Nassim Taleb’s book:Antifragile

If you have not had a chance to read Nassim Taleb's book; "Antifragile", here's some quotes to get you psyched up:


“It is easier to figure out if something is fragile than to predict the occurrence of an event that may harm it.  Fragility can be measured; risk is not measurable (outside of casinos or the minds of people who call themselves “risk experts”).

On the third page:

“in every domain or area of application, we propose rules for moving from the fragile toward the antifragile, through reduction of fragility or harnessing antifragility.  And we can almost always detect antifragility (and fragility) using a simple test of asymmetry: anything that has more upside then downside from random events (or certain shocks) is anti-fragile; the reverse is fragile.” 


If these quotes were taken to heart by executives across the board (i.e. spanning all enterprise functions) then there would be a huge demand for the previously touted "business radar" application. This is where we are applying complexity management as the core driver for spotting fragility in an enterprise's infrastructure.

Let us know your views and we will post them for the benefit of our customers. We're especially interested in finding real-world case studies that harness our complexity management Predictive Risk Analytics (PRA) apps.


Here are some excellent comments from members of the group known as "SIRA"; The Society of Information Risk Analysts:Once again, Taleb is right on some things and wrong and even self-contradictory on others.  Unconcerned with Taleb’s objections, insurance companies have to compute premiums which are high enough on average to cover claims payouts and produce a profit but still be priced to sell in a competitive environment.  And it’s not in a casino or just retail consumer insurance.  They insure massive engineering projects that have never before been undertaken (e.g., the Chunnel) and liabilities for new products that have never existed before.  Taleb is correct that they don’t “predict” but that’s not the same as measuring risk.  Saying that there is a 2% chance I will make a claim on a policy next year is not the same thing as predicting that I will.   But, taken over a large number of trials, all 2% probability events would have occurred with about a 2% frequency.


Taleb himself admits to using Monte Carlo simulations and his first published writing was on technical investment analysis.  And he is a fan of Kahneman and, in particular, his research on overconfidence and the highly reproducible results of how well experts apply probabilities.  He also promotes the virtues of some probability distributions (like the power law) over others (like Guassian).  These are all issues related to quantifying uncertainties which may result in losses (i.e., risk).  He at least implicitly admits that some risks are greater than other risks when he claims to measure fragility.  Ironically, Taleb’s oft-used examples of how historical data does not anticipate future events is inevitably based on, you guessed it, historical experience.


Perhaps Taleb does not consider these activities as being related to “measuring” risk.  He seems to make the opposite error of the early 20th century economist Frank Knight, who promoted definitions of risk and uncertainty where the former is measurable but the latter is not.  Fortunately, all actuaries, dictionaries and most specialists in operations research and quantitative decision analysis ignore both Taleb and Knight and they quantify both.

However, I think I align with Taleb on suspicions of many “risk experts” and for some of the same reasons.


Douglas W. Hubbard

Hubbard Decision Research


Well tempered, Doug.  I always saw "fragility" as measurement that attempts to not necessarily predict or forecast using units of time, but still inform a propensity towards "likelihood."

In other words, ask yourself WHY fragility matters (and esp. with your security hat on)?  Sure, it matters in the CISO charter "to secure" - but if we were to apply Taleb's principles in that book towards an organization, all we'd really doing is trying to cleverly figure out how to prioritize "spend" (which one might argue is a definition of risk management).

Alex Hutton