When Silence Isn't Golden: The Hidden Cost of Bullying on Risk Reporting

In any organisation, the ability to identify and address risks to safety, security, and quality depends on one foundational principle: employees must feel empowered to speak up. At Vestas, I’ve seen how simplicity, collaboration, accountability, and passion foster an environment where employees are encouraged to raise concerns and take ownership of solutions. These values help create a culture where psychological safety thrives—a vital component for ensuring risks are identified and mitigated effectively.

When these principles are absent, however, the consequences can be devastating. History has repeatedly shown us the high cost of cultures that tolerate bullying, intimidation, or a lack of psychological safety.

Consider three landmark disasters that reshaped their industries: the BP Texas City Refinery Explosion (2005), the Deepwater Horizon Oil Spill (2010), and the Boeing 737 MAX crashes (2018–2019).

• The BP Texas City refinery explosion claimed 15 lives, injured over 170, and cost $2.5 billion in liabilities, settlements, and fines.
• The Deepwater Horizon Oil Spill, the largest marine oil spill in U.S. history, resulted in 11 fatalities, 17 injuries, and $26 billion in costs for liabilities, settlements, fines, and environmental remediation.
• The Boeing 737 MAX Crashes took 346 lives and cost Boeing $2.5 billion in penalties and settlements.

These disasters' human, financial, reputational, and environmental toll remains staggering. Moreover, each case shares a common thread: a culture of fear, suppression, and intimidation that silenced concerns and ultimately undermined critical protocols for quality, safety, and risk management.

These examples highlight the devastating consequences of toxic workplace cultures. By analysing their impact, we can uncover valuable lessons about the cost of silence and, more importantly, explore how to build cultures rooted in openness, collaboration, and accountability to prevent such failures in the future.

The Toxic Cycle versus a Proactive Risk-Reporting Cycle

To address the challenges of risk management in the workplace, we must examine how different environments shape risk reporting. Two distinct cycles emerge, one driven by toxic dynamics and the other by a culture that fosters open collaboration and accountability. Understanding these cycles is vital to breaking the toxic feedback loop and enabling proactive risk management.

?

1. Toxic behaviour emerges: Bullying behaviours such as intimidation, exclusion, or ridicule begin to surface, creating an atmosphere of fear and mistrust. ?
2. Psychological Safety Erodes: Employees feel unsafe to raise concerns due to fear of retaliation, ridicule, or judgment. Critical feedback diminishes, and risk reporting begins to decline.
3. Risks Go Unreported: Safety, security, and quality issues remain hidden because employees hesitate to speak up. Organisational vulnerabilities silently grow. ?
4. Incidents and Failures Occur: Unaddressed risks materialise into incidents—security breaches, safety accidents, or quality defects—causing significant damage to organisational performance and trust. ?
5. Blame Culture Intensifies: Incident response focuses on assigning blame rather than addressing root causes. Fear of speaking up deepens, reinforcing the toxic cycle. ?

?

1. Recognise and Address Bullying: Proactively identify bullying behaviours and enforce zero-tolerance policies. ?Provide training for leaders and employees on respectful and inclusive workplace practices. ?
2. Foster Psychological Safety:?Create an environment where employees feel safe expressing concerns without fear of reprisal. Encourage open dialogue, and have leaders model vulnerability as a strength.?
3. Encourage Transparent Risk Reporting: Implement clear and confidential channels for employees to report risks or concerns. ?Regularly communicate that risk reporting is welcomed and vital to the organisation’s success. ?
4. Focus on Root Causes, not Blame: Transition from a blame culture to one centred on problem-solving and continuous improvement—Prioritise understanding and addressing systemic issues rather than isolating individual faults. ?
5. Build a Culture of Trust and Accountability: Continuously build trust and foster accountability at every organisational level. Celebrate and recognise proactive risk identification and resolution as successes. ??

While Breaking the Cycle provides a roadmap, this is only an aspirational intent with further analysis. To turn intent into action, we must explore how bullying affects the quantification of risks and the systems designed to manage them. ?

?

The similarities in Quantifying Risk for Safety, Cyber Security, and Quality

As George E. P. Box famously remarked,?"All models are wrong, but some are useful."?This analysis does not aim to perfectly capture the complexities of workplace dynamics but instead serves as a straightforward modelling exercise to highlight the potential impact of workplace bullying on critical risk reporting across safety, cybersecurity, and quality domains.

The process of quantifying risk is well-established and applies almost identically across these fields. It generally follows four key steps:?

1. Identification of Risks
2. Source Modelling
3. Consequence Modelling
4. Quantification of Risk and Risk Mappings ?

Stochastic methods are used in source and consequence modelling. These involve selecting various factors, understanding their interdependencies, and calculating probabilities based on how one factor influences another.

Across industries, stochastic models abound, tailored to specific projects and contexts. Each sector has its preferred approach. In cybersecurity, for instance, the?Factor Analysis for Information Risk (FAIR)?methodology often takes centre stage, frequently used with frameworks like?MITRE ATT&CK??and?D3FEND?. Yet, there are times when no existing model suffices, and a bespoke stochastic model becomes necessary.

This past week, I indulged in the creative process of building such a model, enjoying the challenges and company of an AI friend. With a mug of hot chocolate in hand, we rolled out a simple stochastic model designed to explore the interplay between workplace culture and risk quantification.

?

Laying Out the Assumptions

Step 1 of the risk quantification process assumes a perfect environment where the free flow of information is unencumbered, enabling seamless risk identification. While this is an ideal scenario—and a significant assumption—we will revisit it later. For now, the focus shifts to Step 2: Source Modelling.

To model the impact of workplace culture on risk reporting, we rely on the following assumptions:??

1. Team Size and Span of Control: Assume a team size of 7-10 members. Each member has a baseline probability (P0) of reporting a safety, security, or quality concern in a neutral environment.?
2. Probability Suppression in the Toxic Cycle: In a toxic environment, the probability of reporting decreases at each step due to: (a) Fear of retaliation (P1), (b) Erosion of psychological safety (P2), (c) Lack of trust in leadership or processes (P3), and (d) Impact of blame culture (P4). Each step applies a suppression multiplier to the baseline probability: P0 × Mi, where 0 < Mi < 1. ?
3. Probability Improvement in the Breakthrough Cycle: In a proactive, enabling environment, interventions improve the probability of reporting at each step by applying a positive multiplier: Mj > 1.
4. Cumulative Reporting Probability: For the toxic cycle, the final reporting probability (Pf) after all suppression steps is Pf = P0 × M1 × M2 × M3 × M4. For the breakthrough cycle, the cumulative improvement is calculated with the same formula: Pf = P0 × M1 × M2 × M3 × M4. ?
5. Team Dynamics: Multiply Pf by the number of team members to estimate the likelihood of receiving risk-related data in a team context.
6. Input Parameters: Baseline probability (P0): Assume an initial likelihood, e.g., 0.8 in a neutral (but not ideal) environment. ?Multipliers (Mi and Mj): At each step, apply suppression or improvement factors based on the environmental context. ??
7. Stochastic Nature: Incorporate variability in team dynamics, such as Team size variations, Individual perceptions of psychological safety, and the influence of leadership and organisational culture—Run Monte Carlo simulations (e.g., 1,000 iterations) to produce probability distributions for risk reporting. ??

By structuring the assumptions, we can explore how workplace dynamics—toxic or enabling—affect the likelihood of reporting critical risks. This approach allows us to quantify the intangible and model the impact of interventions in a clear and actionable manner.

First Round of Analysis

Initial observations from the model's analysis highlight several important dynamics: ?

• Variability in Toxic Environments: Not all toxic environments suppress risk reporting to the same extent. While some environments induce near-total silence, others may still see sporadic reporting from individuals who feel secure or compelled enough to bypass barriers.
• The Role of Leadership and Communication Even in supportive cultures, outcomes are heavily influenced by leadership style, the accessibility and confidentiality of reporting channels, and the consistency of organisational messaging around accountability and trust. ??
• Non-Uniform Suppression Effects: Risk suppression is not uniform across organisations or teams. Individual resilience, role-specific risk exposure, and team dynamics create variations. This suggests that some risks may still surface even in toxic environments—albeit with a significant reduction in frequency and reliability. ??
• Team Size Magnifies Cycles: Further iterations suggest larger teams amplify the effects of both toxic and breakthrough cycles. In toxic cultures, the negative influence cascades and compounds, creating systemic silencing. Conversely, in psychologically safe teams, larger group sizes create a broader base for trust and collaboration, improving reporting probabilities. ?
• The Power of Psychological Safety: Teams with well-established trust and psychological safety consistently outperform others regarding risk reporting. These teams demonstrate higher reporting probabilities and a more consistent flow of actionable data, underscoring the importance of fostering enabling environments.

?

Next Steps: Refining the Model

While these insights provide a solid foundation, they remain general. To deepen our understanding, further iterations are necessary to: ?

1. Explore how individual factors—such as past experiences, tenure, or position in the organisational hierarchy—affect reporting probabilities.
2. Analyse the interplay between leadership interventions and team dynamics in different-sized groups.
3. Assess how specific barriers, like anonymity concerns or perceived retaliation, interact with cultural improvements to affect overall outcomes.?

By delving deeper, we can uncover more actionable insights, paving the way for organisations to break the toxic cycle and sustain a proactive risk management culture.

Second Round: Stepwise Evolution of Reporting Probability

The initial analysis examined a single team's dynamics in isolation. However, real-world organisations rarely operate in silos. Risk reporting and resolution often require interactions across multiple teams, departments, or hierarchical levels. Adding this organisational complexity reveals further insights into the dynamics of risk reporting. ?

Key Observations:

1. Increased Complexity Drives Declining Probabilities: As escalating risks involve more organisational layers, the probability of successful reporting decreases sharply. Hierarchical structures inherently introduce friction, magnifying this effect in toxic environments.
2. Toxic Cultures Amplify Hierarchical Inefficiencies: In environments where psychological safety is compromised, the natural inefficiencies of hierarchy—such as delays, misunderstandings, or gatekeeping—are exacerbated. The toxic cycle amplifies these barriers, reducing reporting effectiveness at every step.
3. Near-Zero Reporting in Combined Toxic-Hierarchical Systems: When a toxic culture intersects with a rigid hierarchy, the combined suppressive effects drive the reporting probability dangerously close to zero. Risks are ignored or diluted as they climb the organisational ladder, leaving critical vulnerabilities unaddressed.
4. Collaborative Cultures Overcome Barriers: Psychologically safe and collaborative cultures demonstrate the opposite effect. Trust, open communication, and accessible reporting mechanisms counteract the suppressive effects of hierarchy. In such environments, hierarchical barriers become less significant, sustaining a high likelihood of effective risk reporting.

?

Implications for Organisational Dynamics:

The intersection of hierarchy and culture is critical. A toxic culture inhibits reporting within teams and compounds the challenges of escalating risks across organisational boundaries. On the other hand, positive and enabling environments provide a buffer, ensuring that even complex reporting paths can deliver actionable insights. ?

Future modelling should explore the following:

• The specific points within hierarchical systems where suppression or amplification effects are most pronounced.
• Interventions that reduce hierarchical inefficiencies in toxic environments (e.g., flattening reporting structures or using anonymous channels).
• The role of leadership in bridging inter-team communication and maintaining collaborative dynamics across departments.

By accounting for these variables, we can refine strategies to transform rigid and suppressive systems into adaptive and transparent organisations.

?

Some Comments on Legislation Versus Corporate Policies on Bullying

Workplace bullying often persists due to a combination of legislative gaps and immature or ineffective corporate policies. These shortcomings create environments where bullying can thrive, silencing employees and undermining organisational risk management. ?

Persistent Complications:

1. At-Will Employment and 'Right to Work' Laws: In many jurisdictions, 'at-will' employment allows employers to terminate employees without cause, as long as it’s not for illegal reasons like discrimination. This legal framework can foster bullying behaviours, as employees may fear retaliation or dismissal if they report issues. Additionally, 'right to work' laws prohibiting mandatory union membership can weaken employee protections by reducing collective bargaining power, leaving individuals more vulnerable to workplace mistreatment.
2. Lack of Comprehensive Anti-Bullying Legislation: Many regions lack specific laws targeting workplace bullying. While harassment based on protected characteristics (e.g., race, gender, religion) is illegal, general bullying without discriminatory motives often falls outside the scope of existing legal protections. This legislative gap leaves many employees without recourse when facing toxic behaviours.
3. Inadequate Corporate Policies: Some organisations implement anti-bullying policies that are more platitudinous than effective. Many corporate policies lack robust mechanisms for enforcement, fail to align with whistleblower protection laws or provide insufficient safeguards for those reporting misconduct. As a result, bullying often continues unchecked.

?

Existing Legislative and Policy Guidance:

Strong anti-bullying laws and whistleblower protection measures are essential for creating safe, transparent workplaces. Examples of legislation and directives that can inform the development of effective corporate policies include:?

• The Danish Whistleblower Protection Act (Lov om beskyttelse af whistleblowers). Enacted in December 2021, this act establishes robust protections for employees who report misconduct.
• The EU Whistleblower Directive (Directive (EU) 2019/1937) provides a framework for protecting individuals who report breaches of EU law.
• The US Whistleblower Protection Act (1989) safeguards federal employees when disclosing misconduct.
• The US Sarbanes-Oxley Act (SOX) (2002) includes provisions to protect employees who report financial fraud and corporate wrongdoing.
• State-Level Anti-Bullying Laws in the US. A growing number of states have enacted laws explicitly addressing workplace bullying.

?

Call to Action for Policy Makers & Legislators:

To address these issues comprehensively, organisations and legislators must:?

• Pass Comprehensive Anti-Bullying Laws: Introduce legislation that explicitly defines and prohibits workplace bullying.
• Develop Robust Corporate Policies: Ensure policies are enforceable, transparent, and aligned with existing whistleblower protections.
• Strengthen Employee Protections: Provide clear mechanisms for reporting misconduct, backed by safeguards against retaliation. ?

By bridging the gap between legislation and corporate governance, organisations can create safer, more equitable workplaces encouraging reporting risks and misconduct. This will ultimately support broader safety, cybersecurity, and quality goals.

??

Conclusion

What we’ve explored here is not traditional risk quantification but a deeper look at the risks inherent in achieving risk quantification. If risks remain unreported due to fear or cultural barriers, no model can account for them, and you will never be able to calculate the price of risks until you have to pay them. To succeed in any risk-informed practice, the probability of known risks being reported must approach 1.0.

The takeaway is simple yet profound: If you permit bullying in your organisation, the probability of risks being reported approaches zero. In such an environment, risk management practices will fail to surface the critical issues that could lead to existential crises, much like the catastrophic incidents mentioned earlier in this article. ?

??

General Call to Action

We’ve all heard the joke: “How many psychologists does it take to change a light bulb?” The answer is, of course, “just one—but the light bulb has to want to change.” The same applies to organisational cultures: leaders must want to change and foster environments where admitting and learning from mistakes is a celebrated part of good business.

Acknowledging errors isn’t a weakness but a strength in a risk-informed culture. Be the leader who celebrates learning from mistakes, creating opportunities for meaningful insights and improved decision-making in psychologically safe settings.

To illustrate the interplay between bullying and psychological safety, consider this organic analogy:?

• Freedom from bullying is like removing weeds from a garden. Clearing the weeds creates space for growth and development.
• Psychological safety is the total cultivation of that garden. Sunlight, water, and care—trust, respect, and inclusivity—allow plants to thrive.

A workplace free of bullying lays the foundation for psychological safety, but achieving proper psychological safety requires proactive effort to nurture and maintain trust and collaboration.

To you leaders tackling workplace bullying and building psychological safety, here’s my advice:

Tend and dress your garden. Take good care of it, and you’ll enjoy the harvest—quality, security, and safety will grow naturally from the risk-agile culture you’ve cultivated.?

?

Other Thought Leaders to Follow on This Topic

Of course, I’m not the first to explore these ideas, nor will I be the last. Actual change requires effort and humility—recognising when we’ve been wrong and striving to grow. Here are a few thought leaders I follow who inspire me in shaping risk-aware, collaborative organisational cultures:

• Brené Brown : Courage, vulnerability, and leadership.
• Simon Sinek : Purpose-driven leadership and collaboration.
• Patti Blackstaffe : Change leadership and organisational maturity.
• Chris Donnelly : Building resilient organisational cultures.
• Stefanie Costi : Navigating toxic dynamics and creating inclusivity.
• Laurence Paquette : Leadership with psychological safety.
• Emotional Intelligence :) : Foundational tools for self-awareness and empathetic leadership.

Please let me know what your thoughts are.

I'd love to hear your perspectives.

• Who inspires you as a thought leader in this area?
• What feeds, books, or ideas have shaped your thinking on workplace culture and psychological safety?
• What steps can organisations, leaders, or individuals take to address the toxic cycles described here?

As always, your diverse insights and experiences enrich the conversation. Feel free to share your thoughts, ideas, or questions for others to consider. Let’s keep learning and growing together.

#Leadership #PsychologicalSafety #WorkplaceCulture #RiskManagement #CyberSecurity #QualityManagement #WorkplaceBullying #AntiBullying #OrganisationalDevelopment #FutureOfWork #ThoughtLeadership #Collaboration #Accountability #QuantitativeRiskManagement #Cyber #CyberRiskManagement #CyberRisk #CyberSecurityRisk #Leadership #ChangeManagement #OrganisationalChangeManagement #DigitalTransformation #EmotionalIntelligence #ValueDiversity #RiskInformed #RiskAware #RiskAgile #ProblemSolving

?