Organisational vulnerability: exploring the pathways

Paul Chipangura (African Centre for Disaster Studies, North-West University, Potchefstroom, South Africa)
Dewald van Niekerk (African Centre for Disaster Studies, North-West University, Potchefstroom, South Africa)
Fortune Mangara (African Centre for Disaster Studies, North-West University, Potchefstroom, South Africa)
Annegrace Zembe (African Centre for Disaster Studies, North-West University, Potchefstroom, South Africa)

Disaster Prevention and Management

ISSN: 0965-3562

Article publication date: 7 June 2024

Issue publication date: 16 December 2024

871

Abstract

Purpose

This study aimed to address the underexplored domain of organisational vulnerability, with a specific focus on understanding how vulnerability is understood in organisations and the underlying pathways leading to vulnerability.

Design/methodology/approach

This study utilised a narrative literature review methodology, using Google Scholar as the primary source, to analyse the concepts of organisational vulnerability in the context of disaster risk studies. The review focused on relevant documents published between the years 2000 and 2022.

Findings

The analysis highlights the multifaceted nature of organisational vulnerability, which arises from both inherent weaknesses within the organisation and external risks that expose it to potential hazards. The inherent weaknesses are rooted in internal vulnerability pathways such as organisational culture, managerial ignorance, human resources, and communication weaknesses that compromise the organisation’s resilience. The external dimension of vulnerability is found in cascading vulnerability pathways, e.g. critical infrastructure, supply chains, and customer relationships.

Originality/value

As the frequency and severity of disasters continue to increase, organisations of all sizes face heightened vulnerability to unforeseen disruptions and potential destruction. Acknowledging and comprehending organisational vulnerability is a crucial initial step towards enhancing risk management effectiveness, fostering resilience, and promoting sustainable success in an interconnected global environment and an evolving disaster landscape.

Keywords

Citation

Chipangura, P., van Niekerk, D., Mangara, F. and Zembe, A. (2024), "Organisational vulnerability: exploring the pathways", Disaster Prevention and Management, Vol. 33 No. 6, pp. 16-29. https://doi.org/10.1108/DPM-03-2024-0065

Publisher

:

Emerald Publishing Limited

Copyright © 2024, Paul Chipangura, Dewald van Niekerk, Fortune Mangara and Annegrace Zembe

License

Published by Emerald Publishing Limited. This article is published under the Creative Commons Attribution (CC BY 4.0) licence. Anyone may reproduce, distribute, translate and create derivative works of this article (for both commercial and non-commercial purposes), subject to full attribution to the original publication and authors. The full terms of this licence may be seen at http://creativecommons.org/licences/by/4.0/legalcode


Introduction

Disasters have become an unsettling norm in our world. The increasing frequency of disasters and their profound impacts on both human lives and assets (CRED, 2023) have rendered organisations, irrespective of their size, increasingly vulnerable to unanticipated interruptions and potential devastation. In 2022 alone, 387 disasters occurred worldwide, resulting in the tragic loss of 30,704 lives, affecting 185 million individuals, and inflicting estimated economic losses of around US$223.8bn (CRED, 2023). Such disaster events can compel organisations to close, relocate, or experience reduced productivity due to the direct physical damage inflicted upon their buildings, assets, and inventory. Due to disasters, organisations also face supply and demand fluctuations, loss of employees, suppliers, customers/sales, significant work stoppages and reduced efficiency due to disruptions in essential infrastructure such as electricity, water, sewage services, fuel, transportation, and telecommunications (Wasileski et al., 2011). The devastating impacts of disasters can be defined by organisations' vulnerability to such catastrophic events (Lo et al., 2021; Roux-Dufort, 2007). Organisational vulnerability thus plays a pivotal role in determining the extent to which disasters disrupt operations, inflict economic losses, and pose challenges to overall resilience (Roux‐Dufort, 2016). Moreover, organisational vulnerability can cascade into the economy with secondary effects on already vulnerable members of society (Zhang et al., 2009).

However, the concept of organisational vulnerability remains inadequately explored within the broader domain of disaster risk management Lo et al. (2021) compared to the extensive literature on community vulnerability to environmental hazards (Zhang et al., 2009). The existing frameworks and models designed to evaluate organisational vulnerability predominantly concentrate on specific aspects, such as supply chain resilience, business continuity planning, or infrastructure reinforcement. In focusing on these specific aspects, they fall short of providing a holistic perspective on the vulnerability landscape. One can thus argue that while extensive research and established frameworks exist for assessing vulnerability at the community and societal levels, there remains a critical gap when it comes to organisational vulnerability. This lack of attention is particularly significant given the increasing frequency of disasters and that organisational vulnerability is a crucial factor contributing to the development of crises and disasters in organisations (Lo et al., 2021).

This article therefore seeks to delve deeper into the nature of organisational vulnerability, examining the factors that contribute to vulnerability pathways and systemic risks. This is important because understanding vulnerability plays a pivotal role in risk management, as identifying vulnerabilities enables organisations to engage in proactive assessment and mitigation of potential risks, thereby bolstering their overall resilience (Kunreuther and Heal, 2003). Moreover, organisational vulnerability research is intricately linked to disaster preparedness, allowing organisations to anticipate vulnerabilities that may surface during crises and formulate effective response and recovery strategies (Schoemaker and Day, 2021). Furthermore, organisational vulnerability research is instrumental in crisis management, as it aids in identifying deficiencies within crisis management plans and offers insights for refining response mechanisms (Roux-Dufort, 2007).

Methodology

This research utilised a narrative literature review to pursue its aim. The primary goal of this narrative review was to critically examine the concept of organisational vulnerability in disaster risk studies. To initiate this research endeavour, the study initially explored the vulnerability literature using Google Scholar to frame its research questions. The exploration revealed that vulnerability research tends to concentrate on geography, natural resources, environmental management, sociology, and public health and focuses on families and households rather than on organisations. Recognising this research gap, the present study aimed to address the underexplored domain of organisational vulnerability, with a specific focus on understanding how vulnerability is understood in organisations and the underlying pathways leading to vulnerability. Therefore, the following research questions were formulated: (1) How is organisational vulnerability theorised in general and at the organisational level, and (2) What are the organisational vulnerability pathways? The next step was to define the extent of the research. Guided by the aim of the study, the focus was on organisational vulnerability from a disaster risk management perspective. Further, the study delineated the criteria for the literature search and the selection of the most appropriate database. Google Scholar was chosen because it provides a wide range of scholarly literature. The key search terms employed were: “Vulnerability”, “organisational vulnerability”, and “organisational vulnerability” AND “pathway.” On Google Scholar, the search query “Vulnerability” yielded a substantial 2,810,000 documents, while “organisational vulnerability” produced 365 documents, and “organisational vulnerability” AND “pathway” yielded 33 documents. These search results encompassed materials published from 2000 to 2022. Articles lacking full-text availability, not presented in English, and that did not exhibit relevance to organisational vulnerability in their title or abstract were excluded from consideration. The article selection process prioritised relevance, significance, and contribution to the understanding of organisational vulnerability. This allowed the inclusion of diverse perspectives, theoretical insights, and case studies in this review.

Human organisations overview

To understand the vulnerability of organisations it is important to appreciate the nature of human organisations. Organisations can come in various forms, such as businesses, academic institutions, humanitarian agencies, non-profit entities, government agencies, and more. Human organisations may be understood as a system/network with explicitly established reciprocal dependencies between people, which, according to their competencies, collaborate to achieve common objectives or realise predefined missions (Gadomski, 2009). Thus, the characterisation of the organisation starts with the identification of the system’s mission(s) and the primary functions required completing the mission(s). This is fundamental in identifying potential impacts on mission-critical systems that support the ability of the organisation to deliver goods/services. At their core, organisations embody social systems, where individuals with diverse skills, roles, and perspectives come together to achieve common purposes (Lunenburg, 2017). Organisational structures provide the framework for coordination, delineating hierarchies, communication channels, and responsibilities. Simultaneously, organisations reflect dynamic ecosystems, constantly adapting to external influences such as technological advancements, market fluctuations, and societal changes (Zahra and Nambisan, 2012). The culture within an organisation, composed of values, norms, and traditions, shapes the behaviours and interactions of its members (Macintosh-Murray and Choo, 2002).

Organisational vulnerability

Etymologically, the term “vulnerability” originates from the Latin word vulnerabilis, which is derived from vulnerare meaning “to wound” (Parley, 2011). In general, “vulnerability” refers to the capacity to be wounded (Füssel, 2007), or lack of sufficient resistance to unexpected but possible events (Gadomski, 2009). The term has also regularly been described as “a function of both a system’s exposure and sensitivity to stress and its capacity to absorb or cope with the effects of stressors” (Füssel, 2007, p. 162). However, the term “vulnerability” has been used in a variety of research contexts such as disaster risk studies, social work, sociology, psychology, health sciences, development studies, climate science, and global environmental change. As such vulnerability is perceived in different ways by scholars from different knowledge domains. Such differences in the perception of vulnerability can be traced to two broad intellectual lineages: (a) the “application of political-ecological and/or political-economic frameworks” and (b) studies that draw heavily from “risk-hazard (RH) or biophysical approaches” (Eakin and Luers, 2006, p. 367). These intellectual lineages have led to different methodological choices, measurement criteria and levels of analysis applied to the vulnerability construct as indicated below.

Political-economy lineage

Vulnerability, as analysed through political-economy lenses, underscores the intricate interplay of socio-political, cultural, and economic dynamics that collectively elucidate the varying degrees of susceptibility to hazards. Thus, vulnerability encompasses the differential capacity to withstand and recover from preceding impacts, and the ability to effectively manage and adapt to forthcoming threats (Eakin and Luers, 2006). Thus, vulnerability denotes the internal condition of a subject or system that is susceptible to a hazard (Singh et al., 2014). It represents a variable indicative of the system’s inherent propensity to be impacted or vulnerable to harm. From the political-economy lineage, definitions of vulnerability are thus generally “hazard-independent” where vulnerability is seen as an internal state of a system, which exists regardless of external hazards (Eakin and Luers, 2006). In organisations, Einarsson and Rausand (1998) used the term “vulnerability” to describe weaknesses in an industrial system that may hinder its ability to survive and carry out its mission in the presence of threats. These weaknesses encompass various facets of the system, including its physical infrastructure such as production equipment, premises, human resources, organisational structure, and technological components such as hardware, software, and network infrastructure. In line with Wisner et al. (2004) vulnerability is understood as the characteristics of an organisation in terms of its capacity to anticipate, cope with, resist, and recover from the impact of a hazard. When organisations are vulnerable, a threshold is determined by the system’s absorption and redirection capacities. Organisational systems may, also be exposed to deprivation events, for example, a lack of resources. In this case, vulnerability thresholds are determined by system retention and replacement capacities (Zhang et al., 2009). For a comprehensive understanding of vulnerability, one must identify the different organisational factors that contribute to vulnerability.

The risk-hazard (RH) lineage

The Risk-Hazard (RH) lineage stems from the natural hazards literature, and delineates, on a broad scale, the scope of vulnerability encompassing (a) the factors to which we are susceptible, (b) the anticipated consequences of such vulnerabilities, and (c) the spatial and temporal dimensions of the resulting impacts (Eakin and Luers, 2006; Johnson et al., 2023). The RH model has been employed to understand the impacts of hazards on an entity by considering its level of exposure to the hazard event and the entity’s responsiveness to it. This model systematically recognises potential hazards that have the potential to affect an organisation, evaluates the corresponding risk (probability of hazard occurrence and implications for the organisation), and subsequently assigns priorities to vulnerabilities (Johnson et al., 2023). The vulnerability of the organisation or a system is thus viewed as being determined by the nature of the physical hazards confronting the organisation, the probability of occurrence of hazards, the organisation’s level of exposure to hazards, and the system’s susceptibility to the effects of hazards (Eakin and Luers, 2006). As such vulnerability has been defined as: “the degree of loss to a given element at risk or set of elements at risk resulting from the occurrence of a natural phenomenon of a given magnitude and expressed on a scale from 0 (no damage) to 1 (total damage)” (UNDRO, 1991). The definitions of vulnerability from risk/hazard or biophysical approaches can be regarded as “hazard-dependent” where vulnerability is viewed as the amount of damage experienced by a system after being affected by a hazard (Johnson et al., 2023). In organisations, this definition of vulnerability is mostly related to an organisation’s fixed assets such as buildings and structures at risk and how these are damaged by hazards, due to physical forces exerted by ground motion, wind, water, etc. (Papathoma-Köhle et al., 2019). As such, the term “vulnerability” has been used to depict a system’s inherent susceptibility or inadequacy in withstanding diverse threats, encompassing both internal challenges such as internal crises and improper reorganisation, as well as external hazards like perilous situations, attacks, intrusions (emanating from human-based, natural, technological, and market threats) both within and beyond the system’s boundaries (Gadomski, 2009).

Organisational vulnerability, therefore, encompasses both external and internal dimensions. The external dimension pertains to the threat of events that may heighten the risk exposure of organisations. Meanwhile, the internal dimension relates to the organisation’s inherent capacity to withstand or respond to such events, including its susceptibility to coping with hazards or its deficiency in resources to manage the repercussions of significant losses. Thus, as Seville et al. (2008) note, organisational vulnerability can be viewed as the potential for an organisation to experience adverse effects or negative consequences from internal and external hazards or shocks due to characteristics or factors present within the organisation. Here, organisational vulnerabilities are rooted at different levels of the organisation, namely in the human, organisational, and technological components (Reason, 2000). Therefore, they are generated through the accumulation and convergence of unmanaged or mismanaged organisational processes (Roux-Dufort, 2007). In essence, organisational vulnerability can be viewed as the degree to which an organisation is exposed to potential risks, threats, or disruptions that can negatively (or positively) impact its ability to function effectively and achieve its objectives. It encompasses the organisation’s susceptibility to various internal and external factors that may lead to adverse or beneficial consequences, including financial losses and gains, operational disruptions, reputational damage, or harm to its employees and stakeholders. Organisations are vulnerable to various hazards in several ways as detailed below.

Organisational vulnerability pathways

Organisational vulnerability can be conceptualised as evolving through relatively structured pathways wherein human and organisational factors intersect to form vulnerabilities within a system (Smith, 2005). These vulnerability pathways can be understood as the channels or routes through which vulnerabilities can arise and propagate within an organisation. They represent the interconnected factors, processes, and interactions that contribute to the emergence and amplification of vulnerabilities within the organisation. These pathways can be grouped into internal and cascading organisational vulnerability pathways. Throughout an organisation’s lifespan, multiple pathways of vulnerability may arise (Smith, 2005) and understanding these pathways is essential for identifying the root causes of vulnerabilities.

Internal vulnerability pathways

Following the political economy argument above, internal organisational vulnerability can be considered as weaknesses within an organisation’s internal structure, processes, systems, and culture making it vulnerable to various hazards/threats. The following section presents some critical internal organisational vulnerability pathways.

Organisational culture pathway

Organisational culture significantly influences how organisations perceive and respond to disasters. It provides a valuable “portmanteau concept that bundles up the ‘baggage’ people bring to sense-making: the different values, beliefs, norms, frames, and cognitive structures” (Macintosh-Murray and Choo, 2002, p. 240). Organisational culture can be conceptualised as the fundamental assumptions and beliefs collectively held by the members of an organisation, which operate at a subconscious level and serve to shape the organisation’s perception of itself and its surroundings (Schein, 2010). The taken-for-granted nature of organisational culture may result in organisations becoming “trapped” by their culture, thereby encountering challenges in effecting cultural change beyond the confines of their existing cultural framework (Schein, 2010). This is because expectations and beliefs can create norms that shape the behaviour of individual employees and groups in organisations. For instance, Hald et al. (2021, p. 460) contend that during the 1986 Chernobyl nuclear disaster and the 1988 Piper Alpha oil rig explosion, senior managers' prioritisation of alternative concerns (e.g. productivity) resulted in operational choices that compromised safety, normalised risky practices, and led to inadequacies in emergency management preparedness. Thus, as Morgan (2006) argues, one of the interesting aspects of culture is that it creates a form of “blindness” and ethnocentrism. This blindness is usually because of “voicing” and “hearing” cultural factors where “voicing” is a failure of personnel to articulate concerns regarding institutional issues to individuals in positions of authority, while “hearing” factors pertain to management’s failure to respond to the information provided regarding institutional problems (Hald et al., 2021). Culture’s pervasive influence becomes apparent through its impact on decision-making, information distortion, and communication channels. While culture can contribute to business success, it can also erect barriers that propel organisations toward crises. Culture’s potential to create myopia, distortions, inertia, and misalignments with changing realities highlights its dual nature in shaping an organisation’s fate.

Managerial ignorance pathway

Managerial ignorance refers to a form of knowledge rooted in erroneous cognitive beliefs held by one or more managers concerning the emergence of anomalies, vulnerabilities, and the onset of disruptions and crises (Roux-Dufort, 2007). These beliefs distort managers’ perceptions of anomalies, vulnerabilities, and disruptions, causing them to be ignored, concealed, or rejected (Roux-Dufort, 2009). Brown and Starkey (2000) argue that managerial ignorance goes beyond simply lacking information. They underscore ignorance as a defence mechanism, where managers deliberately overlook issues that challenge their self-esteem or the status quo. This perspective is consistent with Roux-Dufort’s (2007) assertion that managerial ignorance can be viewed as a self-regulatory mechanism of managers' threatened self-esteem. As organisational imperfections become apparent, they engender anxiety-inducing assumptions that disrupt established patterns of predictability and regularity within the organisation. Roux-Dufort (2007) observes that the extent of imperfections correlates positively with the likelihood of self-esteem alteration, positing that heightened anxiety prompts managers to uphold their self-esteem through continual engagement in ego-defence mechanisms. Similarly, Alvesson and Spicer (2012) shed light on a phenomenon that often goes unnoticed: “functional stupidity”. This term describes a purposeful state of non-reflection and ignorance prevailing within organisational contexts, characterised by the acceptance of unresolved inquiries and the reluctance to confront established norms. Nevertheless, it’s worth noting that “functional stupidity” can also yield detrimental outcomes, as it can confine individuals and organisations within problematic cognitive frameworks, fostering conditions conducive to personal and organisational discord (Alvesson and Spicer, 2012). Thus, managerial ignorance and “functional stupidity”, can lead to distorted sense-making, affecting the way individuals and groups interpret and understand events and information (Weick and Sutcliffe, 2007). This may result in inadequate risk management practices, limited investment in disaster preparedness, and a cycle of repeated vulnerabilities (Tierney, 2014).

Human resources pathway

Without human resources, other factors of production, like machinery and financial resources are useless. Human resources resilience is indispensable for ensuring business continuity, particularly in times of crisis. Human resources resilience may be understood as employees' capacity to effectively navigate and overcome adverse events in the work environment (Hartwig et al., 2020). However, disasters can profoundly affect businesses, particularly in terms of their workforce (Zhang et al., 2009). Employee casualties resulting from disasters, whether through injuries, illnesses, or deaths, disrupt normal business operations by rendering employees temporarily or permanently unavailable (Cherry and Trainer, 2008). Moreover, family casualties and damage to employees’ homes can also reduce work hours or necessitate extended leaves of absence (Zhang et al., 2009). Even temporary population dislocation can hinder business operations, as employees may be preoccupied with restoring their households, filing insurance claims, or dealing with disrupted workplace access. As noted by Cherry and Trainer (2008), staffing shortages undermine disaster preparedness and severely impact an organisation’s ability to respond and recover from hazards. Stress, especially in tightly coupled work systems, contributes to adverse outcomes such as post-traumatic stress syndromes, burnout, depression, anxiety, and interpersonal conflicts (Flin and O'Connor, 2017), ultimately diminishing efficiency, decision-making, and safety while escalating healthcare costs and legal liabilities. Employees experiencing stress are prone to reduced efficiency and effectiveness in executing their designated responsibilities. This condition often leads to compromised decision-making capabilities and behaviours that may put themselves or fellow team members at risk, consequently disrupting the optimal functioning of the team (Flin and O'Connor, 2017).

Communication pathway

Information failures have been identified as a notable contributing factor and prerequisite in the investigation of organisational disasters and accidents (Toft and Reynolds, 2016). Within these investigations, numerous instances are documented wherein warning signals were overlooked or disregarded, and where the mishandling of information could have averted catastrophic outcomes (Macintosh-Murray and Choo, 2002). According to Turner (1994), failure in communication and failure to relay complete information contribute to every catastrophe. Miscommunication could be disastrous as it leads to poor decisions and delays in decision-making, which may ultimately lead to disasters. According to Flin and O'Connor (2017) and Graham (2019), inadequate communication has frequently been cited as a factor contributing to workplace accidents, such as the Piper Alpha disaster in 1988. Communication problems are often attributed to various factors such as interpersonal and intergroup communication challenges, personality clashes, and uncertainty regarding hierarchy and responsibility (Graham, 2019). Therefore, communication is crucial as it serves as a fundamental activity for decision-making, enhancing situation awareness, facilitating team coordination, and fostering effective leadership (Flin and O'Connor, 2017).

Capital vulnerability pathway

Capital vulnerability in the context of hazards and disasters can be viewed as an organisation’s financial and resource-related susceptibility to adverse impacts resulting from natural and technological hazards. It encompasses the exposure of an organisation’s capital resources, such as fixed assets, working capital, and financial reserves, to the destructive forces of hazards (Zhang et al., 2009). Fixed assets, including buildings, equipment, and infrastructure, are a vital component of an organisation’s capital base (Zhang et al., 2009). These assets are often vulnerable to physical damage during hazards like earthquakes, floods, and fires. Authors like Zhang et al. (2009) have emphasised that businesses heavily reliant on fixed assets are more susceptible to disruptions. Working capital, which includes cash, inventory, and accounts receivable, plays a crucial role in an organisation’s ability to maintain operations during and after disasters (Hamshari et al., 2022). Interruptions in the supply chain, disruptions in cash flow, or inventory losses can erode an organisation’s working capital, rendering it more vulnerable to hazards. For example, the case of Hurricane Katrina in 2005 illustrates the vulnerability of inventories, causing significant disruptions in various industries (Hallegatte, 2012). Furthermore, organisations with limited financial resources struggle to recover from the COVID-19 pandemic due to inadequate funds (Paul et al., 2021). The debt and financial leverage level within an organisation can significantly impact its capital vulnerability. High levels of debt can exacerbate financial strain following disasters, as organisations must allocate substantial resources to debt servicing (Tierney, 2007). The aftermath of Hurricane Katrina provides a compelling case study of capital vulnerability. Many businesses, particularly smaller ones with limited financial reserves, experienced significant economic vulnerability due to the destruction of their fixed assets and inventories (Hallegatte, 2012). The lack of access to capital impeded their recovery efforts, resulting in closures and job losses (Zhang et al., 2009). This case underscores the importance of financial preparedness in reducing capital vulnerability.

Cascading organisational vulnerability pathways

With the proliferation of interconnected systems in organisations, the potential for a single point of failure to lead to a broader system collapse has grown significantly. Cascading vulnerability is a phenomenon that highlights the interdependencies and fragility of systems. The term “cascading” underscores how vulnerabilities propagate from one component to another, creating a domino effect that can result in severe disruptions (Pescaroli and Alexander, 2016). Understanding the dynamics of cascading vulnerability is crucial for enhancing the resilience and security of modern technological ecosystems. Cascading vulnerabilities can be critical infrastructure, supply chains, and customers, as presented below.

Critical infrastructure vulnerability pathway

The UNISDR (2016, p. 12/41) defines critical infrastructure as: “the physical structures, facilities, networks and other assets which provide services that are essential to the social and economic functioning of a community or society”. It consists of “complex networks, geographically dispersed, nonlinear, and interacting among themselves and their human owners, operators, and users” (Pescaroli and Alexander, 2016). Critical infrastructure also evolves a dynamic interplay of various elements, including nature, culture, society, technology, and politics, shaping its development and resilience (Pescaroli and Alexander, 2016). These critical infrastructures are essential to the operation of organisations, e.g. the availability of electricity, water, efficient sewer systems and waste management. As Dalziell (2005) noted: buildings without water, and hence sewage, quickly become unusable because of health concerns and information technology systems, communication systems and a myriad of other equipment rely on electricity. However, the increasing interdependence of businesses on critical infrastructures also makes them vulnerable to cascading disasters. In this pathway, disruption, or failure in one critical infrastructure can trigger failures in other interconnected systems, causing a cascading effect and exacerbating the overall impact (Gong et al., 2023). This phenomenon is especially pronounced in strategic sectors like energy, telecommunications, and transportation, where a disruption within one segment of an infrastructure network can swiftly trigger far-reaching consequences, cascading across the network and potentially spilling over into other interconnected systems. For instance, the floods in Thailand in 2010 triggered a worldwide scarcity of computer components, highlighting the interconnectedness of these systems (Arosio et al., 2020). It can be argued that critical infrastructure can operate as a “vulnerability magnifier,” whereby its spatial distribution and interconnections act as channels for risk propagation across diverse geographical areas (Pescaroli and Alexander, 2016). For instance, the effects of load shedding have had a profound impact on the South African economy, leading to industry shutdowns, a significant decrease in productivity, rising unemployment rates, adverse effects on healthcare services, and a crisis in education, among other consequences (Naidoo, 2023).

Supplier vulnerability pathway

The dependency on external suppliers has grown significantly in modern supply chain management, making organisations susceptible to the vulnerabilities and risks associated with their suppliers. The September 11, 2001, terrorist attacks in the USA, the 2011 Tohoku earthquake and tsunami that struck the northeast coast of Japan and COVID-19 (Richardson et al., 2021) serve as stark illustrations of the unpredictable and uncertain environment in which organisations and their global supply chains operate. These instances highlight the vulnerabilities and risks businesses face in a world marked by sudden and unforeseeable disruptions. Supplier vulnerability, as articulated by Carvalho et al. (2022), can be viewed as the susceptibility of a supplier to disruptions and disturbances in its operations, which can affect the timely delivery of goods and services to the purchasing organisation. These disruptions can stem from various sources, such as disasters, geopolitical instability, financial crises, or operational inefficiencies within the supplier’s supply chain (Zhang et al., 2009). Scholars such as Pescaroli and Alexander (2016) emphasise that disruptions in the supply chain, often triggered by disasters, can have a domino effect on an organisation’s operations. Events like the Eyjafjallajökull volcano eruption (2010), the Tohoku earthquake and tsunami (2011), and Hurricane Sandy (2013), vividly illustrate how supplier vulnerabilities can trigger a domino effect of disruptions, severely affecting organisational resilience (Pescaroli and Alexander, 2016). Similarly, Sheffi (2001) emphasises the vulnerability of supply chains to disruptions and the cascading effect on organisations in his research on the 9/11 attacks. In the context of food supply chains, Qian et al. (2011) present a case study of the 2008 Chinese milk scandal, revealing how supplier vulnerability can jeopardise an organisation’s reputation and market position. Authors such as Zhang et al. (2009) suggest that organisations that rely heavily on a single supplier are at greater risk of disruption. Therefore, the interplay between supplier vulnerability to disasters and organisational vulnerability is a critical dimension deserving of thorough analysis and strategic attention. Supplier vulnerability is a crucial determinant of organisational vulnerability, necessitating comprehensive scrutiny and proactive mitigation measures in an era where resilience and adaptability are paramount for sustained business success.

Customers vulnerability pathway

Consumer vulnerability represents a critical pathway to organisational vulnerability to disasters. Scholars such as Morrish and Jones (2020) have emphasised the importance of recognising that customers, as stakeholders, can themselves be severely impacted by disasters (loss of income, family members, livelihoods etc.), affecting their ability to engage with the organisation. Customer vulnerability can be viewed as a perceived lack of control within market interactions, necessitating external factors, such as marketers, to ensure fairness (Nancy et al., 2020). As Nancy et al. (2020) argue this view underscores two key aspects of vulnerability: first, it signifies a sense of powerlessness in market exchanges and second, vulnerability is contingent upon situational and contextual variables. Due to vulnerability, customers may regularly experience feelings of being “underserved, ignored, or excluded” within the marketplace they aim to engage with (Kaufman-Scarborough, 2015). When organisations overlook or mishandle the needs of vulnerable consumers in disaster planning and response, it can lead to a cascade of adverse effects which includes potential lawsuits and legal challenges, loss of trust and reputation, (Kuipers and Schonheit, 2022). For example, during the 2017 Equifax data breach, the company’s initial lack of transparency and proactive measures to protect affected consumers not only resulted in a loss of consumer trust but also led to numerous lawsuits and regulatory penalties, underscoring the link between consumer vulnerability and organisational vulnerability (Kuipers and Schonheit, 2022). This view is also echoed by Ma (2018) who emphasises the role of customer trust and loyalty in disaster situations, indicating that failing to meet customer expectations during crises can have lasting adverse effects. These collective insights and empirical cases illuminate the intricate relationship between customer and organisational vulnerability, underscoring the imperative of addressing this dimension in disaster risk management. Consequently, organisations must recognise consumer vulnerability as a potential pathway to organisational vulnerability during disasters and take proactive measures to ensure fairness, inclusivity, and effective disaster response.

Geographical location vulnerability pathway

Geographic location is a critical determinant of organisational vulnerability, significantly influencing an organisation’s susceptibility to various risks and crises. The physical setting in which an organisation operates can introduce both natural and anthropogenic hazards, shaping its level of vulnerability. As Bansal et al. (2019) argue, there is a direct correlation between geographic proximity to hazards and an organisation’s vulnerability to disasters. For instance, organisations in regions predisposed to seismic activity, floods, hurricanes, wildfires, tsunamis, and other natural hazards face an elevated vulnerability quotient (Bansal et al., 2019). Similarly, organisations in coastal areas are vulnerable to sea-level rise and storm surges due to their proximity to the ocean (Azevedo De Almeida and Mostafavi, 2016). Geographic location also influences supply chain vulnerability (Hendricks et al., 2020). Organisations that rely on suppliers located in hazard-prone regions can experience disruptions in their supply chains during disasters. Disasters affecting suppliers can lead to shortages, production delays, and increased costs for organisations downstream in the supply chain. For instance, the earthquake and tsunami that struck Japan in 2011 disrupted the supply chains of numerous global manufacturers due to the concentration of suppliers in the affected regions (Park et al., 2013). Geographical location also becomes a crucible where challenges of resource accessibility come to the fore, particularly for organisations in remote or secluded areas (Hendricks et al., 2020). These organisations grapple with hurdles in accessing vital resources like transportation infrastructure, utilities, and skilled labour. Moreover, their proximity to critical infrastructure components such as power plants, transportation hubs, and water treatment facilities amplifies vulnerability; any mishap, assault, or technical malfunction can have far-reaching repercussions (Pescaroli and Alexander, 2016). In tandem with these aspects, geographic location may usher in regulatory and zoning practice variations, which can considerably affect an organisation’s ability to implement mitigation measures or adapt to environmental changes (Zhang et al., 2009). Distinct zoning regulations can either facilitate or impede an organisation’s endeavours to construct resilient structures or undertake land-use practices that mitigate vulnerability (Cutter et al., 2008). In essence, geographic location encompasses many facets that collectively shape organisational vulnerability, necessitating careful consideration in risk assessment and mitigation efforts.

Conclusion

Organisational vulnerability, as illuminated in this exploration, is a complex construct with dimensions extending beyond the immediate threat of external events. As is highlighted in the risk-hazard and political economy lineages, it encompasses both the external peril an organisation faces and its internal capacity to withstand or respond to such threats. The external dimension encompasses the looming risk posed by events that can predispose organisations to potential hazards. These factors manifest in the intricate interconnections among organisational systems, leading to cascading vulnerabilities evident in critical infrastructure, supply chains, and customer relations. Simultaneously, the internal dimension delves into the organisational capacity to withstand or respond to disaster events, representing a defencelessness or lack of means to cope effectively with ensuing challenges. Internal vulnerability pathways thus encompass factors like organisational culture, managerial oversight, human resources, financial capital, and communication gaps. Understanding organisational vulnerability is therefore key to fortifying resilience and safeguarding success against unforeseen challenges. It enables organisations to proactively identify potential risks and implement strategic measures to mitigate them. By analysing vulnerability pathways, organisations can fortify their defences, enhance adaptability, and foster a culture of resilience in the face of uncertainties. Moreover, examining organisational vulnerability not only safeguards against potential disruptions but also fuels innovation and growth. Thus, by recognising weaknesses, organisations can leverage insights to drive continuous improvement, optimise resource allocation, and seize new opportunities for sustainable success. Organisations should therefore prioritise conducting comprehensive vulnerability assessments that encompass both the external and internal dimensions of organisational vulnerability to enhance resilience. Therefore, future research should focus on addressing the root causes of organisational vulnerability to promote adaptive and proactive measures for risk management and disaster resilience.

References

Alvesson, M. and Spicer, A. (2012), “A Stupidity‐Based theory of organisations”, Journal of Management Studies, Vol. 49 No. 7, pp. 1194-1220, doi: 10.1111/j.1467-6486.2012.01072.x.

Arosio, M., Martina, M.L. and Figueiredo, R. (2020), “The whole is greater than the sum of its parts: a holistic graph-based assessment approach for natural hazard risk of complex systems”, Natural Hazards and Earth System Sciences, Vol. 20 No. 2, pp. 521-547, doi: 10.5194/nhess-20-521-2020.

Azevedo De Almeida, B. and Mostafavi, A. (2016), “Resilience of infrastructure systems to sea-level rise in coastal areas: impacts, adaptation measures, and implementation challenges”, Sustainability, Vol. 8 No. 11, p. 1115, doi: 10.3390/su8111115.

Bansal, S., Biswas, S. and Singh, S. (2019), “Holistic assessment of existing buildings: Indian context”, Journal of Building Engineering, Vol. 25, 100793, doi: 10.1016/j.jobe.2019.100793.

Brown, A.D. and Starkey, K. (2000), “Organizational identity and learning: a psychodynamic perspective”, Academy of Management Review, Vol. 25 No. 1, pp. 102-120.

Carvalho, H., Naghshineh, B., Govindan, K. and Cruz-Machado, V. (2022), “The resilience of on-time delivery to capacity and material shortages: an empirical investigation in the automotive supply chain”, Computers and Industrial Engineering, Vol. 171, 108375, doi: 10.1016/j.cie.2022.108375.

Cherry, R.A. and Trainer, M. (2008), “The current crisis in emergency care and the impact on disaster preparedness”, BMC Emergency Medicine, Vol. 8 No. 1, pp. 1-7, doi: 10.1186/1471-227x-8-7.

CRED (2023), 2022 Disasters in Numbers, CRED, Brussels, available at: https://cred.be/sites/default/files/2022_EMDAT_report.pdf (accessed 4 December 2023).

Cutter, S.L., Barnes, L., Berry, M., Burton, C., Evans, E., Tate, E. and Webb, J. (2008), “A place-based model for understanding community resilience to natural disasters”, Global Environmental Change, Vol. 18 No. 4, pp. 598-606, doi: 10.1016/j.gloenvcha.2008.07.013.

Dalziell, E.P. (2005), “Understanding the vulnerability of organisations”, Proceedings of the 1855 Wairarapa Earthquake Symposium, Wellington, 8-10 September 2005, pp. 130-135.

Eakin, H. and Luers, A.L. (2006), “Assessing the vulnerability of social-environmental systems”, Annual Review of Environment and Resources, Vol. 31 No. 1, pp. 365-394, doi: 10.1146/annurev.energy.30.050504.144352.

Einarsson, S. and Rausand, M. (1998), “An approach to vulnerability analysis of complex industrial systems”, Risk Analysis, Vol. 18 No. 5, pp. 535-546.

Flin, R. and O'connor, P. (2017), Safety at the Sharp End: A Guide to Non-technical Skills, CRC Press, FL.

Füssel, H.-M. (2007), “Vulnerability: a generally applicable conceptual framework for climate change research”, Global Environmental Change, Vol. 17 No. 2, pp. 155-167, doi: 10.1016/j.gloenvcha.2006.05.002.

Gadomski, A.M. (2009), “Human organisation socio-cognitive vulnerability: the TOGA meta-theory approach to the modelling methodology”, International Journal of Critical Infrastructures, Vol. 5 Nos 1-2, pp. 120-155, doi: 10.1504/ijcis.2009.022853.

Gong, S., Ye, Y., Gao, X., Chen, L. and Wang, T. (2023), “Empirical patterns of interdependencies among critical infrastructures in cascading disasters: evidence from a comprehensive multi-case analysis”, International Journal of Disaster Risk Reduction, Vol. 95, 103862, doi: 10.1016/j.ijdrr.2023.103862.

Graham, R. (2019), “Improving communications to improve safety”, in Overon, J.W. and Frazer, E. (Eds), Safety and Quality in Medical Transport Systems: Creating an Effective Culture, CRC Press, FL, pp. 159-178.

Hald, E.J., Gillespie, A. and Reader, T.W. (2021), “Causal and corrective organisational culture: a systematic review of case studies of institutional failure”, Journal of Business Ethics, Vol. 174 No. 2, pp. 457-483, doi: 10.1007/s10551-020-04620-3.

Hallegatte, S. (2012), “Modelling the roles of heterogeneity, substitution, and inventories in the assessment of natural disaster economic costs”, World Bank Policy Research Working Paper.

Hamshari, Y.M., Alqam, M.A. and Ali, H.Y. (2022), “The impact of the corona epidemic on working capital management for Jordanian companies listed on the Amman stock exchange”, Cogent Economics and Finance, Vol. 10 No. 1, 2157541, doi: 10.1080/23322039.2022.2157541.

Hartwig, A., Clarke, S., Johnson, S. and Willis, S. (2020), “Workplace team resilience: a systematic review and conceptual development”, Organisational Psychology Review, Vol. 10 Nos 1-3, pp. 169-200, doi: 10.1177/2041386620919476.

Hendricks, K.B., Jacobs, B.W. and Singhal, V.R. (2020), “Stock market reaction to supply chain disruptions from the 2011 Great East Japan Earthquake”, Manufacturing and Service Operations Management, Vol. 22 No. 4, pp. 683-699, doi: 10.1287/msom.2019.0777.

Johnson, D., Blackett, P., Allison, A.E. and Broadbent, A.M. (2023), “Measuring social vulnerability to climate change at the coast: embracing complexity and context for more accurate and equitable analysis”, Water, Vol. 15 No. 19, p. 3408, doi: 10.3390/w15193408.

Kaufman-Scarborough, C. (2015), “Social exclusion: a perspective on consumers with disabilities”, in Hamilton, K., Dunnett, S. and Piacentini, M. (Eds), Consumer Vulnerability: Conditions, Contexts and Characteristics, Routledge, New York, pp. 157-170.

Kuipers, S. and Schonheit, M. (2022), “Data breaches and effective crisis communication: a comparative analysis of corporate reputational crises”, Corporate Reputation Review, Vol. 25 No. 3, pp. 176-197, doi: 10.1057/s41299-021-00121-9.

Kunreuther, H. and Heal, G. (2003), “Interdependent security”, Journal of Risk and Uncertainty, Vol. 26 Nos 2/3, pp. 231-249, doi: 10.1023/a:1024119208153.

Lo, A.Y., Liu, S., Chow, A.S., Pei, Q., Cheung, L.T. and Fok, L. (2021), “Business vulnerability assessment: a firm-level analysis of micro-and small businesses in China”, Natural Hazards, Vol. 108 No. 1, pp. 867-890, doi: 10.1007/s11069-021-04710-z.

Lunenburg, F.C. (2017), “Organisational structure and design”, Journal of Educational Leadership and Policy Studies, Vol. 1 No. 1, pp. 21-43.

Ma, L. (2018), “How to turn your friends into enemies: causes and outcomes of customers' sense of betrayal in crisis communication”, Public Relations Review, Vol. 44 No. 3, pp. 374-384, doi: 10.1016/j.pubrev.2018.04.009.

Macintosh‐Murray, A. and Choo, C.W. (2002), “Information failures and catastrophes: what can we learn by linking Information Studies and disaster research?”, Proceedings of the American Society for Information Science and Technology, Vol. 39 No. 1, pp. 239-249, doi: 10.1002/meet.1450390126.

Morgan, G. (2006), Images of Organisation, SAGE, London.

Morrish, S. and Jones, R. (2020), “Post-disaster business recovery: an entrepreneurial marketing perspective”, Journal of Business Research, Vol. 113, pp. 83-92, doi: 10.1016/j.jbusres.2019.03.041.

Naidoo, C. (2023), “The impact of load shedding on the South Africa economy”, Journal of Public Administration, Vol. 58 No. 1, pp. 7-16.

Nancy, V.W., Jens, H., Ilma Nur, C., Hannes, F., Sahar, M., Julia, R.-K. and Rui, S. (2020), “Overcoming vulnerability: channel design strategies to alleviate vulnerability perceptions in customer journeys”, Journal of Business Research, Vol. 116, pp. 377-386, doi: 10.1016/j.jbusres.2019.07.027.

Papathoma-Köhle, M., Schlögl, M. and Fuchs, S. (2019), “Vulnerability indicators for natural hazards: an innovative selection and weighting approach”, Scientific Reports, Vol. 9 No. 1, 15026, doi: 10.1038/s41598-019-50257-2.

Park, Y., Hong, P. and Roh, J.J. (2013), “Supply chain lessons from the catastrophic natural disaster in Japan”, Business Horizons, Vol. 56 No. 1, pp. 75-85, doi: 10.1016/j.bushor.2012.09.008.

Parley, F.F. (2011), “What does vulnerability mean?”, British Journal of Learning Disabilities, Vol. 39 No. 4, pp. 266-276, doi: 10.1111/j.1468-3156.2010.00663.x.

Paul, S.K., Chowdhury, P., Moktadir, M.A. and Lau, K.H. (2021), “Supply chain recovery challenges in the wake of COVID-19 pandemic”, Journal of Business Research, Vol. 136, pp. 316-329, doi: 10.1016/j.jbusres.2021.07.056.

Pescaroli, G. and Alexander, D. (2016), “Critical infrastructure, panarchies and the vulnerability paths of cascading disasters”, Natural Hazards, Vol. 82 No. 1, pp. 175-192, doi: 10.1007/s11069-016-2186-3.

Qian, G., Guo, X., Guo, J. and Wu, J. (2011), “China's dairy crisis: impacts, causes and policy implications for a sustainable dairy industry”, International Journal of Sustainable Development and World Ecology, Vol. 18 No. 5, pp. 434-441, doi: 10.1080/13504509.2011.581710.

Reason, J (2000), “Human error: models and management”, BMJ, Vol. 320 No. 7237, pp. 768-770.

Richardson, R., Quinet, G. and Kitajima, U. (2021), “Supply chain risk as a barrier to trade: a concise exploration”, International Management Review, Vol. 17 No. 2, pp. 48-53.

Roux-Dufort, C. (2007), “A passion for imperfections: revisiting crisis management”, in Pearson, C.M., Roux‐Dufort, C. and Clair, J.A. (Eds), International Handbook of Organisational Crisis Management, Sage, Thousand Oaks, CA, pp. 221-252.

Roux‐Dufort, C. (2009), “The devil lies in details! How crises build up within organisations”, Journal of Contingencies and Crisis Management, Vol. 17 No. 1, pp. 4-11, doi: 10.1111/j.1468-5973.2009.00563.x.

Roux‐Dufort, C. (2016), “Delving into the roots of crises: the genealogy of surprise”, in Schwarz, A., Seeger, M.W. and Auer, C. (Eds), The Handbook of International Crisis Communication Research, John Wiley & Sons, pp. 24-43, doi: 10.1002/9781118516812.ch3.

Schein, E.H. (2010), Organisational Culture and Leadership, Wiley, CA.

Schoemaker, P.J. and Day, G. (2021), “Preparing organisations for greater turbulence”, California Management Review, Vol. 63 No. 4, pp. 66-88, doi: 10.1177/00081256211022039.

Seville, E., Brunsdon, D., Dantas, A., Le Masurier, J., Wilkinson, S. and Vargo, J. (2008), “Organisational resilience: researching the reality of New Zealand organisations”, Journal of Business Continuity and Emergency Planning, Vol. 2 No. 3, pp. 258-266.

Sheffi, Y. (2001), “Supply chain management under the threat of international terrorism”, The International Journal of Logistics Management, Vol. 12 No. 2, pp. 1-11, doi: 10.1108/09574090110806262.

Singh, S.R., Eghdami, M.R. and Singh, S. (2014), “The concept of social vulnerability: a review from disasters perspectives”, International Journal of Interdisciplinary and Multidisciplinary Studies, Vol. 1 No. 6, pp. 71-82.

Smith, D. (2005), “Business (not) as usual: crisis management, service recovery and the vulnerability of organisations”, Journal of Services Marketing, Vol. 19 No. 5, pp. 309-320, doi: 10.1108/08876040510609925.

Tierney, K.J. (2007), “Businesses and disasters: vulnerability, impacts, and recovery”, in Rodriguez, H., Quarantelli, E.L. and Dynes, R.R. (Eds), Handbook of Disaster Research, Springer, New York, pp. 275-296.

Tierney, K. (2014), The Social Roots of Risk: Producing Disasters, Promoting Resilience, Stanford University Press, Stanford.

Toft, B. and Reynolds, S. (2016), Learning from Disasters, Palgrave Macmillan, London.

Turner, B.A. (1994), “Causes of disaster: sloppy management”, British Journal of Management, Vol. 5 No. 3, pp. 215-219, doi: 10.1111/j.1467-8551.1994.tb00172.x.

UNDRO (1991), Mitigating Natural Disasters: Phenomena, Effects, and Options: A Manual for Policymakers and Planners, UNDRO, New York.

UNISDR (2016), Report of the Open-Ended Intergovernmental Expert Working Group on Indicators and Terminology Relating to Disaster Risk Reduction, UNISDR, Geneva.

Wasileski, G., Rodríguez, H. and Diaz, W. (2011), “Business closure and relocation: a comparative analysis of the Loma Prieta earthquake and Hurricane Andrew”, Disasters, Vol. 35 No. 6, pp. 102-129, doi: 10.1111/j.1467-7717.2010.01195.x.

Weick, K.E. and Sutcliffe, K.M. (2007), Organizations and the Unexpected: Resilient Performance in an Age of Uncertainty, 2nd ed., Jossey-Bass, San Francisco.

Wisner, B., Blaikie, P., Cannon, T. and Davis, I. (2004), At Risk: Natural Hazards, People's Vulnerability and Disasters, Psychology Press, London.

Zahra, S.A. and Nambisan, S. (2012), “Entrepreneurship and strategic thinking in business ecosystems”, Business Horizons, Vol. 55 No. 3, pp. 219-229, doi: 10.1016/j.bushor.2011.12.004.

Zhang, Y., Lindell, M.K. and Prater, C.S. (2009), “Vulnerability of community businesses to environmental disasters”, Disasters, Vol. 33 No. 1, pp. 38-57, doi: 10.1111/j.1467-7717.2008.01061.x.

Further reading

Kendra, J. and Wachtendorf, T. (2016), American Dunkirk: The Waterborne Evacuation of Manhattan on 9/11, Temple University Press, Philadelphia.

Corresponding author

Paul Chipangura can be contacted at: chipangurap@gmail.com

Related articles