How to manage the polycrisis
In brief: The polycrisis is not simply a collection of crises occurring at once, but a condition in which climate change, economic pressure, technological disruption, social instability and other risks increasingly interact and compound. For organisations, this means disruption may arrive indirectly, through systems and dependencies several steps removed from the original event, while risks that appear manageable in isolation can become far more serious when they converge. This article explores how leaders can move beyond static risk registers by mapping dependencies, testing combined scenarios, identifying hidden points of fragility and building crisis-ready capability across leadership, culture and systems.
A useful place to begin is with a deceptively simple question: What are the biggest risks your organisation is likely to face over the next decade?
Climate change may come first. Then cyber attacks. Artificial intelligence. Geopolitical risks. Economic volatility. Regulatory changes. Workforce shortages. Supply chains. Energy. Reputation.
It does not take long for the list to become overwhelming. Faced with a whiteboard covered in risks, pulling the doona over one’s head can begin to look like a defensible strategy.
What tends to happen next is that we separate them. Climate change belongs to the sustainability team. Cyber is for IT. Workforce issues sit with Human Resources. Financial instability belongs to Finance. Emergency management prepares for disasters. Communications worries about misinformation.
In other words, the organisation mirrors the way we've been taught to think. We divide the world into manageable pieces, assign each piece to a specialist, and then hope that, together, the pieces add back up to the whole. Increasingly, they don't, and this has less to do with the capability of our specialists than with the world having become more interconnected than the structures we use to understand it.
For much of the past century, that approach served us remarkably well. We became extraordinarily good at solving discrete problems. Vaccines reduced disease, engineers built bridges, economists modelled markets, emergency services responded to floods and fires. Specialists deepened their expertise, and society benefited enormously from it. The downside only becomes visible when the boundaries between those problems begin to dissolve.
A drought is no longer simply an agricultural problem. It affects river systems, electricity generation, insurance markets, food prices, freight costs, regional employment, government budgets, mental health and, eventually, political stability. Each of those changes then influences something else, often in ways that are difficult to predict.
The question has stopped being whether climate change affects the economy, and has become how many steps away its consequences continue to travel.
This is where the idea of the polycrisis becomes useful.
(Picture from Getty Images)
The term has gained attention over recent years, but it is often misunderstood. It does not simply mean that we have many crises occurring at the same time. Humanity has rarely enjoyed the luxury of dealing with one problem before another appeared. What makes a polycrisis different is that the crises increasingly interact and compound.
Climate change contributes to food insecurity. Food insecurity in turn contributes to social unrest. Social unrest weakens institutions. Weakened institutions struggle to respond effectively to disasters. Poor disaster responses erode public trust. Reduced trust creates fertile ground for misinformation. Misinformation makes collective action more difficult, including action on climate change.
The property to watch, then, is the interaction rather than the accumulation, since each crisis becomes harder to manage in the company of the others. Once you begin looking through that lens, it becomes difficult to see individual problems in isolation.
There is, of course, some irony in talking about how to “manage” the polycrisis. No organisation can control the wider condition, or predict all the ways in which its parts will interact. What it can manage is its own exposure: the dependencies on which it relies, the fragilities it has accumulated, and its capacity to adapt when several pressures converge.
Take the heatwaves running across Europe as I write this (see my previous article on this here). On one level, they are another reminder that the climate is changing. Looked at more closely, they become something considerably more tangled. Western Europe has just recorded its hottest June since records began, averaging around three degrees above the 1991 to 2020 norm, with anomalies peaking near nine degrees over France and Germany, and France registering its hottest day since national records commenced in 1947. Three separate heatwaves have crossed the continent since late May. Extreme temperatures affect agriculture, electricity demand, water availability, labour productivity, tourism, public health, insurance claims and infrastructure. Hospitals come under pressure at precisely the moment electricity demand peaks. Rivers become too warm to cool power stations efficiently. Crop failures affect food prices far beyond the regions experiencing the heat. A study published this week by Imperial College London, the UK Met Office and the London School of Hygiene and Tropical Medicine estimated that 2,700 people died of heat-related causes in England and Wales across May and June, and that 42 per cent of those deaths were attributable to the additional heat brought by global warming.
Then the fires. On 13 July a blaze tore through the Fontainebleau forest, roughly seventy kilometres from Paris, closing the A6 motorway that carries freight and people between Paris and Lyon and the south, disrupting high-speed rail services, and evacuating around eight hundred people. Air assets were dispatched over the greater Paris region for the first time, and water bombers filled their tanks from the Seine, also for the first time. Across the Channel that same weekend, crews were fighting fires from London to the moorland of Greater Manchester, the heathland of Hampshire, and on through Durham, Derbyshire, Sussex, Devon and Somerset.
The heatwave itself is only part of what happened. Most of it lies in how the heat cascades through systems that were designed for a more stable climate, and in what the cascade reaches on the way. A motorway is not a climate asset. It sits on somebody's supply chain map as a line that is always there.
Exactly the same applies here in Australia.
When we think about bushfires, floods or heatwaves, we often picture the hazard itself. Yet the scale of a disaster is usually determined by the interaction between the hazard and everything else that is already under strain, rather than by the hazard on its own.
Housing shortages make recovery harder. Insurance becomes unaffordable. Roads are damaged. Supply chains are interrupted. Local businesses lose staff. Community organisations become exhausted. Councils face shrinking budgets while expectations continue to grow.
The event may last a week, yet its consequences can reshape a region for years. The financial consequences are already large enough to matter at board level. Disasters caused around US$320 billion in global economic losses in 2024, of which only US$140 billion was insured. In Australia, Treasury estimated that disasters in the first half of 2025 alone reduced economic activity by A$2.2 billion, largely through weaker retail trade and household spending. The direct damage is only part of the cost. Disruption continues to travel through insurance, demand, workforce availability, supply chains and government budgets.
That is why I increasingly find myself asking organisations a different question, and instead of asking, What are your biggest risks? I ask, How do your risks interact?
The conversation changes almost immediately. People stop talking about isolated events and begin talking about relationships.
They notice that staff wellbeing affects crisis response. That crisis response affects stakeholder trust. That trust influences whether people follow warnings or directions. That communication depends on functioning telecommunications. That telecommunications depend on electricity. That electricity depends on infrastructure designed for climatic conditions that no longer reliably exist. The picture becomes more complicated, and at the same time more realistic.
One of the most common reactions to systems thinking is that it feels overwhelming. If everything influences everything else, where do we begin? The answer is narrower than “everywhere”.
What the polycrisis means if you lead an organisation
For leaders, the polycrisis changes the nature of the task.
1) It means that many of the disruptions affecting your organisation will not arrive in the form you expect.
They may begin outside your sector, outside your geography or outside the categories on your risk register. A climate event may reach you through an insurer. A geopolitical conflict may appear as a technology shortage. A housing crisis may become a workforce crisis. Misinformation may become a safety issue, a reputational issue, a barrier to service delivery, or all three at once. The immediate cause of disruption may be several steps removed from the underlying problem.
That is awkward, because most organisations are structured to manage direct risks. They prepare for the things they can see coming: a cyber attack, a natural hazard, a supply interruption, a financial downturn. But in a polycrisis, the greatest vulnerability often lies in the connections between those risks.
An organisation may have a business continuity plan for a power outage and a separate plan for staff shortages. It may be able to manage either one. The difficulty arises when the power outage occurs during a heatwave, telecommunications are unreliable, key staff cannot travel, suppliers are dealing with their own disruptions and customers are receiving contradictory information online. Each problem reduces the organisation's capacity to manage the others.
2) This also means that past performance becomes a less reliable guide to future resilience.
An organisation may have successfully navigated floods, downturns or cyber incidents before, but that does not necessarily tell us how it will perform when several pressures arrive together. Systems often appear robust until multiple buffers are exhausted at the same time.
For decades, many organisations have pursued efficiency by removing spare capacity. Inventories have been reduced, supply chains consolidated, staffing models tightened and decisions centralised. These choices make sense in stable conditions as they can reduce costs and improve short-term performance. Efficiency and resilience, though, are different things.
A system with little redundancy may work extremely well until something unexpected happens. A single supplier may be cheaper than three. A small, highly utilised workforce may be more productive than a larger one. Centralised infrastructure may be easier to manage. Yet each of these arrangements can also create a point of failure.
The challenge for leaders is therefore to understand where the organisation is brittle, which is to say where one disruption could trigger several others, and where critical functions rest on a small number of people or systems with too little capacity to absorb a shock.
3) It also requires a different understanding of responsibility.
The polycrisis cannot be delegated to the risk team, the sustainability team, the emergency planner, or the executive responsible for business continuity. Its consequences will cross every organisational boundary. Strategy, finance, operations, technology, workforce, communications and governance all form part of the same system.
That does not mean everyone needs to become an expert in everything. It means leaders must create the conditions in which different forms of expertise can be combined. Someone has to be able to see across the silos and ask how a decision in one part of the organisation might be creating vulnerability somewhere else.
It is worth being clear about what is being built here, because resilience holds across three things that cannot usefully be separated. There is the practical layer of plans, systems, infrastructure and redundancy. There is the relational layer, which is whether the people involved trust each other enough to disagree in the room rather than afterwards. And there is the inner leadership layer, which is whether a small number of people can keep making decisions while frightened, tired, publicly criticised and uncertain. Organisations invest in the first, because it is legible and procurable, though in my experience what binds is less the nature of the plan than whether the people are capable of holding it.
Leaders also need to become more comfortable making decisions under conditions of real uncertainty, which I wrote about in a previous article. Predicting the precise sequence of the next crisis is usually impossible, and it is also the wrong aim. The aim is to build an organisation capable of noticing change early, absorbing disruption, adapting quickly and continuing to fulfil its purpose even when its assumptions no longer hold.
What you can do about it
What follows places a risk-interaction map alongside the conventional register rather than in place of it. The risk register can continue to clarify ownership, controls and reporting, while the map reveals the relationships, feedback loops and concentrations of vulnerability that individual risk entries tend to obscure.
The result is a more dynamic approach to risk management. Rather than reviewing risks only once or twice a year, organisations can monitor changing assumptions, emerging signals and points of increasing strain. The question stops being whether a risk is increasing, and becomes whether its relationship with other risks is changing in ways that could produce a much larger disruption.
1) Do not treat the risk register as a collection of independent rows.
Choose a handful of significant risks and ask what might connect them. What could cause two or three to occur at the same time? Could one make another more likely? Could the response to one problem reduce your capacity to respond to the next? Which risks share the same underlying dependencies?
This does not require a sophisticated model. It can begin with people from different parts of the organisation standing around a whiteboard and drawing lines.
2) Map what your critical functions actually depend on.
A practical way to do this is through a simple dependency map. Start with one critical function, place it at the centre of a page, then work backwards by asking what people, systems, suppliers, infrastructure, information and external services it relies on to operate. For each dependency, ask what it depends on in turn, where the single points of failure sit, and what would happen if two failed together. Tools such as systems maps, business impact analyses, service blueprints and bow-tie diagrams can all help, but the value lies less in the software than in bringing people from different parts of the organisation together to compare what they know.
Electricity and telecommunications will usually appear quickly, but so will people, transport, data, finance, suppliers, public trust, government services and natural systems. Then look beyond the first-order dependency. What does your electricity provider depend on? What enables your staff to reach work? What happens if a critical supplier is operating but its workforce, insurer or transport network is not?
The purpose is to identify the connections that carry the most weight, rather than to document all of them. Pay particular attention to concentrations and bottlenecks. These may include a sole supplier, a single source of data, one highly specialised staff member, one transport route, one funding stream or one piece of ageing infrastructure. Many organisational failures occur because leaders did not realise how much depended on one small part of the system, having been perfectly aware of the broad risk all along.
3) Test combinations rather than isolated scenarios.
Instead of asking what happens if there is a flood, ask what happens if there is a flood during a period of high staff turnover and constrained insurance coverage. Instead of modelling a cyber attack on an ordinary Tuesday, consider one during a heatwave, an election, a major product launch or a period of intense public scrutiny. Instead of thinking how AI will affect your workforce, consider what happens when it changes roles, decision-making, cybersecurity exposure, customer expectations and competitive pressures at the same time.
The point is to reveal hidden assumptions rather than to construct the most dramatic scenario available.
Perhaps your crisis plan assumes key decision-makers can join a video call. Perhaps your recovery plan assumes contractors will be available. Perhaps your communications strategy assumes the public trusts the messenger. Perhaps your financial plan assumes insurance will cover the loss and payment will arrive quickly.
Once these assumptions are visible, they can be tested and strengthened.
4) Decide in advance how you will make decisions when information is incomplete.
During a fast-moving disruption, confusion about authority can be as damaging as the disruption itself. Leaders need to know which decisions can be decentralised, what thresholds trigger escalation and which principles should guide action when established procedures no longer fit the circumstances.
This is particularly important when several parts of the organisation are under pressure at once. The people closest to a problem often have the best information, but they may lack the authority to act. Senior leaders may have authority but an incomplete picture. Resilient organisations create ways for information to move rapidly in both directions.
5) Reconsider the balance between efficiency and spare capacity.
Not every organisation can afford duplicate systems, large inventories or additional staff, nor would it make sense to build redundancy into every function. But leaders can make deliberate choices about where a small amount of slack would prevent a much larger failure.
That may mean maintaining alternative suppliers, cross-training staff, protecting cash reserves, creating manual workarounds, decentralising important data or ensuring that critical services can operate when communications fail. It may mean investing in relationships with local organisations, emergency services, councils, Traditional Owners, industry peers or community groups before a crisis occurs.
These relationships are not peripheral to resilience. During complex disruptions, formal plans are often overtaken by events, and trust determines whether organisations can share information and solve problems together at the speed the situation requires.
6) Look for interventions that address several risks at once.
Improving the energy efficiency of a building can reduce costs, emissions and exposure to energy price volatility while making the building safer during extreme heat. Flexible working arrangements can support staff wellbeing, improve retention and provide continuity during transport disruption. Restoring vegetation around a site can reduce heat, manage stormwater, support biodiversity and improve amenity. Stronger relationships with employees and communities can improve everyday performance while also making crisis communication more credible.
These are sometimes described as no-regrets measures. They create value even if the anticipated crisis does not occur in precisely the way expected.
None of this should be treated as a project that is completed and placed on a shelf as the relationships between risks will continue to change. New technologies will create new dependencies, climate conditions will move beyond historical experience, and political and economic shifts will alter the capacity of governments, markets and communities to respond.
The organisation therefore needs an ongoing practice of noticing.
What signals are emerging at the edges of the business? Which assumptions are becoming less reliable? Where are staff, suppliers or communities already experiencing strain? What appears manageable today only because someone else is absorbing the cost?
None of this will make an organisation immune to disruption, which was never a realistic goal. The goal is to reduce the likelihood that a foreseeable pressure becomes an existential surprise.
* * *
Managing the polycrisis has more to do with becoming able to meet the future than with predicting it, which means understanding the systems around us, recognising where they are under strain, strengthening the connections that allow people and organisations to adapt, and accepting that the work is never finished.
We cannot prevent every crisis. What remains within our control is whether our organisations amplify disruption or help to contain it, and that is largely decided long before the disruption arrives.
Need help applying these ideas inside your organisation? I work with boards and executive teams to build crisis-ready capability across leadership, culture and systems.