the primary impacts of Covid-19, such as those on health and the economy or on the occurrence of further waves. There was limited awareness of how those aspects could re-combine with other crises happening simultaneously, such as flooding, or the potential gravity of fake information in amplifying ongoing events.

It’s not a matter of approaching emergency management in terms of preparing or responding to “likely” or “unlikely” scenarios. It’s time to achieve operational and organisational resilience by moving toward a more “risk agnostic approach” and considering which are the common point of failures that could be affected by multiple crisis.

In our most recent work (Pescaroli and Needham-Bennett 2021) we proposed a new five steps benchmarking model for the development of complexity in scenario stress-testing. The model begins with the most well- known and frequent threats happening individually, such as flooding. The second step takes it to a flood caused by a storm or during a storm, which could inhibit site access. The third step introduces a cascading effect, such as the storm precipitating a power outage or damage to a communications hub, as well as a flood. A fourth step introduces perhaps a lateral threat that during the event a hybrid threat, such as a state inspired cyber-attack or “fake news”, emerges. Finally, a hypothetical “unknown-unknown” might adversely affect supporting infrastructures with resultant cascading effects.

Taking back the rationale on Covid-19 that I introduced earlier in this comment, any reader could use it to start thinking differently. Please consider the direct and indirect impacts of coronavirus on your organisation. Let’s assume that you moved successfully to remote working to mitigate the pandemic (1). However, during the COVID-19 lockdown, wildfires sweep the area were your many of the employees are living (2). This implies further pressure on healthcare services, breaching lockdown regulations, and blackouts that could affect both workers living in other areas and the resilience of ICT (3). While this is happening, fake information is spreading about the capacity of your organisation to your respects your commissions (4). At short notice, there is a loss of capacity in Global navigation satellite system due to space weather or intentional attack.

Adopting the adequate approach to continuity planning, the common point of failures can be imagined, anticipated, and hopefully, their consequences limited. New and better practices can be introduced in organisations, being effective both for the visible and invisible threats. And if you are asking yourself, yes. We are all more dependent than what we think on satellite services. Do your stress testing and change the way your organisation is resilient.

The following are the studies quoted in this article:

Interested in scientific research in resilience? Check out this article.