Resilience in the Age of Permacrisis

The concept of 'permacrisis' describes our new reality of overlapping emergencies. We present a new framework for organizational resilience that moves beyond risk management to embrace strategic redundancy, decentralized decision-making, and anti-fragility.

The world you lead in now is not stable.

Pandemics, supply chain failures, cyber incidents, wars, climate shocks, political volatility, and disruptive technologies like generative AI do not arrive one at a time. They stack. They collide. They cascade.

That reality earned a name a few years ago. Collins Dictionary selected permacrisis as its 2022 Word of the Year and defines it as “an extended period of instability and insecurity, especially one resulting from a series of catastrophic events.” [1]

Global risk data matches what leaders feel.

The World Economic Forum’s Global Risks Report 2024 identifies misinformation and disinformation as the biggest short-term risks, while extreme weather and critical changes to Earth systems dominate the long-term horizon. [2]

A 2025 WEF survey of global leaders goes further, ranking escalating armed conflict as the most urgent global threat in 2025, with environmental risks still defining the decade ahead. [3]

On the physical side, UNCTAD describes global trade and transport as operating in a “polycrisis” of geopolitical tension, climate-driven chokepoint disruption, and economic volatility. [4]

Sea-Intelligence’s Global Liner Performance data shows that global container schedule reliability in 2024 largely stayed within the 50 to 55 percent range, compared with roughly 70 to 85 percent before COVID. [5]

This is the age of permacrisis in data, not just rhetoric.

In that environment, traditional risk management is necessary but not sufficient. A heat-mapped risk register does not protect you from concurrent, compounding failures. At the CEO or four-star level, your responsibility is not to manage individual risks. It is to design an institution that does not break when the world does.

The framework I use with senior executives in industry, the U.S. military, and government has three pillars:

Strategic redundancy
Decentralized decision making
Antifragility

These are not abstractions. They are design choices.

From risk management to resilience by design

Most mature organizations already have the basics:

Enterprise risk registers
Recovery time and recovery point objectives on continuity plans
Annual business continuity and incident response exercises
Compliance reports that show “green” when tested

Keep them. They are table stakes. Just do not confuse them with resilience.

Traditional risk management assumes a world where:

Shocks are largely independent
You can treat risks one by one
There is a stable baseline you are returning to

That assumption no longer holds.

Systematic reviews of supply chain resilience show that in the face of frequent, correlated disruptions, resilience depends on structural design choices such as multi-sourcing, inventory buffers, excess capacity, and flexible contracts, not only on contingency plans. [6]

UNCTAD’s Review of Maritime Transport 2024 underlines how geopolitical tension and climate-related canal and port disruptions reshape routes, transit times, and reliability at system level, rather than producing isolated one-off shocks. [7]

That pushes us toward a more useful working definition:

Resilience is the ability to absorb concurrent shocks, maintain mission-critical functions, and learn fast enough that every disruption strengthens your future posture.

That is not something you achieve with a better spreadsheet. It is something you build into:

The architecture of your systems
The structure of your organization
The way you make decisions under pressure

Pillar one: Strategic redundancy

Inside efficiency-driven cultures, redundancy is often treated as waste. The instinct is to strip out “duplication” to optimize cost.

The data argues for a more nuanced view.

Recent work on supply chain resilience repeatedly emphasizes redundancy and flexibility as central levers: multiple suppliers, reserve inventory, capacity buffers, and alternate routes are cited as effective mitigation strategies in the face of disruption. The systematic reviews referenced above are examples, and similar themes appear in empirical work on flexibility as a pillar of resilience. [8]

UNCTAD’s maritime transport analysis reaches the same conclusion at global scale: future-proofing supply chains depends on strengthening maritime chokepoints with extra capacity, digitalization, diversification of routes, and new investment. [7]

The lesson is straightforward: redundancy is expensive in calm periods and priceless in crisis.

Strategic redundancy is not doubling everything. It is being intentional about where you are allowed to fail and where you are not.

Multiple pathways for critical functions

Dual or multi-sourcing for irreplaceable components and services
Alternate facilities and fallback locations that can assume key workloads
More than one identity or access pathway, so a single identity failure cannot paralyze the enterprise

Modularity and segmentation that localize failure

Network segmentation that limits lateral movement and blast radius
Loosely coupled systems with clear “circuit breakers” between domains
Supply and distribution networks designed to isolate disruptions to specific regions or product lines

Deliberate slack where shocks will land

Extra capacity and cross-training in crisis-critical functions such as incident response, operations, HR, and communications
“Dark” capacity that can be activated during surges without months of ramp-up

From the board or command perspective, this is not indulgent. It is optionality. You are paying for the freedom to maneuver when others cannot. Those windows of asymmetry are often when markets are reshaped, alliances are decided, and careers are made or ended.

A question worth asking your team in the next senior forum:

“If we lost our primary cloud provider, a major regional facility, and one of our tier-one suppliers in the same week, what would actually continue to function, and for how long?”

If that question produces vague answers or awkward silence, the issue is not a missing contingency document. It is under-investment in strategic redundancy.

Pillar two: Decentralized decision making

In both combat and corporate crises, the rare commodity is not data. It is timely, aligned decisions.

Modern military doctrine has wrestled with this problem for decades. Mission command, as articulated in U.S. and NATO doctrine, is the exercise of authority through mission-type orders that enable disciplined initiative within the commander’s intent, particularly in contested and communications-degraded environments.

For example:

U.S. Army ADP 6-0, “Mission Command: Command and Control of Army Forces” [9]
NATO Allied Joint Doctrine for the Conduct of Operations (AJP-3), which embeds mission command principles in joint operations [10]

Organizational research points in the same direction. Comparative studies of traditional hierarchies and self-managed structures show that decentralized teams often respond faster and adapt better under stress, while highly centralized organizations coordinate well on paper but become decision bottlenecks in practice. Recent reviews of resilience and flexibility in supply chains echo this, arguing for hybrid models that combine central coordination with local autonomy. [11]

For resilience, the pattern you want looks like this:

Centralized at the top: intent, priorities, guardrails

Clear articulation of purpose and non-negotiable outcomes
Enterprise-level risk appetite and explicit escalation thresholds
A common operating picture and shared data to anchor decisions

Decentralized at the edge: execution and adaptation

Mission owners empowered to reroute, reallocate, and reconfigure within defined guardrails
Pre-delegated authorities that activate under crisis conditions
Local autonomy over methods, so teams are not waiting on headquarters for every adjustment

The core is commander’s intent and disciplined initiative. People who understand the “why” should not need to wait for permission to act when they see a critical “what” and “how.”

A simple diagnostic for any large enterprise or command:

“If our headquarters network failed, our primary messaging platform were compromised, or senior leaders were unreachable for 48 hours, would subordinate units and business lines know what to do, what they are authorized to do, and where the red lines are?”

If the honest answer is no, you do not just have a resilience gap. You have a command-and-control problem. Crises expose who actually holds power in your organization. If every decisive move must wait on a handful of people at the top, the structure has already chosen paralysis as its default.

Pillar three: Antifragility

Resilience means you can take a hit and stay standing. Antifragility goes further.

Nassim Nicholas Taleb’s book Antifragile: Things That Gain from Disorder defines antifragile systems as those that get better when exposed to volatility, stressors, and uncertainty. Fragile systems break under stress. Robust systems withstand it without improving. Antifragile systems gain from it. [12]

Cybersecurity thinkers are beginning to adopt the same lens. Industry work now argues that traditional “static resilience” is no longer enough in a world of AI-accelerated threats. Defenses must learn from attacks and adapt, turning each attempted compromise into an opportunity to harden posture and refine detection. [13]

At the institutional level, antifragility looks like three habits that you, as the senior leader, can insist on.

1. Structured learning from every disruption

Standardized after-action reviews for major incidents, outages, crises, and near misses
Focus on system design, incentives, and information flow, not blame
Visible tracking of remediation actions, with executive follow-through

2. Deliberate exposure to stress in controlled environments

Regular red teaming and adversary emulation
Integrated crisis simulations and wargames that include the executive team, not just technical staff
“Chaos engineering” style exercises in non-production environments, to observe how systems and teams respond when key components fail

3. Optionality in strategy and architecture

Multiple strategic pathways explored in parallel, rather than a single “bet the firm” approach
Modular technology stacks and organizational designs that permit substitution and reconfiguration under stress
Contract and partnership structures that allow scaling up, scaling down, and switching partners without political or technical gridlock

Antifragility is not improvisation. It is designed exposure to volatility that yields an advantage. Antifragile organizations treat disruption as training, not interruption. They accumulate capability from each shock while competitors expend capital, credibility, and trust simply trying to get back to where they were.

A resilience framework for large enterprises and commands

For organizations of any size, the three pillars translate into four practical lines of effort.

1. Map missions and cascading failures

Do not start with a list of threats. Start with what must endure.

Identify the five to ten missions or outcomes that are non-negotiable in almost any scenario. For example:

For a hospital system: emergency care, critical surgeries, medication delivery
For a financial institution: core payments, liquidity access, market controls
For a defense or national-security organization: command and control, intelligence and ISR feeds, cyber defense, sustainment for deployed forces

For each mission, require a view of:

Single points of failure
Cross-dependencies with other business lines, infrastructure, suppliers, and technologies
How multiple disruptions could interact to degrade or collapse the mission

This becomes your cascading failure map. At the board or command level, it should be the backbone of your resilience dashboard.

2. Design strategic redundancy

For each mission, direct mission owners and technical leaders to identify:

Alternative paths, not just backup copies
Segmentation strategies that localize failure
The minimum viable slack in people, capacity, and contracts needed to ride out prolonged disruption

Then insist that it be quantified. Which redundancies will you fund, and which fragilities will you consciously accept because the risk is tolerable?

This is a capital and force-structure decision, not a technical detail.

3. Redesign decision rights for crisis

Through a mission command lens, review:

Whether your intent is explicit, written, and regularly reinforced
Whether decision rights are clearly defined for both steady-state and crisis conditions
Whether mission owners understand what they may decide without seeking permission when specified thresholds are crossed

Where necessary, move the culture from “wait to be told” toward “act unless prohibited,” inside clearly stated guardrails. That expectation must be modeled and defended from the top.

4. Institutionalize antifragility

Require learning, not just recovery.

Every significant disruption or near miss triggers a formal review
Reviews must result in specific changes to process, architecture, training, or contracts
Completion of those changes is tracked and discussed at senior level

Layer in recurring stress events.

At least one integrated crisis simulation for the senior team each year
Regular technical game days that deliberately “break” systems in safe environments
Wargames that combine cyber, information, logistics, and leadership stressors

The objective is simple:

Every disruption, real or simulated, should buy you future survivability.

How serious leaders operationalize this in 30 days

At CEO or four-star level, you do not need a checklist. You need a small number of visible decisions that signal intent and set a new standard.

Three moves in the next 30 days will do that.

1. Commission a mission and fragility map

Direct your COO, CIO, or equivalent to convene operations, technology, and risk leaders for a focused session. The order is clear:

Produce a one-page list of the top ten missions and their obvious single points of failure.
Highlight where a second concurrent disruption would most likely break the mission.

Expect that page on your desk or in your next executive session. Make it the reference point for future investment discussions.

2. Set a standard for uncomfortable questions

At your next senior forum, ask each mission owner one question in front of their peers:

“If two other parts of this organization failed at the same time, could you still deliver this mission?”

Hold the silence long enough for an honest answer. Then ask:

“What would it take to change that answer?”

Your role is not to design the fixes. It is to make clear that hand-waving is no longer acceptable.

3. Require a serious crisis simulation

Instruct your CISO, COO, or Chief Risk Officer to design and run a two-to-three-hour exercise this quarter that combines:

A major cyber incident
A supply chain or facilities disruption
A communications or leadership availability problem

Commit to participate. Require that findings be translated into concrete changes with owners and timelines, and have progress reported back to you.

These are not side projects. They are tests of whether your structure, your culture, and your own leadership style are compatible with the world you are actually operating in.

Closing: The job now

The age of permacrisis is not a headline. It is the operating environment.

Global conflict risk is rising. Climate-driven extremes and infrastructure stress are accelerating. Information ecosystems are polluted by misinformation and disinformation, and cyber threats are amplified by AI. The World Economic Forum’s recent risk reports and UNCTAD’s shipping and trade analyses are clear on all three.

You cannot control that trajectory. You can control how prepared your institution is to live in it.

Strategic redundancy buys you options when others have none. Decentralized decision making lets your organization move while others wait. Antifragility means you do not merely survive shocks, you mine them for advantage.

At your level, that is no longer a “resilience initiative.” It is part of the job description.

Design an organization that does not break when the world does.

At Obsidian Rowe, this is how we partner with senior leaders:

We map missions and cascading failures, and translate them into board-ready views.
We stress-test architectures, operating models, and decision rights against realistic crisis scenarios.
We help you design strategic redundancy, mission-command-aligned decision structures, and antifragile learning loops that fit your culture, regulations, and risk appetite.

The permacrisis is the water you are swimming in. You can drift with it, or you can choose to navigate it on your own terms.

References

[1] Collins Dictionary, "The Collins Word of the Year 2022 is Permacrisis." https://www.collinsdictionary.com/dictionary/english/permacrisis

[2] World Economic Forum, "Global Risks Report 2024." https://www.weforum.org/publications/global-risks-report-2024/

[3] World Economic Forum, "Global Risks Report 2025: Conflict, environment and disinformation top threats," January 2025. https://www.weforum.org/press/2025/01/global-risks-report-2025-conflict-environment-and-disinformation-top-threats/

[4] UNCTAD, "Enhancing supply chain resilience amid rising global risks." https://unctad.org/news/enhancing-supply-chain-resilience-amid-rising-global-risks

[5] Sea-Intelligence, "Global Schedule Reliability." https://www.sea-intelligence.com/press-room/288-global-schedule-reliability-remains-stable-at-50-55-in-2024

[6] Han et al., "A Systematic Literature Review of the Capabilities and Performance Metrics of Supply Chain Resilience," 2020. https://livrepository.liverpool.ac.uk/3090075/

[7] UNCTAD, "Review of Maritime Transport 2024." https://unctad.org/publication/review-maritime-transport-2024

[8] PMC, "Flexibility as a resilience strategy." https://pmc.ncbi.nlm.nih.gov/articles/PMC9091144/

[9] U.S. Army, "ADP 6-0: Mission Command." https://armypubs.army.mil/ProductMaps/PubForm/Details.aspx?PUB_ID=1020393

[10] NATO, "Mission Command Philosophy." https://shape.nato.int/natos-mission-command-philosophy

[11] Emerald Insight, "Supply Chain Resilience and Flexibility." https://www.emerald.com/insight/content/doi/10.1108/IJLM-04-2017-0093/full/html

[12] Nassim Nicholas Taleb, Antifragile: Things That Gain from Disorder, 2012.

[13] TechRadar Pro, "From Resilience to Antifragility," 2025. https://www.techradar.com/pro/from-resilience-to-antifragility-embracing-a-new-era-in-cybersecurity