Three domains. Three different contexts.
But in each case, network analysis revealed structural insights that traditional methods couldn’t surface – which nodes are genuinely critical, where failures would cascade, which connections carry the most risk.
1. UK Government Chronic Risks Analysis
Domain: National policy and strategic risk
The UK Government’s Chronic Risks Analysis identifies 26 long-term stresses – from climate change to organised crime to AI – and maps relationships between them. The Government did the hard work of documenting the network. But narrative form cannot answer structural questions: Which risks drive the network? Where do consequences converge? Which relationships bridge otherwise separate domains?
What Risk Explorer revealed:
- Serious Organised Crime ranks highest across four different structural importance measures. It’s the transmission mechanism linking economic, technological, and security domains – not just a security problem, but a thread connecting multiple threat domains into a coherent ecosystem.
- AI and Climate Change primarily transmit effects outward – they’re upstream drivers that feed the system. Vulnerable Populations primarily receives effects – it’s the convergence point where consequences from multiple domains accumulate.
- The 26 risks cluster into five natural communities connected by just seven bridging relationships. Serious Organised Crime appears in three of those bridges. Climate appears in two. Together they form the primary cross-domain transmission infrastructure.
- Compound events are structural, not exceptional. In a system where each risk connects to nearly half the others, shocks don’t stay local. Scenario planning that treats compound events as unlikely “perfect storms” underestimates how systemic risk actually behaves.
Key insight: The relationships were always in the report. The structure was always present. Network analysis makes it visible – and actionable.
2. Financial Services Operational Resilience
Domain: Banking and financial services
UK regulation requires firms to map dependencies supporting Important Business Services, identify vulnerabilities, and demonstrate they can remain within impact tolerances during disruption. These are fundamentally structural questions – about how things connect, what flows through those connections, and what happens when connections break.
Most firms attempt this with spreadsheets – static, incomplete, and structurally incapable of representing the dependencies regulators are asking about.
What Risk Explorer provides:
- Visual mapping of service-to-process-to-technology-to-infrastructure dependencies – see the full chain, not just adjacent connections
- Automatic SPOF identification – find vulnerabilities with no backup path, algorithmically rather than manually
- Cascade modelling – simulate what happens when a node fails and trace how far the impact propagates through dependencies
- Evidence packages for regulatory submissions and board reporting – export the analysis with full context
Key insight: Regulators are asking structural questions. Network analysis answers them directly. You cannot demonstrate operational resilience by listing dependencies in a spreadsheet – you demonstrate it by showing you understand how failures propagate through those dependencies.
3. Infrastructure Failure Cascades
Domain: Technology infrastructure
When infrastructure components fail, which services become unavailable? This isn’t threat modelling or attack simulation – it’s infrastructure resilience. Understanding which dependencies are critical and where single points of failure exist.
What Risk Explorer provides:
- Binary failure propagation – systems either operate or fail completely, modelling how failure cascades forward through dependencies
- Forward-only cascade analysis – trace from a failed component to everything downstream that depends on it
- SPOF identification in infrastructure layers – find the nodes whose failure would cascade most widely
- Clear answers: “If the Domain Controller fails, which services become unavailable?” “If AWS eu-west goes down, what breaks?”
Key insight: Infrastructure failures don’t stop at the first point of impact. They propagate through dependencies. Risk Explorer traces how far – revealing which components are genuinely critical because of what depends on them, not just because of what they do.
The Common Thread
Three domains:
- Chronic risks: Probabilistic, time-dependent policy effects that compound
- Operational resilience: Risk diffusion through service dependencies
- Infrastructure: Binary failure cascades through technology layers
Each requires a different propagation model. But all share the same structural question: how does this system behave as a system?
Risk Explorer adapts to the domain. The underlying network science is consistent; the analysis fits the context.
If you can describe what connects to what, the platform can model it.