Why ITSM Heroics Are Hurting Your Organization

Cartoon child dressed as a superhero standing in a server room representing ITSM heroics culture

Summary

ITSM heroics – the pattern where organizations wait for something to break, then celebrate the person who fixes it – are more damaging than they look. The issue isn’t the individuals who step up; it’s that rewarding firefighting actively discourages the prevention, documentation, and process improvement work that would make those moments of crisis less frequent in the first place. Fear of irrelevance, resistance to change, and the simple fact that invisible successes are harder to measure than dramatic recoveries all keep the cycle going – and breaking it requires deliberate changes to how recognition, reporting, and leadership attention are directed.
Read with ChatGPTRead with ClaudeRead with Perplexity

From early childhood, people are taught about heroism and the glory that comes with it. Every civilisation has its own heroes that came in last minute to save the day: Hercules renowned for his strength and his twelve Labors (Greece), Gilgamesh fought the beast Humbaba(Mesopotamia), Rostam had immense strength and performed the seven feats (Persia), Rama defeated the demon king Ravana (India), Hou Yi saved the earth by shooting down nine suns (China), and Sigurd slew the dragon Fafnir (Norse). We then grow up, but deep down, we still look up to them and their heroics. But what does this have to do with IT service management (ITSM)?

Why Organizations Celebrate ITSM Heroics

From my observation and experiences across industries, IT organizations reward heroics. We are waiting for something to go wrong, then we stake all our hopes on the person who wears their cape or armor to come in and restore service. We then celebrate and salute that person, often forgetting why we needed “our hero” in the first place. The surprising bit is that even though we know we can potentially prevent those moments of heroism, we build up on them. Why does that happen?

In my experience, the following reasons contribute to organizations’ continued reliance on heroics rather than adopting a proactive approach.

ITSM Heroics Drivers: Fear of Becoming Irrelevant

Organically, departments invest in heroics because they make teams and people visible; subsequently, depending on circumstances, the team and/or the individuals immediately showcase their value (skill, knowledge, expertise). This is especially relevant when dealing with major incidents, escalations, or complaints. It can also be scenarios in which said person is parachuted in to help improve a relationship with a customer, stakeholder, or supplier.

This is where fear is lingering in the background; on one side, you have the team or the individual that contributed to the resolution of the issue, complaint, or the escalation thinking “Now that they have seen my value, I need to continually be visible in the same way, as I can become a steady, trustworthy and valuable asset to the business”.

Admittedly, this is a position I have found myself in the past, where I was the go-to person to resolve complex issues. Every person in this situation may experience it differently, but the trail of thought can be as follows: “If I am not visible, then my perceived value is diminished. If my perceived value is diminished, then questions may be raised about my contributions. If questions are raised about my contributions and the significance of my work, then my job security can be at risk. I’ll keep doing what I do best, I’ll put my head down and carry on being present in these firefighting moments.”

On the other hand, you may have an organization or a department that finds comfort in making excessive use of the superhero without a cape and doesn’t see the benefit in investing in making things better. Similarly, the trail of thought can look like this: “It’s good that we have the superhero in our team, they not only don’t complain, but they also altruistically fall into the fire to help put out the flames. This makes us look great in the eyes of senior leadership, so we should keep doing more of the same, as it is a success story. We cannot afford to take our eyes off responding to threats, even if we could stop them from happening. Fewer threats, escalations, and complaints mean less work. If we have less work, we will look less busy, and that on its own is a risk to attracting investment to the team. If my team is not growing and our headcount is reduced, I am afraid the team might become irrelevant or be absorbed by other departments. We have to keep the momentum going.”

I also think that sometimes being busy is a mask for fear of change and its unintended consequences. Heroics help create a constant state of emergency, which provides an excuse to not cultivate a proactive mindset, so if you find yourself constantly firefighting, you can claim you are too busy to do anything else.

ITSM Heroics Drivers: Resistance to Change

Humans are change-averse; so, when someone tells us we are doing something wrong, our survival instinct kicks in, and we do everything possible to preserve the status quo. Effectively, we are seeing external suggestions as a threat to our territory. We usually change when we are incentivized to do so, for example, if immediate growth or an opportunity to profit is evident. We also change when we deem it is appropriate through observation or when our current methods and approaches haven’t yielded the desired outcomes.

In environments where heroics are rewarded, organizational politics naturally protect the status quo. At the organizational level, the same principles apply, but manifest in different ways. Senior leaders may be more inclined to defend existing ways of working when they are accountable for them, particularly if external suggestions are perceived as questioning their approach. Similarly, functions that take a certain approach may be reluctant to appear as if they are conceding power in cross-functional engagements, which, in turn, means that change equates to ownership and authority rather than an attempt to improve business outcomes.

From my observation, this happens because change-averse organizations prefer the predictable stress of a crisis they know how to handle over the unpredictable risk of a new process, which makes heroics feel safe, even though the resources involved can feel burned out.

Another point I think is important to underline is the mental model that a proactive organization operates under. Whenever I’ve been in such environments, I’ve realized that being proactive doesn’t come with snapping your fingers. It requires an upfront cognitive load, which is being translated into strategy and planning. It means that you’ll need to challenge the status quo. Therefore, there is an energy investment in debating, and it may also require innovation, which is another type of investment: learning new skills. Heroics, on the other hand, only require physical effort, and a change-averse group’s first response is to choose working harder than shifting their operating model.

ITSM Heroics Drivers: Sense of Control

How we respond to challenges can give teams and departments a sense of control over what happens next, enabling them to shape the narrative of how they contribute to providing value.

I have walked in those shoes where innovative thinking and proactivity are not easily employed, as the narrative can become unpredictable. This is due to the volume of variables that can contribute to unknown outcomes, especially for something that has not been implemented or utilized before.

I used to prefer a tested and proven methodology to a different approach, particularly when I didn’t feel comfortable with experimentation and the risk of failure. It took me a while to realize that this is more of a mental barrier than a limitation on my capabilities. It is also that the fear of failure can be two-fold:

  • One is internalized, due to pride. I didn’t want my attempts to be perceived as failed, as that would diminish my perceived value.
  • The other one comes from an external source; if the environment is nurturing a blame culture, you will not easily attempt anything innovative.  

ITSM Heroics Drivers: The Transformation Challenge

Sometimes the heroics issue doesn’t lie in psychological factors; organizations that have always been on a reactive path find it much more challenging to embark on a transformational journey, as they may not have the tools, knowledge, or in-house expertise to transition to proactive thinking. Unlike organizations that continually rebrand or reinvent themselves as part of their operating model.

Culture is part of that too; by enabling psychological safety and servant leadership, people will feel more comfortable expressing their views and offering different perspectives, which can move the organization towards a transformative path. However, this is very unlikely to happen if people are afraid they will be shot down the moment they have a different angle from the one senior leaders do.

ITSM Heroics Drivers: Measurement and Returns

It is easier to measure the success of responding to an issue, escalation, or incident (even through heroics) than to quantify the return on proactive practices that have not been previously applied. That’s because the data is built into incident and issue resolution, whereas quantifying the value of a potential disaster that hasn’t happened is an invisible task whose success cannot be tracked in the same way as managing and resolving an escalation.

We Are Reactive, Now What?

To help move away from our reactive nature (and love of heroics), we need to make some conscious and intentional changes in our operational approach:

Move recognition away from heroes and re-align it to reward system improvements

  • Instead of celebrating the superhero that flew in or stayed till the morning to resolve the incident, include prevention and process improvements in performance reviews.
  • Publicly recognize teams that reduce recurring issues. This will help shift the mindset from responding to issues to preventing them. People will want to follow their example.
  • Automation, simplification, and documentation work should not go unnoticed; they add significantly more value, but they are not as appealing to sing about in the same way a last-minute save is. A good way to celebrate these is through storytelling, for example, talk about a continuous pattern with outages and how your infrastructure team eliminated a recurring deployment issue that had caused six outages this year. People love stories!

How will I know it’s working?

  • Noticeable decrease in recurring operational issues (and the need for heroics).
  • Less reliance on a small number of people.
  • Track time saved: “This automation removed 200 manual support tasks this month”.
  • Onboarding will be accelerated, as new starters will get involved in wider service areas, thanks to improved documentation, training paths and ownership models.  
  • Measure how cross-training and knowledge sharing are shifting the status away from “the indispensable expert” toward organizational resilience.

Make preventative work visible

  • Introduce prevention-focused metrics. Report time gained through automation, tickets prevented through root-cause fixes or self-service improvements, knowledge documentation reused, uptime and reliability metrics, and reduction in escalations. Bob Roark’s book “The Grove Method for ITSM Excellence” provides valuable insights on this topic.
  • Include resilience risk reduction and improvement updates in leadership reporting.
  • Make risk visible by identifying unsupported systems, undocumented processes, manual recovery activities, and fragile dependencies. Share these in monthly town hall updates, along with who owns them and what actions are being taken.

How will I know it’s working?

  • Prevention and resilience highlights are presented in operational and leadership stand-ups.
  • Increased measurable output from preventive work, such as proactive problem management, while leaving room for more innovation and reducing toil.
  • Visibility improves around technical debt and risks.
  • Reporting includes resilience and improvements, along with the benefits and support for business outcomes.

Remove single points of failure and dependency status

  • The first step is to identify weak areas across people, processes, and technology. Ask yourself: what breaks if this person is unavailable for more than three weeks? These include systems maintained by a single individual, systems and services with no resiliency, and approval bottlenecks. All of which might require ITSM heroics.
  • Reduce burnout and flight risk by investing in cross-training, which should both increase resiliency and support career development.
  • Enable independent execution by documenting and keeping relevant runbooks, escalation paths, recovery processes, architecture flows, and deployment steps.

How will I know it’s working?

  • More staff are enabled to support critical systems.
  • The frequency of escalations has reduced.
  • Reduced staff attrition for key resources, meaning burnout is no longer a decision-making factor.
  • Faster incident recovery across services.
  • Reduction of dependency on a single resource for the completion of a project or task.

Develop cultural acceptance of invisible success and innovation

  • Accept that “Nothing happens” represents meaningful success when it stems from proactive work.
  • Do not shy away from upfront investment when it comes to encouraging decisions that reduce future effort. Sometimes, calculated risks are required to improve services holistically.
  • Teams are also successful when they create stability for others. Less reactive work in one area might mean more development and growth in another.

How will I know it’s working?

  • The phrase “This is how we have always done it” becomes obsolete, as innovation and new ways of proactive work are encouraged.
  • Teams are moving away from a mind-numbing focus on completing tasks, including through heroics. They are beginning to think in terms of reducing future operational load.
  • Stability is not something to be looked at with suspicion, but rather an expected outcome of great work.

Reinforce proactive habits through leadership actions

  • Leadership attention shapes organizational priorities; by focusing on encouraging prevention, teams will naturally shift their mindset from reactive activities to what can be improved.
  • Legitimize and support investment in non-urgent improvements, even when no recent issues or escalations have occurred. In this way, you disassociate preventative work from operational pressure.
  • Establish and promote a culture of continual improvement. Through this method, you are signaling that improving stability and availability is part of the organization’s responsibility.

Heroics Prevention

Although I am a firm supporter of the Stoic philosophy that we only control how we respond to what happens to us, I strongly believe that prevention must be more visible, more rewarded, and more socially valuable than firefighting and heroics. I have always found benefit in this in life, but I also believe it extends to service management, as organizations can create better experiences and drive desired outcomes for both the business and service consumers.   

FAQs: Why ITSM Heroics Are Hurting Your Organization

What are ITSM heroics?

ITSM heroics occur when individuals or teams repeatedly step in to resolve major incidents, escalations, or service disruptions at the last minute. While these actions can restore service quickly, they often mask underlying process, knowledge, or operational issues that remain unaddressed.

Why do organizations celebrate heroics in ITSM?

Organizations often celebrate heroics because they provide visible evidence of expertise, commitment, and problem-solving under pressure. The successful resolution of a crisis is easier to recognize and measure than the prevention of an issue that never occurred.

What are the risks of relying on ITSM heroics?

A culture that rewards firefighting can lead to burnout, knowledge silos, operational inefficiencies, and increased dependency on a small number of individuals. Over time, this reduces organizational resilience and makes services more vulnerable to disruption.

How do ITSM heroics create single points of failure?

When critical knowledge or responsibilities are concentrated in a few individuals, organizations become dependent on those people to resolve issues. If they are unavailable, incidents may take longer to resolve, and service continuity can be affected.

Why do employees sometimes prefer firefighting over proactive improvement?

Firefighting can provide visibility, recognition, and a sense of job security. Employees may feel their value is demonstrated through crisis resolution, whereas preventive work is often less visible and receives less recognition.

How does organizational culture contribute to reactive behavior?

Organizations that reward crisis management more than continual improvement often reinforce reactive habits. Teams may become accustomed to responding to emergencies rather than investing time in root-cause analysis, automation, documentation, and prevention.

Why is change resistance linked to ITSM heroics?

Moving from a reactive to a proactive approach requires challenging existing practices, learning new skills, and investing time in improvement initiatives. Many organizations find the predictable nature of firefighting more comfortable than the uncertainty associated with change.

What role does leadership play in reducing reliance on ITSM heroics?

Leadership can encourage proactive behavior by rewarding process improvements, supporting continual improvement initiatives, investing in preventive work, and recognizing teams that reduce recurring issues rather than only celebrating incident responders.

How can organizations make preventive work more visible?

Organizations can introduce metrics to measure automation benefits, reduction in recurring issues, knowledge reuse, uptime improvements, root cause elimination, and resilience gains. Regular reporting on these achievements helps demonstrate the value of proactive efforts.

How can organizations reduce dependency on key individuals?

Organizations can improve resilience through cross-training, knowledge sharing, documentation, succession planning, runbooks, and clearly defined escalation procedures. This helps ensure critical knowledge is distributed across multiple team members.

What is the connection between proactive ITSM and employee wellbeing?

A proactive approach reduces constant firefighting, helping to lower stress and burnout. Teams can spend more time on innovation, improvement, and strategic initiatives rather than repeatedly responding to the same issues.

How do proactive ITSM practices improve business outcomes?

Proactive practices help prevent service disruptions, improve service reliability, reduce operational costs, accelerate onboarding, strengthen resilience, and create better experiences for both employees and customers.

What does “invisible success” mean in ITSM?

Invisible success refers to the value created when incidents, outages, and disruptions never occur because preventive measures were implemented effectively. Although less visible than heroic interventions, these outcomes often deliver greater long-term business value.

How can organizations shift from firefighting to continual improvement?

Organizations can start by rewarding prevention, making improvement work visible, identifying single points of failure, investing in documentation and automation, encouraging innovation, and embedding continual improvement into leadership priorities and performance measures.

Why is proactive ITSM more sustainable than heroics?

Proactive ITSM focuses on eliminating recurring issues rather than repeatedly resolving them. This approach builds organizational resilience, improves operational efficiency, reduces burnout, and enables teams to spend more time creating value instead of managing crises.

Alexandros Christias
Alexandros Christias
Service Delivery Manager

Alexandros is an ITSM professional whose experience spans across the Service Lifecycle: Service Design,  Service Operations and Service Delivery with a background in leading teams, designing and improving operational procedures, and managing services end-to-end. He focuses on why services succeed or fail beyond process, bringing practical insight into complex service environments, with an emphasis on clarity, ownership, and experience.

Want ITSM best practice and advice delivered directly to your inbox? Why not sign up for our newsletter? This way you won't miss any of the latest ITSM tips and tricks.

Sign Up Now!
nl subscribe strip imgage

More Topics to Explore

Beginner’s Guide to IT Support Ticketing Systems: How IT Tickets Really Work

ESM-Ready ITSM Tools – What You Need in an ITSM Tool

ITIL Version 5 Management Practices Explained: Complete List and Definitions

AI in ITSM Survey Correlations: Key Insights and Global Trends

The Genealogy of AI Slop: Generative AI Didn’t Invent It – It Learned It

ITSM Maturity: Why SMBs Struggle to Mature Their ITSM Practices and What to Do About It

Leave a Reply

Your email address will not be published. Required fields are marked *