Batman’s Questionable Risk Management

For Cyber & Scenes first movie analysis I'm going to start with a quote from 2016’s Batman Vs Superman: Dawn of Justice:

WARNING: The following may contain spoilers for Batman V Superman: Dawn of Justice.

“He has the power to wipe out the entire human race, and if we believe there’s even a one percent chance that he is our enemy, we have to take it as an absolute certainty”

This is Bruce Wayne explaining to Alfred why he is putting all his time and resource towards destroying Superman. It’s Batman’s risk assessment of Superman and justification for his impending actions — let’s break it down.

As risk can be defined as the product of impact and likelihood, Batman’s risk assessment could be viewed as:

Risk = Impact (end of human race) x Likelihood (1% i.e. extremely low)

He has determined that Superman (the threat) has the potential to end the human race and that the probability of this happening is 1% (i.e. extremely low). If this is the risk calculation, should Bruce Wayne have gone through the effort to obtain Kryptonite, don his cape, jump in the Batmobile and hunt down The Man of Steel?

If we were to plot this on a risk matrix, it might look like this:

This is not dissimilar to threats that risk professionals often come across. With these type of black swan events, although they have the potential to be catastrophic, it doesn’t make commercial sense to mitigate them (in their entirety at least) when there are risks that may not be as severe but are much more likely to materialise and occur more frequently.

Bruce Wayne puts all his resources into trying to mitigate a risk that is extremely unlikely to materialise. This results in The World’s Greatest Detective completely missing the more likely threat in the form of Lex Luther.

This highlights the importance of accurately assessing the likelihood of a given risk; a task that can be considerably more difficult than assessing the potential impact. It can mean the difference between wasting a lot of time, money and resource, and effectively using company resources against more imminent threats.

Every organisation has a different risk appetite which will be based on a number of factors specific to that organisation, such as the industry sector, business objectives, size of the organisation, public profile, etc. Determining the risk appetite will dictate where risk management activities should focus. An organisation’s risk appetite, as well as any identified risks require regular review as the landscape and threats are always changing.

When dealing with high impact and low probability risks, monitoring is vital. Monitoring can help to indicate if the probability of the risks increase to a point where it exceeds the organisation’s risk appetite and warrants mitigating action.

Had Batman chosen not to throw everything at this risk, but to monitor the threat to determine if Superman ending the human race ever becomes a more likely event, he would have had resources available to identify and address other more certain risks.

However, as the perceived impact was the loss of human life, maybe Batman felt he had no choice but to mitigate this risk (especially following the impact of events that took place in Man of Steel).

If you were Batman (we’ve all imagined it at some point), what would you have done?