Risk Management Books

A curated list of essential risk management books for risk and crisis managers (or simply the risk-curious).

Some all-time favorites....

Some all-time favorites....

There are a number of books that every risk, crisis, and security manager should have on their bookshelf. The right books will give you the theoretical foundations you want, case studies to refer to, or new ways to think about your craft.But what are those books?And how can you choose between two similar-sounding titles?This is the problem I came across years ago when I started out as a risk manager but, along the way, I've built up a pretty good list of suggestions. And to make selection easier, I've added my own review of the titles to help you differentiate between a gentle summary and an academic deep dive.I've read every book on this site - some several times over - and have only included those that I think are useful or relevant*. I hope you'll find something you're looking for but if you don't, please submit a suggestion below.~Andrew

• See the full list

This site contains affiliate links which means that I receive a small payment if you purchase something using the links on this site. This doesn't cost you anything extra but it does allow me to continue to run the site for free and I appreciate your support.

The Signal and The Noise: Why So Many Predictions Fail--but Some Don't by Nate Silver

The Signal and The Noise Why So Many Predictions Fail--but Some Don't by Nate Silver is the 2012 best-seller from the then New York Times columnist who now runs the FiveThirtyEight election analysis and prediction site in the US.TL;DR - This is a great read that explains why and how you need to mix statistics and experience in your predictions and decision-making. It can feel a little technical and heavy on the math at first glance, but Silver explains everything clearly, making it an easy read, given the subject matter.Who is Nate Silver?
From his Amazon bio: "Nate Silver is a statistician, writer, and founder of The New York Times political blog FiveThirtyEight.com. Silver also developed PECOTA, a system for forecasting baseball performance that was bought by Baseball Prospectus. He was named one of the world's 100 Most Influential People by Time magazine. He lives in New York."Prediction versus forecast
A vital distinction Silver makes in the book, and one we should pay more attention to as risk managers, is between predictions and forecasts. In the chapter on earthquakes, Silver notes the US Geological Survey (USGS) differentiates between the two:"A prediction is a definitive and specific statement about when an earthquake will strike: a major earthquake will hit Kyoto, Japan, on June 28.
A forecast is a probabilistic statement usually over a long period of time: there is a 60% chance of an earthquake in Southern California over the next 30 years."Being clear on these distinctions will stand us in good stead as we discuss risks because it is too easy to mistake an evaluation of a threat (which would be a forecast) for a prediction. This is why the term 'a 100-year storm' causes confusion: it's too easy for people to think that we are counting down to some point 100 years in the future.
We'll return to the importance of probabilistic data and prior histories shortly when we discuss the section on Bayes' Theorem, but making this distinction between predictions and forecasts is essential.Fundamental errors we make
A large proportion of the book explains how and why we get predictions wrong. Silver uses a range of case studies to show how biases, misunderstandings, ignorance, and even lousy math can cause us to be wildly inaccurate. The explanations of biases and heuristics are brief and assume that you have some understanding of how these affect decision-making already. (For a deeper dive into how we think about risk and make decisions, I'd recommend Thinking Fast and Slow by Daniel Kahneman and the work of Gary Klein.)
Where the book really shines, in my opinion, is how Silver tackles the statistical aspects of decision-making which is unsurprising as this is his area of real expertise both professionally (as the founder of FiveThirtyEight election prediction site) and personally (as a top-tier poker player and baseball stats nerd). Importantly, you don't need to be a maths whiz to keep up with his explanations as he skates over the top of a complex field. And it's worth persevering as there are some examples he uses, which are situations we might all find ourselves confronted with at work. His example of how the banks miscalculated the risks associated with CDOs in the run-up to the 2008 financial crisis is equally clear and terrifying. (*Collateralized debt obligations that pooled vast numbers of subprime mortgages.)The pros and cons of data
This kind of example reflects another broad trend in the book: how data is equally helpful and dangerous in precision and forecasting. Well-curated, thoughtfully contextualized data will provide the signals we need to make more accurate predictions. Conversely, poorly-complied or incomplete data sets will be useless or, worst of all, lead us in the wrong direction. Sometimes, these errors are made despite the best intentions, but data can also be cherry-picked to support an existing narrative.
Making matters even more complicated is that the signal is often buried in the noise, which grows exponentially as societies and businesses become more complex. Worst of all, Silver observes that the critical signs are often only noticeable in retrospect as this can be drowned out by other signals.Bayesian Predictions
If you're not a fan of math(s) the section on Bayes' theorem might be something you'd prefer to skip or at least skim quickly.
Don't do that.
I've heard Bayes's theorem mentioned in all kinds of situations without any attempt to explain it and, when I looked it up online, the explanations were bewildering and I was none the wiser. Thankfully, that's not what happens here. Silver explains the underlying philosophy and the mathematical framework simply and understandably.
If you recall, we noted earlier that probabilistic data is helpful for forecasting but with Bayes's theorem, we also see how it affects predictions. In short, the frequency of prior events has a powerful influence on the probability that a similar event will occur under similar conditions. That means that something where the split between two options is 50/50, may be significantly skewed in one direction based on precedent. Equally, even a high likelihood of an outcome would be considerably less if the historical record is low.
Understanding this methodology is essential for decision-makers who use mathematical models or those of us who have to interpret the forecasts we're hearing. Similar to the CDO example above, understanding the underlying math is essential to determining the quality of the result so you can use the data appropriately.
Again, even if you aren't a 'fan' of math, spend some time in this section and enjoy a clear, simple explanation of something that, up until now, has never been explained clearly (to me, anyway).The need to merge statistics and emotions
Silver's message is that we need to merge rigorous statistical analysis with emotional insight, and he pulls this off well using some excellent examples. From how baseball teams combine statistical models with the observations of talent scouts, to how sports bettors use Bayesian models of a team's performance just as much as they scour the players' social media accounts, he shows how you can merge these two approaches effectively. And while this isn't necessarily novel, he makes a strong case for not replying on one system alone, even in instances where being 100% data- or instinct-driven would seem the best approach.
He also explains how, when making predictions for US political races, her couples the statistical model with the insights he gains from interviewing candidates and observing their behavior.
Getting this balance between objective data and subjective analysis is the key to making successful predictions but, in the end, there is no secret formula. Silver admits the difficulties in getting this balance right but does note that the quality of your predictions can improve over time if you record and review your predictions regularly. This helps you see where the signals and analysis were pointing you in the right direction and where you misinterpreted things, allowing you to correct your analysis in the future. Notably, he reminds us that a prediction can still be 'good', even if the predicted event doesn't occur. After all, a 70% chance of something happening still means there's also a 30% chance it won't.Overall
For all of its depth, The Signal and The Noise is a relatively easy read and moves fairly quickly with well-told stories and interesting anecdotes. I'm not a fan of books that are too story-heavy, and Silver gets the mix about right here as the stories support and illustrate the theories instead of being loosely associated. I enjoyed his simplification of the mathematical aspects of making bets and playing poker, as I was completely ignorant of both. The ending is fairly abrupt, and the conclusion doesn't wrap up the book's big ideas as I had expected, so if you were hoping to get a good sense of the book from the last 20-pages, you'd be disappointed. And, as the book is almost a decade old, some comments on the likelihood of a global pandemic or the degree of political polarization in the US seem almost quaint. Nevertheless, it's an excellent read for any risk manager or decision-maker who wants to see how to use both data and emotions when making predictions. Quants will get an insight into how our brains process decisions, while social scientists will better appreciate how to use and interpret data effectively.

• Get your copy on Amazon

Back to the List

Flirting with Disaster - Why Accidents are Rarely Accidental by Marc Gerstein with Michael Ellsberg

The central premise of Flirting with Disaster is that most accidents are not accidental and that the organization and other observers were aware of the problems which led to the accident well in advance.  However, for a number of complicated reasons in the lead-up to and in the early stages of the accident, preventative steps were not taken.
The book, published in 2008, lays out a detailed explanation for this illogical behavior - if we know things are going to end badly, why don't we do something? - through a mix of clear explanations of the theories alongside detailed case studies.Case studies done right
Gerstein, who among other things was a Visiting Scholar at MIT's Sloan School of Business, uses detailed, rigorous, fact-filled reviews of events ranging from the two NASA Shuttle disasters to the Chornobyl meltdown as well as more unexpected examples such as how the original settlers of Easter Island disappeared.  These are tight, well research, and neatly summarized accounts of events that are still rich in detail.
Moreover, in addition to their rigor and detail, like any good historical documentary, these case-studies are told in a way that you are still on the edge of your seat waiting to find out how things will end: despite the fact that you already know the outcome.
But in addition to the enjoyment of reading such well-written accounts, the case studies provide concrete examples of the theories in practice in addition to countless lessons and takeaways.
These alone make the book worth recommending but there are some specific reasons I think that this is a great read for risk managers in particular.Why should a risk management read this?
I think that there are three main reasons a risk manager would find Flirting with Disaster useful.  (At least, this is why I have found it useful.)1 - Clear explanations
The book explains a lot of otherwise dry and abstract academic theories in a way that is easy to understand.
I really believe that a basic understanding of the theories behind people's attitudes toward risk is vital to be an effective risk manager.  But I also realize that not everyone wants to read Paul Slovic's original papers on risk perception or something from 1932 about disaster and psychology.   (Weird, I know. )
Flirting with Disaster does a good job of boiling down these key concepts in an easy to understand way.  Moreover, these theories are explained with...2 - Detailed lessons
I have explained how useful the book is for understanding academic theories but there are a lot of practical lessons here too.  The real value of these case studies as opportunities to learn and avoid the same mistakes is immense.  As Gerstein sums it up towards the end of the book [my emphasis]._ "One of the guilty secrets of my forty years of organizations consulting is that the most useful advice has been drawn from the classic ideas, not from freshly minted theories.  That doesn't mean that there is no value in new ideas: it's simply that the accumulated value of the tried and true is far, far greater than that contained in many trendy articles best-sellers, and consulting sales pitches." _Gerstein, Flirting with Disaster p 283Sadly, chapter six, titled 'The Vioxx Disaster and BP: the Seduction of Profits', unknowingly provides an example of what happens when we fail to learn from the past.  Note that this book was published in 2008, two years before the Macondo well blowout and the loss of the Deepwater Horizon with her 11 crew.
Yet here, Gerstein is exploring another BP incident, the Texas City refinery fire of 2005 where 15 died and over 150 were injured.  So there were clear lessons from Texas City for BP to learn from their investigations, the public investigation and books like this.  Yet five years later, with many of those lessons apparently unlearned, we had the loss of 11 other lives and biggest oil spill in US history.
So while there is no guarantee that the outcome will be the same, previous, similar events are a very good indicator of the end result allowing you to put contingencies into action.  Moreover, these case studies often tell you the kind of mitigation which didn't work which in itself is very valuable.
The lessons learned from these case studies is therfore immensely valuable for us as risk managers as a way to learn how to successfully address similar situations that we may face in the future.  (Of course, this assumes that you put these lessons into action.)3 - Practical guidance
Finally, in addition to the scenario-specific takeaways from the case studies, the book provides many more general lessons that can be applied in a range of circumstances.  For example, towards the end in a chapter titled 'What have we Learned?', Gerstein provides four 'rules to live by':- Understand the risks you face.
- Avoid being in denial.
- Pay attention to weak signals and early warnings.
- Don't subordinate the chance to avoid catastrophe to other considerations.These are just four of the many valuable lessons scattered throughout the book.  (The next chapter is simply called 'Advice for Leaders').  All are worth highlighting and keeping in mind as a risk manager.Overall
This was one of the first non-textbooks I read when I started studying risk management formally and I have returned to it many times over the past 10+ years for the reasons I explained above.  Reading it a decade later, and sometimes dozens or even hundreds of years after the examples, what stands out is that the lessons learned and guidance Gerstein and Ellsberg provide hold up.
I think that this is because this is really an academic text disguised as a non-technical book.  The underlying research and analysis are thorough yet easy to follow and digest.  Coupled with Gerstein's aversion to fads and a trust of the 'classics', the book holds up well.
Sadly, events since publication show that despite the availability of lessons to learn from, we are often immune to doing the right thing.
That more than anything is a good reason to find a copy and read this to avoid flirting with your own disasters.

• Get your copy on Amazon

Back to the list

The Black Swan: The Impact of the Highly Improbable by Nicholas Nassem Taleb

I haven't read the Black Swan in a few years and have subsequently read Antifragile which prompted Taleb to revise the original book so I will hold off reviewing this properly until I re-read The Black Swan, Fooder by Randomness and Antifragile so I can do these justice.That said, this is a must-read for any risk manager. Taleb can be a little grating and smug at times (and he likes to pursue a grudge) but his thinking is sound and essential if you want to understand how we think normally about risk (poorly) and how we can improve.

From the Amazon synopsis"For years, Taleb has studied how we fool ourselves into thinking we know more than we actually do. We restrict our thinking to the irrelevant and inconsequential, while large events continue to surprise us and shape our world. In this revelatory book, Taleb explains everything we know about what we don’t know, and this second edition features a new philosophical and empirical essay, “On Robustness and Fragility,” which offers tools to navigate and exploit a Black Swan world.""Elegant, startling, and universal in its applications, The Black Swan will change the way you look at the world. Taleb is a vastly entertaining writer, with wit, irreverence, and unusual stories to tell. He has a polymathic command of subjects ranging from cognitive science to business to probability theory. The Black Swan is a landmark book—itself a black swan."
(C) Amazon.com

• Get your copy on Amazon

Back to the list

Thinking Fast and Slow by Daniel Khaneman

I need to re-read Thinking Fast and Slow to provide a worthwhile summary of the book but, to give you a sense of how fundamental I believe it is, I have the System, I and II definitions stored as a text snippet because of how often I refer to these."System I operates automatically and quickly, with little or no effort and no sense of voluntary control.
System II - allocates attention to the effortful mental activities that demand it, including complex computations. The operatives of system 2 are often associated with the subjective experience of agency, choice, and concentration."
(Thinking Fast and Slow, Kahneman p20-21)This is not the only work Khaneman and Tversky did but it is some of the most consequential as it explains how we make decisions and are swayed by different factors. Their explanations of decision-making led to a Nobel Prize in economics (sadly after Amos Tversky had passed which is why the Nobel and this book are in Khaneman's name only).This is one of the primary sources for our understanding of how we make decisions and is therefore a deep dive into the subject. Several of the other texts here provide a summary of Khaneman and Tversky's ideas and may be a better start point but make sure you read this at some stage.Full review to follow

From the Amazon synopsis"System 1 is fast, intuitive, and emotional; System 2 is slower, more deliberative, and more logical. The impact of overconfidence on corporate strategies, the difficulties of predicting what will make us happy in the future, the profound effect of cognitive biases on everything from playing the stock market to planning our next vacation―each of these can be understood only by knowing how the two systems shape our judgments and decisions.Engaging the reader in a lively conversation about how we think, Kahneman reveals where we can and cannot trust our intuitions and how we can tap into the benefits of slow thinking. He offers practical and enlightening insights into how choices are made in both our business and our personal lives―and how we can use different techniques to guard against the mental glitches that often get us into trouble. Topping bestseller lists for almost ten years, Thinking, Fast and Slow is a contemporary classic, an essential book that has changed the lives of millions of readers."
(C) Amazon.com

• Get your copy on Amazon

Back to the list

Against The Gods: The Remarkable Story of Risk by Peter L. Bernstein

This was the first 'business' book about risk that I read and it was instrumental in helping me take the academic, social-sciences aspects of risk that I had studied, into the workplace. It's a succinct and clear history of how our perceptions of risk have changed as we moved away from fatalistic views of the world, to see risk as something that we could understand, evaluate and offset.
It's highly recommended for everyone, but particularly for operational risk managers or security managers who want a better understanding of how businesses see risk.Full review to follow

From the Amazon synopsis"In this unique exploration of the role of risk in our society, Peter Bernstein argues that the notion of bringing risk under control is one of the central ideas that distinguishes modern times from the distant past. Against the Gods chronicles the remarkable intellectual adventure that liberated humanity from oracles and soothsayers by means of the powerful tools of risk management that are available to us today."
(C) Amazon.com

• Get your copy on Amazon

Back to the list

Risk by John Adams

'Risk' is not a book to skim through as it is packed with an enormous amount of information, as Adams looks at how we view risk through a 'cultural' lens. This idea is coupled with his concept of a risk thermostat - the amount of a particular risk we are willing to accept - to explain how different individuals will view the same situation very differently. Large sections also cover risk research (and how it's often misleading) and cost-benefit analysis, providing a helpful bridge between qualitative risk perception and quantitative risk analysis. These ideas provide an essential foundation for understanding how individuals and groups view risk allowing risk managers to better understand what's behind the risk narratives they hear.My full review will follow soon.

From the Amazon synopsis"Risk compensation postulates that everyone has a "risk thermostat" and that safety measures that do not affect the setting of the thermostat will be circumvented by behaviour that re-establishes the level of risk with which people were originally comfortable. It explains why, for example, motorists drive faster after a bend in the road is straightened. Cultural theory explains risk-taking behaviour by the operation of cultural filters. It postulates that behaviour is governed by the probable costs and benefits of alternative courses of action which are perceived through filters formed from all the previous incidents and associations in the risk-taker's life.; "Risk" should be of interest to many readers throughout the social sciences and in the world of industry, business, engineering, finance and public administration, since it deals with a fundamental part of human behaviour that has enormous financial and economic implications."
(C) Amazon.com

• Get your copy on Amazon

Back to the list

Suggestions and Submissions

If your favorite risk or crisis management book is missing, or if you're an author who wants to submit their book for inclusion, please contact me using the form below.
I'd love to hear your suggestions.(You can also use this form if you want to contact me for anything else.)