The HMHS Britannic was designed to be safer than the Titanic, but it sank faster. A minor rule violation—leaving portholes open for ventilation against standing orders—allowed water to bypass the watertight compartments after a mine strike, causing a cascading failure that doomed the ship.
Related Insights
Catastrophic outcomes often result from incentive structures that force people to optimize for the wrong metric. Boeing's singular focus on beating Airbus to market created a cascade of shortcuts and secrecy that made failure almost inevitable, regardless of individual intentions.
Under pressure, organizations tend to shut down external feedback loops for self-protection. This creates a "self-referencing" system that can't adapt. Effective leadership maintains permeable boundaries, allowing feedback to flow in and out for recalibration, which enables smarter, systems-aware decisions.
Exceptional people in flawed systems will produce subpar results. Before focusing on individual performance, leaders must ensure the underlying systems are reliable and resilient. As shown by the Southwest Airlines software meltdown, blaming employees for systemic failures masks the root cause and prevents meaningful improvement.
Many on the Titanic delayed evacuating because its nearly identical sister ship, the Olympic, had survived a similar hull puncture months earlier. This past success created a false sense of security and normalcy bias, leading people to underestimate the immediate danger.
The ultimate failure point for a complex system is not the loss of its functional power but the loss of its ability to be understood by insiders and outsiders. This erosion of interpretability happens quietly and long before the more obvious, catastrophic collapse.
While the Britannic was sinking, survivor Violet Jessup risked returning for a toothbrush. This seemingly irrational act, prompted by a minor regret from her Titanic survival, provided a small point of control and normalcy amidst extreme chaos, demonstrating a powerful human coping mechanism.
Similar to technical debt, "narrative debt" accrues when teams celebrate speed and output while neglecting shared understanding. This gap registers as momentum, not risk, making the system fragile while metrics still look healthy.
In environments with highly interconnected and fragile systems, simple prioritization frameworks like RICE are inadequate. A feature's priority must be assessed by its ripple effect across the entire value chain, where a seemingly minor internal fix can be the highest leverage point for the end user.
To inject responsibility into a speed-obsessed culture, frame the conversation around specific risks. Create documented assumptions about what might break and, crucially, identify who bears the impact if things go wrong. This forces a deliberate consideration of consequences.
The current approach to AI safety involves identifying and patching specific failure modes (e.g., hallucinations, deception) as they emerge. This "leak by leak" approach fails to address the fundamental system dynamics, allowing overall pressure and risk to build continuously, leading to increasingly severe and sophisticated failures.
