Putting out digital fires

Ask UK IT leaders how resilient their organisation is, and most will tell you they can handle anything thrown at them and are brimming with confidence. But scratch beneath the surface and a different story emerges: every month, armies of highly skilled IT workers are spending weeks putting out metaphorical digital fires. If resilience really means bouncing back quickly, why are so many of our best-equipped teams still stuck in the firefighting phase? And what impact does that have on the wider business?

 

 

The overconfidence gap
Operational resilience is an organisation’s ability to anticipate, adapt, and prepare for the inevitable, without business disruptions such as service outages, issues, and cyberattacks. But the best operational resilience doesn’t rely on the confidence to put the fires out; it focuses on prevention, early detection, and rapid recovery.

 

The most recent research in the SolarWinds IT Trends Report examines industry attitudes towards operational resilience globally and puts hard evidence behind a clear contradiction. More than half of UK respondents (52%) describe their organisation as ‘very resilient’.

 

However, while those in charge of IT are clearly confident, the data shows these same teams (64% overall) are expending 11% – 30% of budget resources to put out fires, rather than protecting against them. For some IT professionals, as much as 90% or more of their time is spent on problem resolution, not prevention.

 

It’s a striking mismatch. Despite the claims of resilience, many are still spending a great deal of time and resources fighting the same fires repeatedly, with no end in sight.

 

 

Real-time consequences can fan the flames
Outages and disruptions can hit businesses hard, but continuous firefighting consumes the resources organisations need to build resilience. Every hour the IT team spends chasing down an outage is an hour not spent strengthening defences, modernising systems, or upskilling teams. Some teams spend so long in reactive mode that prevention becomes a luxury.

 

The costs aren’t confined to the IT department because service outages ripple outward. Seventy-one percent of IT leaders surveyed claimed customer experience takes the hardest hit. A page loading half a second too slowly can send users fleeing. A brand that can’t keep its systems running risks lost sales, lasting reputational damage, and costs rippling across departments until it’s resolved.

 

 

Why resilience isn’t a tool problem
When it comes to enhancing resilience, the most common reflex from IT leaders is to buy more technology. And when you are locked into the chaos of firefighting, it can feel reassuring to throw money at the latest platform or monitoring tool to ‘fix’ whatever problem has reared its ugly head. However, the result of this strategy is often not what is intended.

 

A 2025 IBM global survey claimed organisations now use about 83 different security solutions from 29 vendors. This can be cumbersome for businesses of all sizes, where around 5% of overall revenue is pushed back into maintaining the sprawl, according to the same IBM report. The key question for business and IT decision makers is: do these tools meet the team’s needs?

 

 

Measuring what matters
How do you know if you have the right tools? Start measuring what matters. If your business can’t measure its resilience, it can’t improve it. Tool sprawl can compound the issue, and your business might unknowingly create blind spots preventing strategic changes that could improve your resilience.

 

One of the clearest markers is mean time to detect, respond, and resolve an issue (MTTx). Put simply: how long it takes an IT team to spot a problem and fix it. Of IT teams that use MTTx, many consistently find that detection – spotting the problem in the first place – is more than twice as difficult as resolving it. If your first signal of a problem is a customer complaint, it’s already too late.

Metrics like these are not only operational hygiene. Metrics and tracking can expose the weak points within your organisation. Data can tell businesses whether the problem is a lack of tools, poor processes, or team silos. Without metrics, the organisation is flying blind.

 

For the organisations that master accurate measurement, resilience can become a competitive advantage. Customers trust organisations they know will look after them and their data, even when systems falter. These organisations attract and retain staff who prefer solving problems to endlessly patching them. And they can find themselves better positioned to adapt in a world where change is the only constant.

 

 

Closing the gap: how IT teams are fighting back

Despite these challenges, there are reasons to be optimistic. Most UK organisations dedicate a large share of their IT budgets to prevention, be it training staff, upgrading systems, or refining processes, including playbooks. Many are beginning to map how teams interact, exposing where hand-offs fail and where delays creep in.

These are the early signs of a shift from firefighting to fireproofing. Organisations are recognising that resilience isn’t about brute force or endless spending; it’s about making teams, processes, and tools work synchronously.

 

UK organisations don’t lack confidence. What they lack is the breathing room to match their optimism with reality. The prize for those who can cut down on firefighting is not only calmer days in the IT department but organisational stability.

 

If you are looking to strengthen your resilience, start with the following strategies:

• Simplify your business processes: Having a faster approval, a clear escalation, or one less unnecessary meeting can cut hours from a response.
• Stress test existing tools: Does your team have the right tools and, more importantly, do they know how to use them?
• Invest thoughtfully: After stress testing, reassess where the shortages are; is it people, tech, or processes?
• Finally, remember cybersecurity tools should serve business teams and processes, not the other way round. Consolidate, streamline, and invest in systems that give visibility across the tech stack.

Without visibility and accountability, operational resilience is simply an illusion.

 

---

 

Sean Sebring is Manager, Solutions Engineering at SolarWinds

 

Main image courtesy of iStockPhoto.com and Jacob Wackerhausen