Wavell Room
Image default
Short Read

Risky Business

“We should use our imagination more than our memory.”

Shimon Peres

The primary duty of Defence is to fight and win wars. So why does it often feel our organisation is run by its compliance departments? Regulators and policy writers don’t win wars. Battlefield entrepreneurs hungry for victory do.

This article contends the language of risk mitigation has been used to license remarkably risky long-term behaviour. Service people worry about litigation or bad press. They should be concerned that they have not done enough to win. War is a risky business. We must start treating it with the seriousness it deserves.

We over-protect ourselves when we train. What we need is the freedom to push boundaries and build resilience. We do this whilst under-protecting ourselves for operations. Our systems deprive our people of the ability to prepare adequately. Instead of resilience, we build fragility.

Ultimately, do we want our commanders and service people to be aggressive disruptors or domesticated compliance monkeys? We cannot bubble-wrap our way to victory. If fighting and winning wars is our primary duty, our actions must match our words.

The risk problem

We appear as an organisation to be motivated by fear of scandal and litigation more than mission success. Our ‘safety first’ approach is supported by risk and safety-focused policies and enforced by a large and complex bureaucracy. Consider the following common in the British Army:

  • Why is it that in the average unit, we have 14-20 audits a year focusing on compliance, whilst we only have one audit every two years focusing on how well we fight and win wars?
  • Why do our mandated online ‘education’ courses focus almost exclusively on safety activity (read litigation avoidance) and not a single one on tactics or digital upskilling?
  • Why do we accept the farce of our drivers pretending to sleep during daylight hours on exercise to meet impractical drivers’ hours policy?
  • Why do we have an all-stop day focused exclusively on social behaviour rather than on operating more cohesively on the battlefield, sharing best practices, or learning about AI?

The stock answer is that warfighting is embedded in our DNA and doesn’t need emphasis. But that isn’t how organisations work. Our structures are set up to reward ‘safety first’ thinking, and our leadership regularly celebrate risk avoidance. It is little wonder that followers prioritise it. You are what you measure.

Risk management is not a bad thing. Most regulations are well-intentioned. Some are even well-designed. But organisations are not static, they change. Unfortunately, regulation rarely catches up. For those who manage risk, the easy, comfortable option is always to add another layer of safety.

We must re-emphasise that the goal of risk management is not to eliminate risk. It is not even to drive it to an acceptable level. Its purpose is to ensure that the organisation delivers its mission. The effectiveness of risk mitigation measures is essential, but its overriding purpose is mission success. Safety is important, but it cannot come at the expense of our primary duty – the defence of the realm.

Payoff and opportunity cost

Our first issue is asymmetry. Rarely are we faced with perfect solutions to difficult choices; most involve a trade-off. Corporations will often trade off compliance against innovation1. In the military, we often trade safety against capability. If you want more capability or more safety, you need to sacrifice one (or spend more). Trade-offs aren’t linear, so desired solutions are asymmetric – low cost, high payoff.

Giving a soldier 2kg of bodyarmour is an excellent upgrade in protection, but the opportunity cost is a drop in manoeuvrability. In this case, the cost is marginal so it’s a good idea. Adding another 2kg is not as good, but still worth it. If you go too far, you’ll make the problem worse. And this is where we are now, paying high costs with low payoff. Risk mitigation advocates see the marginal safety improvements, not the costs to capability.

Adding another layer of safety may give feel-good vibes, but risk mitigation is not risk-free. An example is restrictions on digging on training estates due to concerns about environmental damage or unexploded ordnance. This may seem appropriate at the micro level until you consider that most non-infantry troops in the Army have not practised entrenching during collective training. You only have to read reports from Ukraine to note how insane this is. Dare we mention mandated online courses?

If the regulatory system makes it unreasonably expensive to train, build, or buy in return for only a marginal reduction in risk, it isn’t worth it.

A problem transferred is a problem doubled

A second problem is risk transfer. Many of our risk mitigation policies don’t make us safer. What they do is transfer risk from the micro-individual level to collective risk at the macro level. ‘Safety first’ culture doesn’t make us safer; it merely increases the risk.

In the pharmaceutical industry, it is easier to quantify and justify potential lives saved due to the increasing regulation of medical research. Calculating the lives lost from medicines that were not invented due to excessive safety regulation is much more complicated.

Collective risk in a future war is more complicated than a training risk to an individual today, but it is no less real. We have developed a bad habit. Like junk food, we focus on what makes us feel good today, whilst the consequences are delayed and the costs shifted into the future. Keeping troops from digging in on the training estate may keep the worms happy, but it has ramifications for their ability to fight tomorrow.

The safety administrative complex

From junior leaders to staff officers, the problem is well known. The Chief of the Defence Staff speaks openly about getting over our risk aversion whilst the Chief of the General Staff has acknowledged the difficulty of grappling with process.

How is it that an organisation that routinely deploys carriers, attack helicopters, and special forces to conflict zones can’t overcome the pathologically risk-averse neurotics to issue a standardised car pass?

By evolutionary design, humans already have a loss aversion bias. Add that Western society places the individual’s emotional and physical safety above more traditional values such as sacrifice, courage or liberty, and the odds are already stacked against us. The last thing we need is another layer of risk avoidance.

Most organisations will think of themselves as hierarchies, but they are not. They are bureaucracies. The reason is to ensure standardisation of authority (policies) across the organisation and spread accountability (risk). In a hierarchy, a leader exerts authority through direction and is held accountable. In a bureaucracy, a manager exercises authority via policy and accountability is held by the policy, not the manager.

In this way, responsibility is dissipated. And good luck trying to hold anyone responsible for a poorly written policy. There’s no point going after the enforcer; they’re just following the rules. There is no point in going after the working group that authorised the policy,  they’ve moved on. When no one is responsible, it’s hard to care.

When managers want to do something in line with policy their authority is concentrated and responsibility is dissipated. When leaders want to act against policy, their authority is dissipated, but the responsibility is concentrated. We have a system where it is challenging to do anything counter to the current policy – one where it is not only difficult to do the right thing but dangerous to your career. Talk about incentives. It’s knitted together by a faceless bureaucracy, which no one agrees with but can’t do anything about.

Bureaucratic responsibility avoidance is now baked in. This phenomenon is known as ‘institutional capture’. We have created a self-perpetuating administrative complex that has hobbled our ability to wage war. The worst part is our adversaries or a Civil Service conspiracy didn’t force this on us. We have done this to ourselves.

US Navy Commander Michael Abrashoff2 says, “Stasis is death to any organization. Evolve or die: It’s the law of life. Rules that made sense when they were written may well be obsolete. Make them extinct, too”. Those who make rules and exercise them will always be advocates of the same policies, even if they no longer make sense. And when you try to take action change things that don’t make sense but can’t, you become disempowered. This is the kiss of death to talent. You become a tenant and stop being an owner.

Proceed until apprehended

Change is not free. Like opening a savings account, there is cost. A deposit of more personal risk now pays for less collective risk in the future. It will mean short-term suffering and loss. People are empowered to do valuable and productive things when you turn the dial of progress up. Disruptors are unleashed. Stuff happens. Technologies get developed and business is done. Innovation flourishes. But there are downsides. People get hurt and accidents happen. The distribution of gains is not fair. Disorientating change occurs. Vested interests suffer. Being honest about this is the first step.

We can’t just sweep the process away. The problem is our ability to grapple with the administrative complex, change it at pace and make it work for us. The only way to break this habit is to reprogram our minds. How do you change a system? It’s simple but far from easy.

Institutions, Incentives, Messaging

Institutions. Dismantle the safety administrative complex. Reassert the importance of the mission. We must have champions to remove layers of safety. Find the “minimum effective dose” of regulation required for the desired outcome and do that, no more. Reassess regularly. Minimum viable bureaucracy.

Incentives. If you reward conformity and compliance, that is what you’ll get. Find what people value. It may be money, but it’s mostly promotion, medals, or status. Give it to them in return for the things you want them to do, like fail fast and disrupt.

Messaging. Talk about the drive for warfighting excellence with fervour. Make it obvious it is what we care about most and that taking more risk to achieve it is the morally right thing to do. Have an appropriately empowered senior cohort explicitly state: “We are directing the Army to take more risk, and we accept the consequences. This will increase the chance of serious injuries in training and more failed projects in acquisition. We do this not because we are callous with money or lives but because we care. If we do not give our soldiers the most robust training and equipment we can because we fear litigation and bad press, we will never forgive ourselves should we go to war”.

The drums of war are getting louder. Ignore the neurotic squealing. It’s our people on the firing line who will be fighting the next war.

Ben Johnson

Ben Johnson is a Major in the British Army, currently serving as 2IC of an Attack Aviation Regiment. He has operational experience in Iraq and Afghanistan has served within a US Divisional staff and DSTL. He has specialised in Strategy with Harvard Business School, gained an MSc in Battlespace Technology and is pursuing another in Digital & Cyber systems. He is a fellow for the Institute of Innovation and Knowledge Exchange.


  1. Simons, Robert (2016) Harvard Business School
  2. It’s Your Ship: Management techniques from the Best Damn Ship in the Navy

Related posts

The psychology of artillery effectiveness

Dermot Rooney

Jacket and Tie…Or Female Equivalent

Alexander Shane

What’s in a Meme?

Tim Symonds