In an organisation, it’s never ‘one guy’s fault’.
A couple of weeks back, Experian’s (now ex-) CEO told the House Energy and Commerce Committee that Experian’s catastrophic data breach had been down to the human error of one individual.
But in an organisation, there’s no such thing as ‘one guy’s fault’. For a start, someone hired the guy, and someone manages them. Someone is responsible for the processes the guy carries out. Nobody, however junior or senior, should be without oversight, and if they are, there’s also a problem with whoever’s responsible for corporate governance.
Granted, IT is extremely complex, and very difficult. But that’s why we have evolved multi-layered systems to minimize the risk of error. (I will look at how we do that in software development in a future post.) ‘One guy’s fault’ suggests those systems weren’t in place.
‘One guy’s fault’ leads to a culture of blame, and a tendency to cover up.
Worst of all, ‘one guy’s fault’ suggests that the real lessons may not have been learned.
‘Equifax Breach Caused by Lone Employee’s Error, Former C.E.O. Says’ – New York Times
(‘Guy’ is gender-neutral, isn’t it? ‘Guys’ definitely is.)