What is the 100-year flood problem?

It's the predictable mistake of treating a "rare" event as one that won't happen on your watch. A 100-year flood has a 1% chance every year, not a single occurrence per century—so over a long horizon it becomes likely, not remote. The 100-year flood problem is what happens when teams apply that same "it's rare, so ignore it" logic to outages, breaches, key-person risk, and other low-probability, high-impact events, and get blindsided when the math catches up.

Does a 100-year flood happen only once every 100 years?

No. The USGS defines a 100-year flood as one with a 1% chance of occurring in any given year—its annual exceedance probability. Two can happen in back-to-back years, as Houston's three "500-year" floods in three years showed. The "100-year" label describes a long-term average recurrence interval, not a guaranteed gap between events.

How do you calculate the chance of a rare event over several years?

Use the formula 1 − (1 − p)ⁿ, where p is the annual probability and n is the number of years. A 1% annual event over 30 years works out to 1 − (0.99)³⁰ ≈ 26%. A 10% annual event over 10 years is 1 − (0.90)¹⁰ ≈ 65%. The longer the horizon, the more a "rare" yearly chance compounds into a likely eventual one.

What is tail risk at work?

Tail risk refers to low-probability, high-impact events—the ones at the far "tail" of the distribution. At work that means major outages, data breaches, the sudden loss of a person who holds critical context, or a failed launch with outsized consequences. They're easy to ignore quarter to quarter because each is unlikely in any single year, which is exactly why they're systematically underfunded.

How should a team budget for low-probability, high-impact events?

Estimate the event's annual probability and its cost, then multiply them to get an expected annual cost. A 1%-a-year event that would cost $10 million carries roughly $100,000 of expected cost per year—a number you can compare directly against the price of preventing it. Budgeting on probability × cost turns a gut argument ("that's unlikely") into a decision you can defend and revisit.

The 100-Year Flood Problem: Rare Isn't Never

# The 100-Year Flood Problem: Rare Isn't Never

On June 1, NOAA released its 2026 Atlantic hurricane season outlook: below-normal. There's a "55% chance that activity during hurricane season will be below-normal," with just "eight to 14 named storms." If you run a team, that's the kind of forecast you file under good news and move on.

That instinct—relax, it's unlikely this year—is the whole problem. And it has a name buried in the most misunderstood phrase in risk: the 100-year flood.

This is a short data report on the 100-year flood problem: the simple math that turns "rare" events into near-certain ones over time, the reason your team systematically underprices them, and how to put an actual dollar number on a risk instead of waving it away. The punchline up front: rare isn't never, and the gap between those two words is where teams get drowned.

What hydrologists actually mean by a 100-year flood

Start with the term, because almost everyone reads it wrong. A 100-year flood is not a flood that happens once every hundred years. The U.S. Geological Survey defines it as a flood "of that magnitude" that "has a 1 percent chance of happening in any year." It's a probability, not a calendar.

The USGS is blunt about the confusion: "Hydrologists don't like to hear a term like '100-year flood' because, scientifically, it is a misinterpretation of terminology that leads to a misconception of what a 100-year flood really is." And the kicker—the part that should reframe how you think about your own rare events: "The '100-year flood' is an estimate of the long-term average recurrence interval, which... does not mean that we really have 100 years between each flood of greater or equal magnitude."

If you need proof that "rare" labels lie, look at Houston. According to the Washington Post, "the Houston area alone has seen no fewer than three such events in the past three years... Memorial Day floods in 2015 and 2016, followed by Hurricane Harvey's torrential rains." Three 500-year floods in three years. As the Post put it, "you can have multiple 500-year flood events happen essentially back-to-back."

Do the arithmetic the label invites you to do, and it sounds impossible. If a "500-year flood" really came once every five centuries, the odds of three landing in a row would be one in 500 × 500 × 500—about one in 125 million. The reason it happened anyway is that the label was never a countdown. It's a per-year probability that resets, unchanged, every single year.

The 100-year flood problem in numbers: why "rare" compounds

Here's the number that makes the 100-year flood problem real. The USGS, again: "during the span of a 30-year mortgage, a home in the 1-percent AEP (100-year) floodplain has a 26-percent chance of being flooded at least once during those 30 years."

Sit with that. A "once-a-century" event has better than a one-in-four chance of hitting you across a normal time horizon. That's not a paradox; it's just compounding. The math is one line. If an event has probability p in any given year, the chance of seeing it at least once over n years is 1 − (1 − p)ⁿ. Run it across return periods and the pattern jumps out:

A 1-in-10-year event (10% a year): about 65% likely over 10 years, and ~96% over 30. Nearly guaranteed.
A 1-in-20-year event (5% a year): about 40% over 10 years, ~79% over 30.
A 1-in-50-year event (2% a year): about 18% over 10 years, ~45% over 30.
A 1-in-100-year event (1% a year): about 10% over 10 years, ~26% over 30.

The shape of that list is the entire lesson. The rarer the label, the more the multi-year horizon hides—and over a long enough horizon, every named risk creeps toward certain.

Now stop thinking about floodplains and look at your team's risk register. The events you call "unlikely this year" carry annual probabilities far higher than 1%, which makes their horizon math brutal:

A serious outage you'd estimate at 20% a year is 67% likely within five years.
A key-person departure—the one engineer who holds all the context—at 15% a year is 56% likely within five years.
A security incident at 10% a year is 41% likely within five years.

None of those feels urgent in any given quarter. All of them are closer to coin-flips across the life of a startup. "Unlikely this year" and "unlikely this company's lifetime" are completely different sentences, and teams confuse them constantly.

The hidden cost of planning only for the likely case

Let's steelman the other side, hard, because the "don't gold-plate for edge cases" instinct is mostly correct. Most contingency planning is waste. Engineering elaborate defenses against events that never arrive burns budget, calendar, and morale, and "you aren't gonna need it" is one of the most reliable rules in software for a reason. The honest version of the objection comes from someone who ran disaster recovery at a financial institution and kept hearing it from the board: "This is a waste of resources, for something that will probably never happen in our lifetime, if ever." Give that its full due. Spending real money on phantom risks is a genuine failure mode.

Here's the hidden condition that makes "plan for the likely case" quietly wrong. It only holds if two things are true: you evaluate each event in isolation, one year at a time, and the rare case is cheap. The return-period table already demolished the first assumption—isolated years hide the compounding. The second assumption is where the money is.

The rare case is not cheap. IBM's 2025 Cost of a Data Breach Report found that "the average cost of a data breach for U.S. companies jumped 9% to an all-time high of $10.22 million," even as the global average fell to $4.44 million. Put that number into the frame. A 1%-a-year event that costs $10.22 million has an expected annual cost of roughly $102,000—every year, whether or not it fires. That's not a rounding error you can wave away; it's a salary, and it dwarfs the cost of most mitigations.

That's the reframe the 100-year flood problem demands. Stop asking "will it happen this year?"—a question whose honest answer ("probably not") always argues for inaction. Ask instead: what's the probability across our horizon, multiplied by the cost? Probability × cost is a number. You can compare it to the price of a fix and make an actual decision, instead of relitigating your gut feeling every planning cycle.

The counter-intuitive part: survivors feel safest

Floodplains have a cruel feature: the moment right after a flood feels like the safest moment to live there. Lightning doesn't strike twice. But the annual probability hasn't budged—which is exactly why Houston got three in three years. The calm is the danger.

Teams do the identical thing. Right after the outage, the breach, or the near-miss that scared everyone for a week, the underlying annual probability is unchanged—and that is precisely when the fix gets deprioritized. We just dealt with that. The crisis recedes, the postmortem action items rot, and the team walks back onto the floodplain feeling lucky instead of exposed. The rarer the event's reputation, the more dangerous that calm becomes. A near-miss is supposed to raise your estimate of the risk; complacency quietly lowers it.

This is the part a premortem mindset and layered defenses get half-right. Imagining failure and stacking safeguards both help you picture the rare event—but neither tells you how much to spend on it. The return-period number does. It converts a vague "that'd be bad" into an annual expected cost you can put in a budget line, defend to a skeptical board, and revisit when the inputs change. Without that number, every tail risk is just one more thing that loses the argument to whatever's on fire this week—until it becomes the thing on fire. (It's the slow-motion cousin of the flashover point, where a small problem you tolerated goes total in seconds.)

Why distributed teams underprice the tail

Remote and async teams are worse at this, and the reason is structural: across distance, the tail is invisible. In a colocated team, the almost-outage and the visibly overloaded person who holds all the context generate hallway anxiety—someone feels the risk and pushes to fix it. Spread that team across time zones and the near-miss happens silently in a Slack thread no one with budget authority reads. What survives the distance is the shipped artifact, not the close call. So the artifact gets celebrated and the warning gets lost.

Async also makes "we'll deal with it if it happens" the path of least resistance, because no one is ever in the room to force the awkward, unglamorous conversation about pricing a risk nobody wants to think about. The work that does get tracked is the visible output, not the invisible exposure—so distributed teams accumulate tail risk the way a floodplain accumulates rain: quietly, between the floods, until the gauge goes red.

The fix is to make the tail visible and shared—to give the near-misses, the risk estimates, and the explicit decisions to mitigate (or not) a single home, instead of scattering them across DMs where they evaporate. This is the gap a tool like Coommit is built to close: by keeping the conversation, a live shared canvas, and contextual AI in one place, a distributed team gets one surface where it can actually see its rare events, attach a probability and a cost to them, and remember them between floods—rather than rediscovering each one the hard way.

The bottom line

The 100-year flood problem isn't that disasters are common. It's that we file "rare" under "never," judge each year in isolation, and assume the rare case is cheap—and all three of those moves are wrong. Rare events compound across a horizon, the survivors of one feel the safest, and the bill, when it lands, looks like IBM's eight-figure average.

Remember one number: 26%. That's the chance a "100-year" event hits across a 30-year horizon. Your team's tail risks are rarer-sounding than they are, and far more certain than they feel. So stop asking whether the flood comes this year. Start pricing it across all the years you'll be standing here—and give your team one place to watch the water rise, before it's already at the door.