Client Area

This section can be repurposed a number of ways.

mobile-logo

January 2026

Buildings in black & white
26 Jan

Institutional Drag: The Hidden Tax on Everything You Do

by We Are OWG
in Articles
Comments
Let’s talk about how trying to keep everyone comfortable is slowly bankrupting your productivity…
There’s a term we use with clients that usually gets a knowing, tired laugh: institutional drag.
 
It’s that invisible force that makes everything take longer than it should. The reason a 15-minute decision requires three meetings. The explanation for why simple improvements get buried in committees.
 
And here’s the uncomfortable truth: most organizations are drowning in it.
 
What It Looks Like: Someone on your team notices a problem. A clunky workflow. A project consuming massive time for minimal return. A tool costing more than it’s worth. They know it’s an issue. Everyone knows it’s an issue. But no one says anything.

Why?

Because bringing it up means someone might be uncomfortable. A manager might have to admit they made the wrong call. A project someone championed might need to be killed.

And so… nothing happens. The inefficiency continues. The cost compounds. The team gets frustrated. Good people quietly start looking for the exit.

All because no one wanted to have an uncomfortable conversation.

That’s institutional drag. And it’s costing you far more than you realize.

The Math: If institutional drag is adding even 20% overhead to your team's productivity and in most organizations, it's way higher, you're paying for an extra day of work every week that produces nothing.

For a team of 10 people, that’s 520 person-days per year. At $500/day, that’s $260,000 in lost productivity.

From one team. Now multiply that across your entire organization.

The Perfection Problem: Here’s what makes it insidious: institutional drag is usually born from good intentions. We don’t want to inconvenience people. We want buy-in. We want consensus. But somewhere along the way, we confused “being thoughtful” with “avoiding all discomfort.”

Perfect communication. (Endless meetings.) Perfect consensus. (Watered-down decisions.) Perfect timing. (The “right moment” that never comes.) Perfect implementation. (So we never start.)

Perfect is the enemy of done. And in business, done is almost always better than perfect.

The Real Cost: We See Constantly...

A partner identifies technology that could save tens of thousands annually and improve client service. But implementing it would require change. Training. New workflows. An adjustment period. So the conversation stalls. “We’ll revisit next quarter.” “Let’s get more input first.” “Maybe we should pilot it.”Six months later, nothing has changed. Except the firm spent another $50,000 on inefficiency, lost opportunities to competitors, and watched another talented person leave.

The cost of avoiding discomfort is always higher than the cost of the discomfort itself.

Why Smart People Stay Silent: In high-drag organizations, people learn not to bring up problems. When you surface an issue, you get: “Have you thought through all the implications?” “What’s the full cost-benefit analysis?” “Can you put together a proposal?”

Suddenly, identifying a problem becomes your second job. And if nothing changes anyway — which it usually doesn’t — you’ve just burned credibility for nothing. So smart people stop speaking up.

Your best people don’t quit because of the work. They quit because of the drag.

What Low-Drag Organizations Do Differently:

  • Decisions get made quickly. Not recklessly. But decisively.
  • Problems get surfaced early. Because it’s safe to bring up issues.
  • Projects get killed. When something isn’t working, they stop. No sunk-cost fallacy.
  • Discomfort is normalized. Change is uncomfortable. Everyone accepts it and moves through it.
  • Action beats analysis. They’d rather try something and adjust than plan for six months.

These organizations move faster, innovate more, retain talent better, and are more profitable.

Not because they’re smarter. Because they’ve eliminated the drag.

How To Reduce It:

  1. Name it. Make “institutional drag” part of your vocabulary.
  2. Reward problem identification. Thank people for surfacing issues, even if you’re not fixing them right now.
  3. Set decision deadlines. “We’ll think about it” is organizational poison.
  4. Kill projects publicly. Show your team it’s okay to stop doing things that aren’t working.
  5. Embrace “good enough.” Not for client work. But for internal decisions? Good enough is usually good enough.
  6. Ask “what’s the cost of waiting?” Usually, it’s higher than the cost of acting imperfectly.
 

The Bottom Line

Institutional drag is a choice.

It’s choosing comfort over progress. Consensus over speed. Perfection overdone.

If everything feels hard in your organization, if simple decisions require heroic effort, if good ideas die in committee, if your best people are exhausted, you don’t have a people problem.

You have a drag problem.

And the fix isn’t more process.

It’s less.

The question is: are you willing to be uncomfortable enough to change it?

Our Commitment to Community and Growth

We champion personal growth and societal contribution by encouraging our team to engage in charity work, supporting them with additional time off and funded trips to make a tangible difference. Reflecting our commitment to these values, we contribute a deliberate portion of our earnings to carefully selected charities each year. Our philanthropic efforts span national organizations and local initiatives, from St. Jude to various artistic programs and human-i-t.

Making a Real Difference

At OWG, we partner with these organizations to enact real change—a claim many assert, but few truly fulfill. Our dedication to these values not only defines our corporate culture but also underscores our mission to leave the world better than we found it.

Need a partner in IT solutions? Contact us here!

Talk With An Expert
Trends 2026
13 Jan

Tech & Cybersecurity Trends to Watch in 2026

by We Are OWG
in Articles, Security
Comments
What Actually Matters for Your Business…

Look, every January the internet explodes with tech predictions that sound like they were written by someone who’s never run a business. AI everything. Quantum computing. Buzzwords on buzzwords.

Here’s what we’ve learned: most “trends” don’t matter to you until they actually affect your operations or put your business at risk.

So instead of the usual hype, here’s what’s actually happening in 2026 that you need to pay attention to—and what to do about it.

 

1. AI Is Standard Business Infrastructure Now

The Reality:

AI tools are becoming as standard as email. Microsoft Copilot is baked into most Microsoft 365 plans. Your team is already using ChatGPT, Claude, and similar tools to draft emails and research topics, often without realizing they might be leaking sensitive data.

What You Need to Do:

  • Create an AI usage policy immediately
  • Get business versions that don’t train on your data (Copilot for Business, ChatGPT Enterprise)
  • Train your team on safe AI usage

Real Talk:

AI won’t replace your team, but employees who know how to use AI will replace those who don’t.

2. Ransomware Got Smarter and Nastier

The Reality:

Ransomware groups now use AI to write convincing phishing emails, they’re targeting smaller businesses (easier targets), and they’re not just encrypting your files—they’re stealing them first and threatening to publish everything if you don’t pay.
 
Insurance companies are getting picky too. No multi-factor authentication? No backup testing? Good luck getting coverage.

What You Need to Do:

  • Multi-factor authentication on EVERYTHING
  • Test your backups (actually do a restore, don’t just assume they work)
  • Get email filtering that catches threats before they reach inboxes
  • Have an incident response plan before you need it

Real Talk:

Average ransomware payment is $200K+ for small businesses, with 21 days of downtime. Can you survive three weeks offline?

3. Cloud Sprawl is Killing Your Budget

The Reality:

Everyone’s in the cloud, but most businesses have no idea what they’re paying for. Shadow IT everywhere—employees buying subscriptions, departments using different tools, nobody tracking anything.
 
Your cloud bill is probably 30-40% higher than it needs to be. Plus, every SaaS tool is another potential security hole.

What You Need to Do:

  • Audit subscriptions quarterly (pull those credit card statements)
  • Consolidate tools where possible
  • Implement single sign-on (SSO) for centralized access control
  • Set up proper permissions on shared drives

Real Talk:

We found $47,000 in annual waste for one client last month. That’s nearly $4K a month just… gone.

4. Your Employees Will Make Mistakes, Plan for It

The Reality:

Security training is important, but your employees are tired, busy, and checking email at 11 PM on their phones. They’ll make mistakes. The real problem is when they’re too embarrassed to report it immediately.

What You Need to Do:

  • Create a no-blame reporting culture
  • Implement security that works in the background (EDR tools)
  • Make security convenient (password managers, SSO, easy MFA)
  • Regular short training (5 minutes monthly, not annual 2-hour sessions)

Real Talk:

Your security problem isn’t the employee who clicked something, it’s that one click gave access to your entire network. That’s an architecture problem, not a people problem.

5. Zero Trust Isn't Just for Big Companies

The Reality:

“Zero Trust” is a fancy way of saying “stop assuming everyone inside your network is safe.” Your employees work from home, coffee shops, airports, your network perimeter doesn’t exist anymore.

What You Need to Do:

  • Start with MFA everywhere (yes, again)
  • Implement least-privilege access (nobody needs access to everything)
  • Look into zero-trust network access (ZTNA) tools instead of old VPNs
  • Monitor everything (3 AM access from Bulgaria should raise flags)

Real Talk:

Zero Trust sounds like overkill until a stolen password gives someone access to your entire file server.

6. Compliance Has Teeth Now

The Reality:

GDPR, CCPA, HIPAA, CMMC, regulators aren’t sending warning letters anymore. They’re hitting businesses with real penalties. “I didn’t know” isn’t a defense.
 
Your clients are asking more questions too. RFPs include security questionnaires. Partners want proof of your cybersecurity measures.

What You Need to Do:

  • Understand what regulations apply to you
  • Document everything (policies, procedures, evidence)
  • Regular security audits (don’t wait for deadlines or breaches)
  • Consider cyber insurance (but they’ll require security measures first)

Real Talk:

Compliance is a pain, but it’s a competitive advantage when you can confidently answer security questionnaires while competitors fumble.

7. You Can't Build an In-House Security Team (So Stop Trying)

The Reality:

There are 3.5 million unfilled cybersecurity jobs globally. A junior security analyst costs $80K+. A senior one? $150K+. You can’t afford that, and even if you could, you can’t find them.

What You Need to Do:

  • Stop trying to do everything in-house
  • Find a managed service partner who actually cares (not just ticket-takers)
  • Get 24/7 monitoring (attacks don’t happen 9-5)
  • Invest in the relationship (your IT partner should feel like part of your team)

Real Talk:

One full-time IT person costs $60-80K plus benefits. A managed service gives you a whole team with specialized skills for roughly the same cost.

8. Remote Work Security Can't Be an Afterthought

The Reality:

Your security perimeter is now every employee’s home network, phone, laptop, and coffee shop WiFi. The “protect the office network and you’re fine” approach is dead.

What You Need to Do:

  • Secure all endpoints (every laptop, phone, tablet)
  • Company-managed devices only (BYOD is asking for trouble)
  • Cloud-based security that works anywhere
  • Modern access solutions (VPN or better alternatives like ZTNA)

Real Talk:

Secure the users, not the location.

9. Supply Chain Attacks Are Everywhere

The Reality:

Why break into your network when attackers can breach your software vendor and push malware through their update system? Every vendor and tool is a potential entry point.

What You Need to Do:

  • Vet vendors before signing up (ask about their security practices)
  • Limit vendor access (sandbox it)
  • Monitor third-party tools
  • Have a vendor incident response plan

Real Talk:

You can have perfect security and still get breached because a vendor three steps removed got compromised.

10. Passwords Are Finally Dying

The Reality:

Passwordless authentication is getting real. Apple, Google, and Microsoft are pushing passkeys hard. More services offer FaceID, fingerprint, or security key login instead of passwords.

What You Need to Do:

  • Enable passkeys where available
  • Still use password managers (we’re not fully passwordless yet)
  • MFA everywhere
  • Plan migration as your tools add passkey support

Real Talk:

Passwordless is both more secure AND more convenient. Rare win-win.
Technology should make your business run better, not keep you up at night. You don’t need to be on the bleeding edge of everything, but you need the basics covered: strong authentication, good backups, proper monitoring, trained employees, and a partner who has your back.
These aren’t abstract future problems, they’re affecting businesses right now. The question isn’t whether these trends will impact you. It’s whether you’ll be ready when they do.
 
Want help making sense of this? We do free security assessments, no sales pitch, no fear mongering. Just an honest look at where you stand and recommendations you can actually act on.
 

Schedule your free security assessment.

Talk With An Expert

NEW JERSEY / NEW YORK
150 River Road, Suite C-4
Montville, NJ 07045

Google Maps

SOUTHERN CALIFORNIA
2376 Westwood Blvd
Los Angeles, CA 90064
Google Maps

CONTACT

Email: partnerwithus@weareowg.com

Phone: 212-685-8800

Linkedin

SIGN UP FOR OUR NEWSLETTER!

© OWG | All rights reserved.