Alpha Partners LLC, Investment Marketing Strategy

Excess Returns

The Devil Never Sleeps

By Juliette Kayyem

Liz Hecht, February 2024

Download This Article (PDF)

“The devil never sleeps. But he only wins if we don’t do better next time.”

―Jane Cage, Tornado Survivor1

I worry about everything all the time. I often worry that I’m not worrying enough. So of course I had to read The Devil Never Sleeps: Learning to Live in an Age of Disasters.

The premise of this book makes a complex, frightening topic blazingly simple: The devil is here to stay. Bad things―extreme weather, pandemics, cyberattacks—have happened before and will happen again. Systems will fail and humans as well as robots will malfunction. While there isn’t always a fail-safe, The Devil provides vital lessons in how to fail safer.

A leader in crisis management, disaster response and homeland security, Ms. Kayyem is on the faculty of Harvard’s Kennedy School of Government and serves as an advisor to governors, mayors and corporations. The Devil is based on fieldwork, interviews with experts and practitioners, reports, commission findings and the legacy/lessons of past disasters.

Black Swans and Gray Rhinos

Ms. Kayyem writes early in the book, “So much of our discourse about disasters focuses on the past and why we didn’t prevent them or on the future and how to prevent them from happening again. But we need to stop being surprised. If we can structure ourselves around the probability, not the mere possibility of disasters, then we will better invest in the skills that can minimize harm.” Unlike black swans (surprising, low-probability, high-consequence events), disasters have become gray rhinos (obvious, high-probability events that are always looming).2

The Devil Never Sleeps provides a clear-eyed look at how governments, companies and individuals can minimize the harm caused by disasters. The Devil covers eight lessons about how to limit negative effects during and after a disaster. Here is a brief summary of three key lessons:3

Lesson #1: Learn from Near Misses

How companies learn from potential disasters says a lot about how they will respond when confronted with a real disaster. Near misses should be considered a blessing―a wakeup call to improve disaster response. “Since the disaster didn’t happen,” the author writes, it affords a bit of luxury. Why squander it?”

Consider the fast food company Chipotle. Chipotle had always treated every customer complaint or sick employee as a potential catastrophic incident. So when the company confronted a real, potentially reputation-ruining challenge, it was ready.

In 2015, a significant number of E. coli cases were linked to Chipotle’s lettuce. But while Chipotle tripped, it did not fall. The company made massive changes to its food safety protocols and went public with those changes while addressing past vulnerabilities. Before losing 30% of its value in 2015, Chipotle’s market cap was nearly $24 billion. As of this writing, it is $72 billion. Chipotle protected its brand by learning from near misses and by communicating rigorously during the crisis.

Lesson #2: Spread the Word

Communicating rigorously is critical.

Sometimes the powers that be seek to prevent panic by hiding vital information. But without clear communications, the consequences during and after a disaster can worsen dramatically. Information should be shared with everyone and welcome from anyone (not subject to “need-to-know” restrictions or dismissed without consideration based on the source).

During a 1702-1703 smallpox outbreak in Boston, the city leaders prohibited churches from ringing bells to memorialize the dead. As the death count steadily rose, the city continued to forbid the bells. Several centuries later, under similar circumstances, denial led to delay that exponentially magnified the consequences of COVID-19.

The Devil provides many such examples of situations where the results of a tragedy are made much worse by a gap in communications. Ms. Kayyem takes care to note, however, that sometimes vital intelligence is available and communicated yet not acted on, as was the case during the September 11, 2001 terrorist attack, the Capitol riot on January 6, 2021―and, most recently, the October 6, 2023 Hamas attack on Israel.

Lesson #3: Avoid the Last Line of Defense Trap

BP’s Deepwater Horizon oil rig explosion in early 2010 caused the death of 11 workers and an oil spill from Texas to the Florida panhandle, impacting the ecosystem, tourism and the food supply chain for the entire U.S. How had BP planned to prevent such an outcome? While capturing oil beneath the seabed, if anything went wrong, a single blowout preventer (BOP) was supposed to take charge, automatically shutting down the system. In other words, one last line of defense was supposed to save the day.

Ms. Kayyem details three reasons why the last line of defense concept is a dangerous myth: (1) people blindly rely on it as some form of guarantee, (2) too much pressure is put on one defense and (3) as a result, organizations fail to create “layered responses” to prevent/limit the impact of a catastrophic event. She urges readers to consider the BP scenario differently given reliance on more than one defense mechanism: “Imagine a ten-day spill, not one that lasts more than a hundred days. The most obvious investment would be a second on-hand BOP. It would have been expensive, but not $68 billion expensive … The offshore oil industry fought backup blowout preventers as a condition of drilling. The blowout preventers don’t always work, but you increase your chances a lot by having more than one.”

The author often uses the word “layered” in describing disaster prevention/mitigation responses that build in multiple prevention mechanisms as opposed to relying on just one. But she notes that it’s not only about “one device or instrument but a series of investments, procedures and training” and also pays deference to a culture of preparedness in mitigating negative consequences.

Investment Company Implications

The Devil Never Sleeps compels consideration of important questions affecting investment companies:

  • How does an asset manager prepare for potential disaster not only affecting its own company but also portfolio companies? Is disaster consequence mitigation considered an important part of portfolio risk management?
  • What is the potential for disaster based on a company’s physical location, product(s) and supply chain network? What disaster preparedness/mitigation protocols are needed and are they already in place?
  • What does the culture of a current or potential portfolio company say about its ability to prevent or minimize the impact of a disaster? Does a company react to a near-miss by saying, in effect, “Phew!” and then back to business as usual? Is a company with ongoing safety issues merely experiencing serial misfortune? Or is company culture the culprit?
  • What role do security professionals play within a company? Are they mainly for show or do they have a real seat at the table? (Ms. Kayyem notes that “few boards of directors include a single professional from the security or cybersecurity realm” … probably because “response capabilities are just not often viewed as business enablers.” That is, of course, until the lack of response capabilities disenable everything.)
  • Does the section on Disaster Prevention and Recovery in company documents read like a box-checking exercise? Or does it bring to life processes demonstrating significant planning, resources and investment?
  • How might an investment firm’s ESG process and ESG experts play a role in understanding potential threats to portfolio companies?
  • Can the potential for disaster/mishandling of disaster be quantitatively modeled? Or is this an area where purely fundamental, qualitative investment approaches have an advantage?

And, perhaps most important, do the people in charge worry enough? After reading this book, the next time I hear a company leader or politician saying, in effect, “We’ll cross that bridge when we come to it,” I will wonder what happens when there is no more bridge. When the last line of defense fails and the latest in a series of near misses becomes a full-fledged disaster.

Fortunately, for a book about the inevitability of disaster, The Devil is weirdly hopeful because it provides a clear, inspired blueprint for “doing better next time.”1
  1. The inspiration for the title of this book came from a survivor of the 2011 tornado in Joplin, Missouri. Based on a conversation in the aftermath of the tornado, the author writes that Ms. Cage wasn’t merely “praying for deliverance or that Joplin would be spared” next time. While grounded in faith, her approach was “tactical, operational and realistic.” For many years after the tornado, Jane Cage led an effort to make Joplin better prepared for the next disaster.
  2. In 2007, Nassim Nicholas Taleb, a professor and former Wall Street trader, wrote the influential book, The Black Swan: The Impact of the Highly Improbable to describe events considered impossible until they actually happened (until 1697, no one had ever seen anything but white swans until a Dutch explorer discovered a black swan in Australia). Nearly a decade later, global analyst Michele Wucker wrote The Gray Rhino. “There’s no point in looking for blue or pink rhinos,” Ms. Kayyem writes in describing the book. “Instead, just look at what is in front of us, the obvious risks that we face every day.”
  3. In describing these three lessons, I have paraphrased language from The Devil in some cases while explicitly quoting the author in others.
© Alpha Partners LLC, 2002-2025