In preparing for the Agile Business Consortium‘s recent Professional Masterclass, I found myself pondering the key case study. Months prior, I’d committed to a bold session title: ‘Decode the Chaos: A Masterclass in Leading with the CIRCA–CLEAR Framework.’
The workshop promise was significant: to equip leaders with the insight to diagnose systemic challenges and shift from reactive firefighting to confident, values-based leadership. To deliver on this, I needed a case study that truly resonated.
I had originally shortlisted the July 2024 CrowdStrike outage or the VW software division, Cariad, collapse. However, just one week before the workshop, I decided to pivot. The breaking news of the JLR (Jaguar Land Rover) cyberattack offered a real-time, evolving crisis perfectly suited for CIRCA-CLEAR.
It was a risk changing materials so late, but given the calibre of the participants—which included Directors, VPs, and a CEO—I knew a ‘cold case’ wouldn’t suffice. These leaders deal with ambiguity daily. Thankfully, the pivot paid off. The group appreciated the opportunity to step away from historical post-mortems and instead apply the framework to a live, unfolding crisis, dissecting the chaos as it happened.
The BANI Gap: Describing the Chaos vs. Navigating It
The session and this post weren’t just about a single cyberattack; it builds on my previous writing regarding real-world events through the lens of BANI (Brittle, Anxious, Nonlinear, Incomprehensible).
In recent posts, I’ve argued that telling leaders to simply “be resilient” is no longer enough.
We see this in three distinct cases that expose what I call the “BANI Gap”:
- The JLR Cyberattack
- The CrowdStrike Outage
- The VW Cariad Collapse
Each of these qualifies as textbook BANI: brittle systems shattering, nonlinear cascades causing global paralysis, and incomprehensible complexity baffling even the experts.
But here lies the challenge: Describing conditions isn’t the same as navigating them. Knowing a system is “Nonlinear” doesn’t help a CEO decide on a Tuesday morning when the screens go black. That is where CIRCA–CLEAR comes in—it bridges the gap between identifying the chaos and actually leading through it.
Each of these vignettes shows why describing conditions isn’t the same as navigating them.
JLR: Brittle Systems, Belated Recognition
On 31 August 2025, attackers breached Jaguar Land Rover’s network. Within hours, global production stopped. Range Rovers sat frozen on assembly lines. The software used to track parts, sell vehicles, and service cars went dark.
The numbers are staggering. Production halted for over a month. Losses reached £50 million per week. Total estimated damage to the UK economy: £1.9-2.5 billion – the most damaging cyberattack in British history. [ADDED 7 November, the Bank of England said that the cyberattack was one reason for slower GDP growth, with weaker exports to the United States as the other.]
The BANI diagnosis is obvious: Brittle. Systems optimised for efficiency shattered under stress. A single intrusion cascaded through operations, supply chain, and 5,000+ dependent organisations. Some suppliers began layoffs within weeks. The UK government ultimately backed a £1.5 billion loan to prevent supply chain collapse.
What BANI doesn’t tell you: Apparently, the attackers had been probing JLR’s network for nearly a year. The breach didn’t exploit sophisticated zero-day vulnerabilities – it used social engineering, credential abuse, and weak network segmentation. Known tactics. Preventable patterns.
“Brittle → Resilient” is the standard BANI countermeasure. But which resilience? Network segmentation? Credential hygiene? Supply chain buffers? Detection capability? All of the above sounds comprehensive. It’s also operationally useless when you need to prioritise investment before the system breaks.
The diagnostic question BANI can’t answer: Was this primarily a detection problem (they were inside for weeks unnoticed), a segmentation problem (lateral movement wasn’t contained), or a dependency problem (single points of failure throughout the supply chain)?
Each diagnosis points to different interventions with different costs and timelines. “Be more resilient” doesn’t help you choose.
CrowdStrike: Nonlinear Doesn’t Mean Random
On 19 July 2024, CrowdStrike, an American cybersecurity technology company based in Texas, USA, pushed a routine update to its Falcon security software. A single malformed configuration file – one logic error in channel file 291 – crashed 8.5 million Windows systems worldwide.
Airlines grounded. Hospitals cancelled surgeries. Banks froze. Emergency services went offline. Fortune 500 companies lost an estimated $5.4 billion. Delta alone claimed $500 million in damages.
The BANI diagnosis: Nonlinear. A trivial cause produced catastrophic effects. The update was live for just 78 minutes before being reverted. By then, the damage was irreversible for systems that had already downloaded it.
What “embrace nonlinearity” actually requires:
BANI’s countermeasure for nonlinear conditions is typically “flexibility” or “adaptivity.” But CrowdStrike’s customers weren’t insufficiently flexible. They were insufficiently protected against concentration risk – the downstream consequence of depending on a single vendor whose automated updates could brick their infrastructure.
The organisations that recovered fastest weren’t more adaptive. They had:
- Phased rollout policies that prevented simultaneous global deployment
- Manual intervention capabilities that didn’t require the crashed systems
- Tested disaster recovery plans with alternate endpoint protection
These aren’t postures. They’re specific operational capabilities that either exist before the nonlinear event or don’t.
The diagnostic question: Is the nonlinearity coming from internal system coupling (your own architecture) or external dependency concentration (vendor risk)? The interventions differ. Internal coupling needs architectural redundancy. External dependency needs vendor diversification and rollback capability.
“Adapt to nonlinearity” doesn’t distinguish these. It names the weather without identifying which sail to trim.
VW Cariad: Contradictory Signals, Paralysed Execution
Volkswagen launched Cariad in 2020 to build unified software across all twelve group brands. By early 2025, the programme was over two years behind schedule. The Audi Q6 e-tron and Porsche Macan Electric launches were jeopardised. Engineering teams had ballooned across multiple continents, spawning 20 million lines of overlapping code.
The BANI diagnosis: Complex and Incomprehensible. Modern vehicle software involves emergent interactions nobody fully understands. The programme was attempting Level 3 autonomy, custom silicon abstraction, and a complete software stack simultaneously.
What the post-mortems actually reveal: The core problem wasn’t complexity – it was contradiction.
Audi wanted premium features. Porsche wanted performance differentiation. Volkswagen Passenger Cars wanted cost efficiency. Three brands, three sets of priorities, competing for the same engineering resources with no forced ranking.
“Component owners waited weeks for architectural approvals, freezing sprints and deepening technical debt.”
This isn’t incomprehensible complexity. It’s competing mandates creating impossible binds. Engineers knew what to build. They couldn’t get decisions because stakeholders were pulling in three directions.
The intervention mismatch: BANI suggests “transparency” and “sense-making” for incomprehensible conditions. But Cariad didn’t need better sense-making. Everyone could see the problem. What they needed was Clarity – a forced ranking of priorities that broke the deadlock.
Apply transparency to a Contradictory condition, and you illuminate the conflict without resolving it. Apply learning (the typical Complex response), and you’re running experiments when a decision is needed. The symptom – stalled execution – looks the same. The interventions are opposites.
The Pattern Across All Three
| Case | BANI Description | Actual Condition | Required Intervention |
| JLR | Brittle | Rapid (pace of attack exceeded detection/response capacity) + Insecure (supply chain dependencies hidden until crisis) | Leading indicators for intrusion; supply chain risk mapping |
| CrowdStrike | Nonlinear | Complex (system interactions exceeded understanding) + Rapid (78-minute window exceeded response capacity) | Phased deployment; vendor dependency limits |
| VW Cariad | Incomprehensible | Contradictory (competing brand priorities without resolution) | Forced priority ranking; single product ownership |
BANI names conditions accurately. What it can’t do is distinguish which condition is primary when symptoms overlap – or specify which intervention matches the diagnosed condition.
What Diagnostic Precision Changes
Before JLR: “We operate in brittle conditions. We should build resilience.”
With diagnosis: “ThroughFlow shows detection latency averaging 3 weeks. Pattern matches Rapid condition – pace exceeding capacity. First intervention: reduce detection-to-response cycle to under 48 hours. Signal it’s working: mean-time-to-detect improves. Then address supply chain visibility as secondary Insecure condition.”
Before CrowdStrike: “We face nonlinear risks. We should embrace adaptivity.”
With diagnosis: “Dependency analysis shows 73% of endpoint protection from single vendor with automatic updates. Pattern matches Complex condition – system interactions creating unpredictable coupling. First intervention: staged rollout policy with 24-hour canary window. Signal it’s working: zero same-day global deployments. Then address recovery capability.”
Before Cariad: “Software development is incomprehensible. We need transparency and sense-making.”
With diagnosis: “ThroughFlow declining while WIP climbs. Stakeholder interviews reveal competing priorities without forced ranking. Pattern matches Contradictory – not Complex. First intervention: 60-minute session with brand heads to force-rank top 5 priorities. Signal it’s working: architectural decisions made within days, not weeks.”
The Operational Bridge
BANI helps you name what you’re facing. Useful for shared vocabulary. Insufficient for action.
The gap is diagnosis: Which condition is actually causing the symptom? Which intervention matches that condition? How will you know if it’s working?
Three questions. Without answers to all three, you’re responding to descriptions rather than navigating conditions.
JLR didn’t need “resilience” in a generic sense. They needed a specific detection capability and supply chain visibility.
CrowdStrike’s customers didn’t need “adaptivity” generically. They needed deployment controls and recovery procedures.
VW Cariad didn’t need “sense-making” in a generic sense. They needed priority resolution and decision rights.
The difference between a weather report and a navigation system: A weather report tells you the storm is here. Navigation tells you which specific action addresses which specific condition – with signals that confirm you chose correctly before the intervention window closes.
This post follows on from July’s BANI Is Right. It’s Also Not Enough. As I continue to delve further into developing my new book, Thriving in Turbulence, due for release next month, I plan to publish more posts on this and related topics.
For more on bridging description to diagnosis, see Thriving in Turbulence or explore the CIRCA-CLEAR framework at circa-clear.com.
Leave a Reply