We've Got Regulatory Fatigue
Many organizations are worn out by ever-changing laws and regulations
Thinking back to my college days and the grind to get through finals each term, I recall how I would typically get to a point where I'd think, "It doesn't matter what grade I get -- I just want this to be over." Of course, I did care about my grades. But I also occasionally experienced a genuine mental and physical fatigue. In the end, I would suck it up and push through the exhaustion each term, rest during the break, and repeat.
By successfully repeating enough of these cycles, I was awarded my degree. As much as I enjoyed school, I was honestly ready to move onto work and leave school behind when I graduated. I had academic fatigue. It was time to start the next phase of my life, beginning a career and learning new things in new ways.
More Security Insights
- 10 Steps to Cleaning up Active Directory
- The Active Directory Management and Security You've Always Dreamed of
- Innovations in Integration: Achieving Holistic Rapid Detection and Response
- COBOL in the Big Data Era: A Guide
As I work with our clients and talk with business peers about their clients, it has become clear that most organizations suffer from a similar kind of fatigue: regulatory fatigue. The ever-changing and constantly growing list of laws and regulations that may apply to an organization is not only a financial tax on the business. If not handled well, then it can be an emotional burden, too.
Think about it. What happens when we become mentally fatigued? Many things, including loss of focus, struggles to set appropriate priorities, and even apathy of what is required of us sets in.
I've had clients with regulatory fatigue tell me flat out, "I know compliance is important, but at some point I can't spend any more time and money on compliance. I've got a business to run, and if the business fails, it won't matter whether we are compliant."
As a business owner, I get what they are saying, but I also think they miss a bigger point. What concerns me most when I hear this type of comment are the two common mistakes I believe this attitude reflects. The first is the mistaken belief that compliance tasks by definition are overwhelming -- a single massive project that takes over a business. The second mistake is when a leader mentally shuts down any consideration of practical options. With only two mistakes, a business leader can create an extremely dangerous situation for the organization.
I often say you should never argue with people who know they are right. It is pointless and wastes everyone's time. Fatigued business or technical leaders who have made these two classic mistakes about compliance don't want to hear any more about it. They're more than simply tired -- they are also tired of hearing about it. Getting the point across about both the importance and benefits of smart compliance can be difficult at best in these circumstances, and sometimes even impossible.
Despite the difficulty in breaking through this regulatory fatigue, it is important to stress that compliance does not have to beat down your operations to the point of mental or financial exhaustion. The key to avoiding regulatory fatigue is using a methodical, practical approach. Integrate compliance into your routine operations, rather than treating it as a heavy add-on. Focus on a culture of security and compliance, not an oppression of your team with rules and complex tasks. Use compliance efforts to improve your business in every area, not only one or two.
Despite my occasional intellectual fatigue years ago in school, I've embraced a personal philosophy of deliberately learning something every day. We can break through, or altogether avoid, fatigue and be better business people and better organizations when we do.
Glenn S. Phillips, the president of Forte' Incorporated, works with business leaders who want to leverage technology and understand the often hidden risks within. He is the author of the book Nerd-to-English, and you can find him on Twitter at @NerdToEnglish.