Most organisations we work with talk about the need for a strong reporting culture. It’s all there in the policies about what people should do when they see colleagues behaving badly or spot a security risk. But in practice, people just don’t do it. And it’s not that they don’t notice this stuff. Every time we go into an organisation after an insider event, people tell us, ‘Yeah, we all knew that something wasn’t right!’. ‘Did you?’ I want to shout (but don’t). ‘So, why the hell didn’t you say anything?’
The bystander effect
So, what’s going on? Psychologists have known for a long time about the ‘bystander effect’. This is when people fail to take action in a situation where their intervention could stop or prevent something bad from happening. Research has shown that people are generally less likely to intervene to prevent when they know others are present or are aware of the problem. Bystander effects are the reason that people don’t intervene to prevent crimes in public places and don’t speak up when someone uses racist or sexist language.
Bystander theory describes four phases that an individual must go through to move from inaction to action. These phases are:
- Noticing the event
- Recognising the event is a problem
- Feeling responsibility for dealing with the event
- Possessing the ability to act.
So why don’t people take action?
The answer to this is complex, and it depends in part on whether the incident requires action in the moment (such as a challenge or physical intervention) or follow-up action (such as reporting an incident).
Noticing the event and recognising it is a problem:
This is easy when it’s a mugging but can be a bit more ambiguous when we are talking about poor security, personal misconduct or just a colleague who is in some kind of personal difficulty. People often look around and conclude that no one else is doing anything, so it can’t really be a problem. In some organisations, poor behaviours have become so normalised that no-one thinks what they are seeing is sufficiently serious to require action. So it is really important for organisations to communicate clearly and firmly to employees what is and is not acceptable workplace behaviour.
People usually know they ought to do something in these situations. But bystander theory suggests that when others are present, responsibility for intervening become diluted, so people feel less pressure to act. People may assume that someone else has reported the security issue or just feel it’s not really down to them.
Empathy for someone involved in an incident is known to help to foster a sense of responsibility. In the case of harassment or bullying, this might be concern for the victim, but victims of security breaches are not always so obvious. This is why it is vital – counter-intuitive as it may seem – that organisations encourage employees to empathise with perpetrators as well as victims. This means organisations educating people about the link between poor wellbeing and insider acts. It involves driving home the message that by reporting colleagues who are behaving badly or erratically – colleagues who may go on to become insiders – people are helping the organisation and the individual concerned.
The ability to act:
At a basic level, this is about people knowing how to report incidents and getting support when they do. But it is also about having the confidence to act. Bystander research tells us that people are afraid to challenge poor behaviour for fear of retaliation, looking stupid in public or – particularly in Britain – being seen to make a fuss! And, when it comes to reporting incidents after the event, people are terrified of being labelled a snitch.
The snitch taboo
Snitching is universally viewed as an act of betrayal of one’s social group. People have a deep-seated psychological aversion to snitching, one that is very hard to overcome. The solution to this problem is for organisations to actively reframe the act of reporting as one of social responsibility and care for one’s colleagues. This is easier said than done and requires a sustained communications effort on the part of the organisation.
Many years ago, I had to report a colleague. It took a long time to decide to send the email, and I felt deeply uncomfortable about it. I don’t know if anything happened as a result because I received no reply. It didn’t make me want to do it again. If organisations want people to report concerns, they need to acknowledge and support those who do so and offer reassurance that any follow-up will be fair, proportionate and compassionate.
The ’inaction hump’
So, what can be done to get people over the hump of inaction?
The importance of words: ‘I’m no-bystandering you!’
To deal with something, it helps to give it a name. You may have come across the ‘no bystander’ campaign a few years back, which encouraged people to speak up and challenge offensive remarks about LGBT people. It gave rise to the concept of ‘no-bystandering’ someone. This comically cumbersome phrase slowly gained currency, and people started to use it in other contexts to challenge poor behaviour. The ‘no bystander’ movement was very successful in giving people the confidence and, critically, the words to speak up when they saw something wrong. The recent ‘Maaate’ campaign to combat male violence against women has attracted a certain amount of ridicule, but by creating a memorable phrase, it is trying to do something similar. If you accuse someone directly of being racist or sexist, they will push right back at you. If you gently ‘no-bystander’ them, they may just stop and reflect on their behaviour.
You can use this technique to tackle poor security behaviour as well as misconduct. You can choose whatever words or phrases you think will work best in your organisation. The key is choosing something everyone can recognise, which sounds light-hearted but gets the offender to stop and think about their actions. It is never easy challenging people in public. But it is also not easy knowing that you are the person who could have stood up and done something to prevent a disaster from happening – but decided in the moment not to.
About the author
Dr Susanna Berry is the behavioural science lead for the insider risk consultancy in Blacksmiths Group. She previously spent a thirty year career in a range of foreign policy- and national security-related roles in UK government.