Organisational Behaviour

How security failures learned to sound reasonable

The most useful phrases in a modern security programme are the ones that cannot be argued with. “The platform gives us coverage.”, “We have visibility.”, “The tool supports MFA.” Each one is calm, professional, and technically defensible. Each one can also be doing something quietly different from what the room hears. How the grammar works Three small grammatical moves do most of the heavy lifting. The first is capability standing in for implementation: “The platform supports MFA”, “Defender has ransomware protection”, “Our firewall can do segmentation”. ...

May 3, 2026 · 5 min
A boardroom with no walls, floating in calm white space. Six figures in identical grey suits sit around a long polished table, each with a smooth mirrored orb where their head should be, nodding politely at a single document hovering above the table

How some ideas outlast their own evidence

Across many mature organisations, the same phrases seem to keep coming back, like “Aligned with best practice”, “The control is in place”, and “We followed the framework”. They survive failure. They survive scandal. They survive the people who used them last time. The question worth asking is perhaps not whether they are accurate, but why they are so robust. The usual explanations cover bureaucratic inertia, regulatory capture, and the well-documented limits of organisational learning. These are real, but they are not the most interesting part. The more interesting possibility is that these phrases are doing useful work. Just not the work they appear to be doing. ...

May 3, 2026 · 6 min