I just wrote about how only a third of the London Insurance Market thought that they were prepared for a cyber-attack. It got me to thinking about corporate procrastination, its impact on organisations and some strategies for overcoming it and ensuring that critical projects get done as planned.

These thoughts were echoed in a recent article in The Royal Gazette that reported a warning from Brett Henshilwood, Deloitte’s Bermuda enterprise risk services director. He was summarising a report by the global consulting firm Deloitte suggesting that virtually all organisations will be attacked via the internet at some point.

What is corporate procrastination?

We all understand what personal procrastination is, but does it apply to a group of people, or a corporation? I believe it does. During the course of my career I’ve certainly seen organisations that knew that something needed to be done, but didn’t take the action required until the last minute or until an external source (an auditor for example) made the observation.

I believe that this is exactly what is happening with the London Insurance Market, for example, and its approach to Cybersecurity readiness. Rest assured, London isn’t alone in its complacency, and may actually be better prepared than some other locations. The organisations in question know that they need to do it, but there are lots of other interesting and distracting projects that also have to be done, and because the hackers are not seen to be beating the doors down right at this moment, it is all too easy for it to become a tomorrow project.

When those doors are beaten down, however, we can expect to see a large number of cyber horses bolting out of the stable carrying vast amounts of sensitive and potentially costly data on their backs.

“Instant gratification takes too long.” — Star Wars actress Carrie Fisher

People are very good at dealing with tasks that provide instant gratification, but are less good at dealing with acts that require action today for future gratification. Could this be why we deal with scientific observations like global warming and its predicted effects in such a bad way? If we took action today and the results (good or bad) were seen tomorrow would we be better able to act?

One of the favourite authors from my youth, Douglas Adams, was a famous procrastinator, with one of his favourite sayings being “I love the whoosh that missed deadlines make as they pass over my head.”

What is the impact of corporate procrastination?

There have been few studies into what I’m calling corporate procrastination. One 2012 report suggests that it costs more than $10,000 per year per employee. The impact is not as simple as that though when faced with risks and challenges such as cybersecurity, and protecting an organisation from hackers, (or those who want to do your company harm by using computers), whose motivation(s) may make little sense to the organisation. When that is the case, the risk assessment process is further complicated.

Overcoming corporate procrastination

Personal procrastination has attracted a lot of investigation and research over the last couple of hundreds of years, and in that time there have been many theories, and approaches, some of which I believe can be repurposed to help organisations face their own corporate procrastinations.

1. Set a strategy and create a roadmap

Having a plan, and a plan that includes dates and direction allows the organisation to measure its progress, and to have something that it holds itself to account against. It also allows the organisation to know when they’ve achieved the goals that have been set.

Strategic roadmaps should not be large or complex documents. They should be simple enough to achieve the aim of communicating their contents and the direction of travel to those who will implement the changes, and who might otherwise contribute to corporate procrastination.

2. Making the job smaller

One of the causes of corporate procrastination is the understanding that big programmes of work have a tendency to fail or to become more complicated.

Having or developing an approach and culture of breaking complex and lengthy programmes into more digestible chunks is an important way of addressing both change and corporate procrastination by demonstrating success in bite size chunks and on a more frequent basis.

Sometimes all that is needed to break the procrastinator’s spell is to get started, establishing the first part of a project as something that can deliver value quickly; this might be as simple as establishing or confirming the current state of what is being changed. In the case of cybersecurity, this might take the form of a cybersecurity readiness assessment.

3. Develop a sense of corporate urgency

A well-developed sense of urgency doesn’t mean that people have to be rushing between meetings. A sense of urgency means that your organisation finds opportunities to do things that might be planned for tomorrow, today; they don’t let hurdles get in the way or delay the project unless there is absolutely no other choice.

4. Monitor and improve

The signs of corporate adjournment can take many different forms: monitoring and reporting on these delays will help your organisation to mitigate them and remain active on the delivery of its projects.

Some of the typical indicators that you should be able to monitor, include:

• Projects not starting when or as planned

• Projects not making the progress that they should

• Projects costing more or taking longer than they should

• Your competition starting and finishing similar projects more quickly

• Feedback from within the company

Always be aware of the opportunities for improvement — they can come in many different forms, and often provide a way to for an organisation to further protect itself from the dreaded sight of that horse bolting for open land while knowing that were actions you could have taken to prevent it.

You can read my article about how only a third of London Insurance Market thought that they were prepared for a cyber-attack, at www.fifthstep.com/fifth-sense.

Darren Wray is the chief executive officer of Fifth Step and has more than 25 years of IT and management experience within the Financial Services and other sectors. Fifth Step operates globally from its offices in Bermuda, London and New York, providing IT leadership, change management, governance services to executives and senior managers within insurance, investment, legal and banking organisations of all sizes.