Disaster Recovery Journal Summer 2026

A disruption in Hormuz does not just raise the price of oil. It threatens every nth-party industrial process that relies on petroleum-based polymers or energy-intensive manufacturing. This is the physical reality of the nth-party problem. “

ers’ suppliers are. If the answer is “I don’t know,” you have found a source of poten tial ruin. People ignore these dependencies for short-term profit. It is cheaper to ignore the fifth layer of the network, but the cost of one collapse far outweighs years of effi ciency savings. Humans have evolved to react to local, visible threats. We have not evolved for globalized networks where a kinetic con flict in a strait thousands of miles away causes a systemic failure in a local manu facturing plant. This mismatch creates a false sense of security. We assume because the system worked yesterday, it will work tomorrow. This is the Turkey Problem. The turkey is fed for a thousand days and concludes the farmer is its friend. On the thousand and first day, it receives a sur prise. The only way to avoid this is to treat an unknown nth-party dependency as a defect. If a system cannot be fully mapped, it is dangerous. We should prefer simple, legible systems over those that are efficient but opaque. A legible system is one that can actually be defended. We are building a civilization on hidden risks, assuming the top layer compensates for the weak ness of the bottom. The inverse is true. The strength of the whole is determined by the most fragile link in the nth layer. Survival requires looking past the visible and into the shadows of the network. Only there can you identify the points of fragility and begin the work of becoming robust. v specializing in operational resilience, crisis management, and security risk management. Drawing on a background that spans both corporate and high-risk environments, Blake has worked extensively across the public and pri vate sectors, helping organizations navigate complex challenges with practical insight and strategic clarity. He leads the design and delivery of training and consultancy programs covering business continuity, crisis response, security risk management, and investigations. Blake has supported a wide range of organizations, from global cor porates to critical national infrastructure, enabling teams to prepare for, respond to, and recover from major incidents. He holds multiple professional qualifications in security, risk, and resilience, including an MBA with a focus on risk and resilience. “ Luke Blake, CPP, is a founding director of Oakwood Risk and Resilience, and a former police officer in the UK, with more than 20 years of experience in risk and resilience. He is an experienced consultant and trainer

ple. A single malicious dependency in a piece of code used by millions allowed a state-sponsored actor to deploy mal ware across thousands of organizations simultaneously. The victims had no direct relationship with the attacker. They were compromised through the recursive trust of their digital supply chain. This creates what Taleb calls an “epistemic wall” that better data cannot fix. Modern management defines effi ciency as the removal of redundancy. This is a primary driver of fragility. In biol ogy, redundancy is not waste. It is insur ance. Humans have two kidneys because the environment is unpredictable. Global supply chains and digital networks, how ever, are designed to be thin. They are optimized for a narrow set of stable con ditions. When those conditions shift, as they have with the recent surge in U.S. tariff volatility, the lack of slack causes total collapse. The 2026 Thomson Reuters Global Trade Report found supply chain reliability concerns have doubled in a single year. Mapping nth-party dependen cies is the only way to find where the nec essary slack has been removed without your consent. We currently have extreme concentra tion disguised as diversity. You may think you have diversified by using three ven dors. But if those three vendors all rely on the same energy grid, the same cloud provider, or the same shipping lane, your diversification is a lie. The 2026 landscape of cloud infrastructure has only deepened this. While organizations believe they are becoming more resilient, the vast major

ity of digital infrastructure is now tied to a few hyperscalers. The system has a single point of failure which remains hidden until it breaks. This is a black swan event. It is only a surprise because your map was incomplete. To manage risk, stop obsessing over the most likely scenario. Probability is for people who do not understand the con sequences of ruin. Survival depends on understanding the worst case and ensuring it is not terminal. If you were hit by a total encryption event today, the primary threat would not be the ransom demand. It would be the realization your recovery process relies on a third-party key manager or a specialized configuration which is also inaccessible. If you have a dependency you cannot name, you are flying blind. You are betting your existence on a system you do not comprehend. That is not risk taking. It is gambling with tail risk. Risk management has been ruined by bureaucrats. They believe a compliance spreadsheet is a substitute for reality. They check boxes and assume the danger is gone. A naval blockade in the Strait of Hormuz does not care about your compli ance form. If a factory in a remote prov ince shuts down because it cannot receive raw materials, your business is finished. This is why Taleb emphasizes “skin in the game,” meaning the person managing the risk must be the one who suffers if it fails. True resilience requires a move toward antifragility, which is the ability to not be destroyed by disorder. This requires a forensic mapping of every link in the chain. You must know who your suppli

DISASTER RECOVERY JOURNAL | SUMMER 2026 15