Posted on: January 14, 2026
Is Your Business Ready for the Next Grey Rhino?
The past few years have shown that COVID-19 was not a one-off. Since 2020, businesses have had to navigate a rolling series of shocks, including a global pandemic, war, energy price spikes, supply chain disruption, extreme weather, and a steady rise in cyber attacks.
Your risk profile does not sit in isolation. It is part of a broader system shaped by climate, geopolitics, technology, and regulation. Strengthening your approach to risk management and checking that your insurance is keeping pace makes sense.
Black Swan or Grey Rhino?
Black swans are rare, outlier events that are difficult to anticipate or plan for. In contrast, many of the risks keeping business owners awake today look more like grey rhinos. This term, coined by US policy analyst Michele Wucker, refers to highly probable, high-impact threats that are often ignored until they are unavoidable.
Cognitive biases can keep organisations in denial. Wucker explores this further in her TED talk. Business leaders increasingly use the grey rhino concept to reframe risk, recover faster from disruption, build resilience, and identify early warning signs. The aim is to reduce uncertainty around the risks most likely to confront your business.
Risks Have Not Gone Away
COVID-19 may have faded from headlines, but the underlying drivers of pandemic risk have strengthened. Studies spanning four centuries of disease data suggest there is roughly a one-in-three to two-in-five chance of experiencing a pandemic as severe as COVID-19 in a lifetime.
Climate change further amplifies these risks. Research shows that more than half of known human infectious diseases can be worsened by climate-related hazards such as heatwaves, flooding, and drought. Scientists are also warning of a new “age of the panzootic”, where diseases move rapidly between animal species and may spill over into humans.
For business owners, the message is not to panic. It is to recognise future health emergencies as one of several predictable grey rhinos that could disrupt your workforce, supply chain, and customer base.
More Globally Disruptive Events Likely
Beyond pandemics, other large-scale disruptions are increasingly possible. These include:
- Military conflicts and war
- Supply chain disruptions
- Restrictions on business and consumers, such as public health orders or limits on movement
- Energy crises
- Cyber attacks
- International trade wars
- Natural disasters
- Major company accidents
Time, Early Signals and Your People
Another critical dimension of risk is time. The lead period between recognising that a disruptive event may occur and when it first impacts your business is known as detection lead time. This warning window matters.
Consider cyber security. Moves to tighten data and privacy obligations worldwide will affect Australian businesses, including SMEs. The Productivity Commission and the Federal Government have flagged the need to strengthen privacy protections. While the timing and nature of a cyber attack is uncertain, regulatory tightening is not.
It is also important to look inward. Each staff member brings a unique ‘risk fingerprint’. This reflects their personality traits, experiences, and social context, all of which influence how they perceive and respond to risk. Wucker explores this idea further in her book You Are What You Risk.
Think about how traits such as risk aversion, sensitivity, or risk blindness shape responses to threats and opportunities. Are assumptions being made about how people will react? Encouraging information sharing and discouraging groupthink can help build a safer, more resilient workplace culture.
Updating Your Risk Management and Insurance
So what does this mean for practical risk and insurance decisions this year?
You may want to consider:
- Refreshing your risk register using a grey rhino lens, focusing on a small number of high-impact, plausible disruptions such as another infectious disease outbreak, a major cyber incident, prolonged supply chain interruption, or climate-related disaster.
- Reviewing your business continuity plan to ensure it reflects hybrid working, cloud reliance, and changes in key suppliers.
- Checking whether your current policies respond to non-physical damage events, such as cyber incidents, denial of access, or supply chain disruption, rather than only fire and storm.
- Exploring specialist covers where appropriate, including broader cyber and privacy protection, management liability for regulatory exposure, and tailored extensions for infectious disease or event disruption where available.
We can help you map global trends to the realities of your own balance sheet, people, and operations. Together, we can review your existing insurance, identify gaps, and ensure your cover is aligned with the risks of the next decade, not the last one.
