Think back to the last time there was an emergency caused by an external threat in your organisation. It does not necessarily have to be a cyber attack, although these are becoming more and more frequent, but a threat that was unexpected and triggered by external circumstances.
If you work for an ‘ordinary’ organisation it’s likely that one of four things happened:
- the person who first became aware of the threat spent some time double checking that what was happening was really worthy of being escalated before alerting the people in charge and then sighed in relief as they handed it over.
- the threat was immediate and obvious to a number of people who then spend hours or perhaps even days having meetings and discussing how to get a handle on what was happening.
- the threat was ignored as being ‘none of my business – let someone else deal with it’
- a protocol was enacted where people applied predefined processes, checklists and decision making structures. People then spent time ensuring that all the procedures were followed and the boxes ticked rather than responding directly to the threat.
Of course there are many spaces in between these basic reactions, but all of them are predicated on one instinct – the need to be seen to be doing the right thing, avoid taking ‘inappropriate’ responsibility and not interrupting the smooth flow of the organisational hierarchy. The other thing they all have in common is that people regard themselves and others as cogs in the organisational machine who don’t really have the power, authority and most importantly support to act decisively and independently. Traditional organisations work on an inherent lack of trust – that people cannot and should not be allowed to make decisions in the moment in case they are wrong.
This type of thinking is absolutely normal and is, in fact, a throwback of our evolutionary heritage. As human beings we have been ‘wired’ to perceive negative patterns, and our brains automatically jump to the most negative conclusions as a form of survival. It goes without saying that this has served us well. But in a modern organisation this type of lowest common denominator thinking results in lack of trust, inauthenticity, lack of responsibility and ownership and ultimately poor leadership. This coupled with the other endemic paradigm as the organisation as a machine rather than living system ensures that reaction to threats is at best slow and at worst can leave the organisation in dire straights. Threats do not have to be of the instant cyber type, it equally applies to long-term ‘slow burn’ threats such as the evolution of online shopping and the huge negative impact that is having on traditional high street stores or the impact that artificial intelligence is already having on the lower skilled end of the jobs market. These threats have been plain for CEOs and governments to see, but there is an inherent inability to respond effectively. Why?
Perhaps it’s because people bury their heads in the sand (this won’t happen to us), or perhaps it’s because they feel they are already doing everything that’s needed (meeting, discussing, applying ‘protocols’) or perhaps it’s because in response to truly tough problems it is fundamentally easier to keep your head down and hope the issue will go away of its own accord. It may also be because the people charged with creating the vision and strategy for the organisation just don’t know what to do. Adhering to hierarchical thinking, they talk at their own level and perhaps call in expensive consultants who peddle outmoded and outdated ways of doing things, because they too don’t want to be seen upsetting the apple cart. The idea of calling on the skills and talents of the whole organisation, and organising people into self-organising teams to solve immediate and longer-term problems doesn’t seem feasible or desirable. After all, the C suite are paid large salaries to solve these kinds of problems aren’t they?
In the face of direct threat, such as a cyber attack, it becomes a matter of dealing with it then allocating blame as a way of avoiding any collective responsibility. Scapegoating is an activity as old as civilisation itself, and the damage it does to trust in an organisation can hollow it out from the inside compounding the damage done from outside.
But even though these are now well worn familiar reactions, there is another way. Resilience is built from being willing to see how things really are right now, (not how we’d like them to be), telling the truth about them and being willing to try a different way. There is a myriad of good news stories from organisations who have taken the plunge into taking resilience seriously and remaking themselves as fit-for-purpose in the twenty first century. We will be happy to share these with you. Just get in touch!