What hindsight does is it blinds us to the uncertainty with which we live. That is, we always exaggerate how much certainty there is. Because after the fact, everything is explained. Everything is obvious. And the presence of hindsight in a way mitigates against the careful design of decision making under conditions of uncertainty.
Daniel Kahneman, speaking at a Wall Street Journal event in 2016
The most useful definitions of risk equate it to uncertainty, but you would not necessarily know that from the way some professional risk managers behave. Some act as if the world is more certain, the future more predictable, than it really is. As Nobel laureate Daniel Kahneman explained on numerous occasions, corporations have a tendency to make poor decisions because their leaders manifest a common cognitive failing: they allow what they learn through hindsight to overwrite their memory of how surprised they were about events that were not anticipated. This has a knock-on influence on risk managers who feel they must convey expertise in specific risks to distract from the impossibility of consistently predicting what will occur in general. Put simply, they pretend to have more comprehensive knowledge about risk than they actually do. So instead of managing risk overall, they become managers of an assortment of specific risks that they and their bosses tend to think about, while not doing enough to manage all the risks that sit beyond their imagination. This is dangerous; consider how slowly the world reacted to COVID-19. Relying on hindsight is especially dangerous because there can also be uncertainty about events that have already occurred, as well as the future. People who behave like they have perfect knowledge may be ignorant of the extent of their own ignorance, or may consciously choose to disguise their ignorance instead of actively managing the resulting risk.
These tendencies have been vividly illustrated by the changing news about SMS blaster crime. I know something about both SMS blasters and the international flow of risk information by virtue of the daily automated multilingual news queries Commsrisk developed to identify new reports about the spread of SMS blasters worldwide. There has been an explosion in the number of results generated by these queries during the last few months. Commsrisk was literally the first English-language publication to report on the discovery on December 30, 2022, of a smishing SMS blaster in Paris. It was instantly big news in France but nobody covered the story in English, even though I delayed publication by a few days so the article would be seen by more people returning to work from their holidays. For several years afterwards, we had to look for news that was obscure and infrequent to corroborate the hypothesis that SMS blasters were more widespread than previously believed. Keep in mind that there was already a long history of SMS blaster crime in China, but most news reporting presents a phenomenon as ‘new’ if journalists and the public are unaware of it occurring elsewhere. The discovery of the same crime in Paris was a watershed moment, begging the question of why any expert in fraud prevention would assume criminal gangs will not take scams proven to be effective in China and replicate them elsewhere. That is why we started looking for more instances of these crimes around the globe, even though journalists in different countries often used different terminology to refer to essentially the same kind of crime.
Our original emphasis was on developing searches that looked for occasional stories that others would not find because they were so inconspicuous. Recent results from our automated searches are very different in character. The surge of news about SMS blasters — most of it written by people who appear to have 20/20 hindsight — now forces us to cope with a lot of duplication and misinformation. Old stories get repeated, sometimes by people who make them appear new. We have to weed out falsehoods because reports about actual cases get increasingly distorted each time they are copied, sometimes to the extent of inventing cases that never occurred. Misinformation about cases involving SMS blasters is spreading at an increasing rate alongside the older problem of some genuine cases receiving no coverage at the time they are identified.
