The New Skill Companies Actually Need: Systems Thinking

Recommendations

• Require business cases to identify at least three downstream impacts before approving major initiatives.
• Evaluate major initiatives against enterprise outcomes, not departmental KPIs alone. A decision should be considered successful only if it strengthens the performance of the whole system, not just one part of it.
• When recurring behavior issues emerge, start by examining the incentives, constraints, and workflow realities driving the behavior. Understanding the system that produces the outcome is often more effective than adding another layer of controls.
• Evaluate AI initiatives as organizational changes rather than technology deployments.
• Test end-to-end business capabilities rather than validating individual technologies in isolation.

A few decades ago, most business problems could be assigned to a department.

If a technology issue emerged, IT took ownership. Financial challenges belonged to finance. Human resources managed workforce concerns. Security teams handled security. While collaboration certainly existed, organizations largely improved by becoming more specialized. The logic was straightforward: hire experts, divide responsibilities, and allow each function to optimize its part of the business.

That model worked remarkably well for a long time. Today’s challenges are different.

A cybersecurity decision can affect productivity. An artificial intelligence initiative can create governance concerns. A supply chain disruption can quickly become a customer experience issue. Decisions made in one part of the organization often produce consequences somewhere else, sometimes in ways that are difficult to predict.

Yet many organizations continue to approach these interconnected challenges through functional silos.

The result is a paradox. Organizations have never had more expertise, more data, or more specialized knowledge at their disposal. At the same time, many leaders find themselves confronting problems that seem resistant to improvement. Security investments create operational friction. Efficiency initiatives weaken resilience. AI deployments introduce accountability challenges that nobody anticipated.

The issue is rarely a lack of intelligence.

More often, it is a failure to understand how different parts of the organization interact.

This may explain why systems thinking is emerging as one of the most valuable business capabilities of the next decade. The World Economic Forum’s Future of Jobs Report 2025 identifies systems thinking among the skills expected to grow in importance as organizations navigate technological disruption, AI adoption, and increasing complexity.

Organizations have spent decades investing in expertise. The next competitive advantage may come from people who understand how expertise interacts.

Recommendation: Include at least one cross-functional stakeholder in every major strategic decision before final approval.

Why Specialization Is Creating New Problems

Specialization remains one of the great strengths of modern organizations. No executive would argue against having knowledgeable professionals responsible for cybersecurity, finance, legal compliance, operations, or technology.

The challenge emerges when those perspectives become isolated from one another.

Every function views the organization through a different lens. Security teams focus on risk reduction. Finance concentrates on efficiency and return on investment. Operations prioritizes reliability and execution. Human resources focuses on workforce outcomes. None of these perspectives are wrong. Problems arise when decisions are optimized within individual functions without fully understanding how they affect the broader organization.

Consider a common example. A cybersecurity team introduces stronger authentication controls to reduce risk. From a security perspective, the initiative succeeds. Compliance improves. Audit findings decline. Risk metrics move in the right direction.

However, employees begin experiencing delays accessing systems. Help desk tickets increase. Productivity suffers. Teams start looking for shortcuts.

The security control itself may be effective, yet the organization experiences unintended consequences elsewhere. The same dynamic appears far beyond cybersecurity.

Cost reduction initiatives improve short-term financial performance but leave organizations less resilient during disruption. Process optimization efforts increase efficiency while reducing flexibility. New compliance requirements reduce risk but slow innovation.

These outcomes are not usually the result of poor decision-making. Most decisions make perfect sense when viewed through the lens of a single department.

The problem is that organizations operate as systems, not collections of independent functions.

MIT Sloan research on systems leadership argues that leaders must move beyond linear thinking and understand how actions in one part of a system create ripple effects elsewhere. As organizations become more interconnected, those ripple effects become harder to ignore.

The challenge is no longer understanding individual functions. It is understanding the relationships between them.

Recommendation: Require business cases to identify at least three downstream impacts before approving major initiatives.

The Local Optimization Trap

One of the clearest signs of weak systems thinking is local optimization.

Organizations set out to improve performance in one area, only to discover later that they’ve weakened performance somewhere else. The problem isn’t usually bad intentions or poor execution. More often, it’s a failure to see how the pieces connect.

This pattern shows up across industries.

A security team tightens controls and celebrates stronger compliance metrics. On paper, risk appears to be decreasing. In practice, employees begin adopting unauthorized tools that help them get work done faster. The risk hasn’t disappeared—it has simply moved somewhere less visible.

Finance leaders reduce staffing costs and improve short-term efficiency targets. The numbers look good for a quarter or two. Then burnout starts to rise, customer experience suffers, and turnover increases. The original goal was achieved, but at a cost that wasn’t captured by the initial metric.

Operations teams streamline processes to maximize utilization. Under normal conditions, the organization becomes leaner and more efficient. But when disruptions occur, the same system often struggles to adapt because the flexibility that once absorbed shocks has been optimized away.

In every case, people are doing exactly what they were asked to do.

That’s what makes local optimization so difficult to spot. The issue isn’t execution. It’s perspective.

Research from McKinsey has consistently emphasized the importance of operating models that align functions around enterprise outcomes rather than isolated departmental objectives. When teams focus too narrowly on their own metrics, they can unintentionally create consequences that undermine performance elsewhere in the organization.

Systems thinkers approach these situations differently. Instead of asking whether an initiative improved a particular KPI, they ask a broader question:

What changed in the system as a result of this decision?

That shift in perspective often reveals effects that traditional performance measures miss. A metric may improve while overall performance declines. A process may become more efficient while the organization becomes less resilient. What appears to be success in one corner of the business can quietly create problems in another.

The broader impact is often more important than the original metric itself.

Recommendation: Evaluate major initiatives against enterprise outcomes, not departmental KPIs alone. A decision should be considered successful only if it strengthens the performance of the whole system, not just one part of it.

Case Study: The Security Policy That Increased Risk

A large organization rolled out a new security policy to reduce cyber risk.

The initiative was thoughtfully designed. Controls were strengthened, approval processes became more rigorous, and access requirements were tightened. From a governance perspective, the project appeared to be a success. The organization had addressed known vulnerabilities and implemented stronger safeguards.

Yet the results on the ground told a different story.

Employees began finding ways around the new requirements. Departments adopted unauthorized applications to keep projects moving. Teams created informal workarounds to avoid delays and maintain productivity. Compliance reports suggested the policy was working as intended, but day-to-day behavior revealed a growing disconnect between policy and practice.

At first, leadership viewed the problem as a training issue. If employees better understood the rules, compliance would improve.

A closer look suggested something else was happening. Employees weren’t acting irrationally. In many cases, they were responding logically to the environment around them.

The organization had increased security, but it had also introduced additional friction into everyday work. Employees were forced to choose between following cumbersome processes and accomplishing their objectives efficiently. Unsurprisingly, many found ways to do both, even if that meant operating outside approved channels.

The behavior was predictable because the incentives were predictable.

This dynamic mirrors a challenge we explored in our article, “Why Employees Circumvent Security Policies.” Most employees do not wake up looking for ways to create risk. More often, they are trying to do their jobs effectively within systems that make compliance difficult, time-consuming, or disconnected from operational realities.

The lesson extends well beyond cybersecurity.

Organizations often try to change behavior without examining the systems that produce it. When outcomes are undesirable, the instinct is frequently to add more controls, increase oversight, or require additional training. Those actions may address symptoms, but they do not always address the underlying causes.

Sometimes the more useful question is not, “Why aren’t people following the process?”

It’s, “What about the process that is driving people to work around it?”

That shift in perspective sits at the heart of systems thinking. Rather than focusing solely on individual actions, systems thinkers look at the conditions, incentives, and constraints that shape those actions in the first place.

Viewed through that lens, recurring behavior problems often become valuable signals. They point to friction, misaligned incentives, or design flaws that might otherwise remain hidden. What appears to be an employee problem can sometimes be a system problem in disguise.

Recommendation: When recurring behavior issues emerge, start by examining the incentives, constraints, and workflow realities driving the behavior. Understanding the system that produces the outcome is often more effective than adding another layer of controls.

Why AI Is Really a Systems Problem

Few technologies illustrate the importance of systems thinking more clearly than artificial intelligence.

Many organizations still approach AI as a technology initiative. They evaluate models, compare vendors, experiment with automation, and focus on implementation. Those activities matter, but they represent only part of the challenge.

The more difficult questions often emerge after the technology is deployed.

Who remains accountable when decisions are partially automated? How should organizations manage oversight when recommendations are generated by AI? What happens when efficiency gains in one area create risk in another? How should governance structures evolve when humans and machines are working together within the same decision-making process?

These questions rarely belong to a single department.

Technology teams may implement the solution, but the consequences often extend into legal, compliance, cybersecurity, operations, human resources, and executive leadership. This is one reason many AI initiatives encounter unexpected friction. The technology itself may function exactly as intended, while the surrounding organization struggles to adapt.

As we explored in our article on AI governance, the most important AI questions are often not technical. They involve accountability, ownership, decision rights, oversight, and risk management.

Research from the World Economic Forum’s Global Cybersecurity Outlook 2025 highlights growing concern around AI-related risks, including governance challenges, data security concerns, and expanding attack surfaces. These risks emerge not because AI exists, but because AI changes how organizations operate.

This is where systems thinking becomes valuable. Rather than asking whether the technology works, leaders must ask how the technology changes incentives, workflows, responsibilities, and organizational behavior.

The distinction is subtle but important.

Organizations that focus solely on technology often find themselves reacting to unintended consequences. Organizations that think systemically are more likely to anticipate them.

Recommendation: Evaluate AI initiatives as organizational changes rather than technology deployments.

Case Study: The CrowdStrike Lesson Was About More Than Technology

The CrowdStrike outage of 2024 provides another useful example.

Much of the initial discussion focused on the technical cause of the incident. That focus was understandable. A software update triggered widespread disruptions affecting organizations around the world.

Yet the most important lessons emerged during recovery.

Many organizations discovered that restoring operations involved far more than fixing a technical issue. Recovery required coordination between infrastructure teams, application owners, business units, vendors, support organizations, and leadership teams. Technology was only one component of the problem.

The incident exposed how dependent modern organizations have become on interconnected systems.

A disruption in one area quickly affected customer service, employee productivity, operational workflows, communications, and business continuity. The challenge was not simply restoring a piece of software. It was restoring an entire ecosystem of interconnected activities.

This observation aligns closely with a point we made in our article on disaster recovery. Organizations often spend considerable effort creating recovery plans and documenting procedures, yet many discover during an actual disruption that resilience depends on relationships, coordination, communication, and decision-making just as much as technology.

“Resilience depends on relationships, coordination, communication, and decision-making just as much as it depends on technology.”

The World Economic Forum’s cybersecurity research repeatedly highlights the growing complexity of digital ecosystems and supply chain dependencies. As organizations become more interconnected, disruptions are less likely to remain isolated.

Systems thinkers understand this intuitively. They recognize that failures often propagate through networks of dependencies rather than remaining confined to their original source.

That perspective changes how organizations prepare for disruption.

Instead of asking whether individual systems can recover, they ask whether critical business capabilities can continue functioning when parts of the system fail.

Recommendation: Test end-to-end business capabilities rather than validating individual technologies in isolation.

Systems Thinking Changes Leadership

Traditional management often assumes that every problem has a clear cause and a clear owner.

A challenge appears, responsibility is assigned, corrective action is taken, and improvement is expected to follow. Sometimes that works.

But many organizational problems are more complicated than that.

Take employee turnover. Pay may be part of the issue, but so are workload, management quality, career growth, organizational culture, communication, and even conditions in the job market. When organizations focus on only one of those factors, they often find that turnover remains stubbornly high. That’s because turnover isn’t caused by a single thing. It’s the result of many factors interacting with one another.

The same is true in cybersecurity.

Security incidents rarely happen because of one technical failure. More often, they emerge from a combination of technology decisions, business processes, governance, competing priorities, third-party relationships, and human behavior. Fixing one issue may help, but it doesn’t always address the conditions that allowed the problem to occur in the first place.

This is where systems thinking offers a different perspective.

Instead of searching for a single root cause, systems thinkers look at how different parts of the organization influence one another. They focus on relationships, dependencies, and patterns. Their goal is to understand how outcomes emerge from the system as a whole rather than from one isolated decision.

That mindset is becoming increasingly important for leaders.

As organizations grow more interconnected, managers are spending less time overseeing individual tasks and more time coordinating across teams, functions, and disciplines. This is a theme we explored in our article, “Middle Management Will Change More Than Most Executives Expect.” Success increasingly depends on understanding how different parts of the organization work together.

In many ways, leadership is becoming less about managing functions and more about managing systems.

For organizations built around specialization, that can be a difficult transition. But it also creates opportunities for leaders who can connect dots across departments, spot unintended consequences, and recognize patterns that others overlook.

The organizations that do this well are often better equipped to solve complex problems, adapt to change, and make smarter decisions.

Recommendation: Before assigning a single root cause to a recurring problem, take time to map the broader set of factors contributing to it. Complex challenges are often the result of several interconnected causes, not just one.

The Organizations That Will Have the Advantage

Artificial intelligence can automate tasks. Analytics platforms can generate insights. Specialists can solve highly technical problems. Yet none of those capabilities eliminate the need for human judgment.

In fact, they may increase it.

As organizations gain access to more information, more automation, and more specialized expertise, the challenge shifts from generating answers to understanding how those answers fit together. Leaders must still make trade-offs. They must still balance competing objectives. They must still navigate situations where decisions in one area affect outcomes somewhere else.

This is one reason systems thinking appears so prominently in future workforce research.

The World Economic Forum’s Future of Jobs Report 2025 identifies systems thinking among the skills expected to become more valuable as organizations navigate complexity and technological change. The report suggests that success will depend not only on technical expertise but also on the ability to understand relationships, context, and interdependencies.

That observation resonates with what many organizations are already experiencing.

The hardest problems are rarely technical. They are organizational.

They involve balancing security with usability, efficiency with resilience, innovation with governance, and short-term objectives with long-term sustainability. Those challenges cannot be solved through expertise alone because they exist between functions rather than within them.

Organizations that cultivate systems thinking are often better positioned to manage those tensions because they can see the broader picture before making decisions.

Recommendation: Incorporate systems thinking into leadership development programs alongside technical and functional training.

Conclusion: The Future Belongs to Connectors

Organizations have spent decades investing in expertise.

That investment was necessary and valuable. Modern organizations depend on specialists who understand cybersecurity, finance, technology, legal requirements, operations, and countless other disciplines.

The next challenge is ensuring that expertise works together effectively.

Many of today’s most important business problems do not fit neatly inside departmental boundaries. Cybersecurity affects productivity. AI affects governance. Operational decisions influence resilience. Workforce challenges affect performance. Actions taken in one area often produce consequences somewhere else.

The organizations that thrive over the next decade may not be the ones with the smartest cybersecurity teams, the most advanced AI capabilities, or the largest budgets.

They may be the organizations that are best at connecting those capabilities.

As we have explored across SpirZon’s articles on cybersecurity governance, disaster recovery, AI governance, and organizational effectiveness, many modern challenges share a common characteristic: they emerge from interactions between people, processes, technologies, and decisions.

That is precisely what systems thinking helps organizations understand.

The future may not belong to the organization with the most expertise.

It may belong to the organization that understands how expertise interacts.