The Shock Doctrine of IT: Moving from Crisis to Capital Allocation
The aphorism “Never let a good crisis go to waste” is often cited in boardrooms as a call to action. In the context of IT strategy, however, this mindset frequently leads to a phenomenon I call “Disaster Architecture.”
The Shock Doctrine
A breach occurs, or a critical system fails. In the ensuing panic, standard due diligence is suspended. The checkbook opens, and governance processes—designed to ensure long-term viability—are bypassed in the name of speed.
Naomi Klein coined the term “The Shock Doctrine” to describe pushing through controversial changes while a population is disoriented. In the enterprise IT world, this results in a “Frankenstein” stack: a collection of expensive, poorly integrated tools purchased at a panic premium.
To move from reactive Crisis Management to strategic Capital Allocation, we must recognize the hidden costs of this “Shock Therapy.”
1. Governance Protects Future Optionality
When we bypass procurement and architecture reviews during a shock, we often lock the organization into multi-year commitments. These hasty decisions rarely fit the long-term architectural vision once the dust settles. Governance is not just red tape; it is the mechanism that preserves your future optionality.
2. The Shadow IT Consequence
A “Big Bang” migration driven by crisis often feels necessary, but it creates significant organizational trauma. Users, disoriented by sudden, unmanaged changes, will retreat to familiar, unmanaged tools just to keep working.
The result is a paradox: the security measure intended to lock down the environment actually drives users into Shadow IT.
3. The “Panic Premium” (Unit Economics)
Unit economics are hardest to control when your leverage is lowest. Negotiating a renewal or a new purchase during an active outage is rarely a win for the balance sheet. You are paying a “Panic Premium”—a tax on your lack of preparedness.
Conclusion: Inspecting the Roof
True resilience isn’t defined by how fast we fix the roof during the storm. It is defined by how well we inspected it while the sun was shining.
As leaders, we must ask a difficult question of our current security roadmap: How much of it was designed by architectural intent, and how much was dictated by the last crisis?