3 surprising reasons executives avoid making cybersecurity decisions (and what security leaders can do about it)

When an executive lacks clarity on the value of a cybersecurity request, their best move is to deny or delay the request to minimize the impact.

This leaves security leaders feeling frustrated… and ignored.

I’ve made requests and been called on to decide what to do. Based on those experiences, I study how to make better decisions faster, and what gets in the way.

I’ve learned 3 reasons executives avoid the decision you’re waiting for.

1. Deciding is hard in good times, harder in bad times

Just because we expect leaders to decide doesn’t mean they are good at it.

Good times provide better options to choose from. Even then, leaders need the right information, in a context they can understand, to make the right decision.

In tough times, they get forced to decide which of the terrible options “sucks the least.”

2. Fear throttles everything, paralyzing decision-making

Fear throttles our actions and impedes decisions because:

• Fear triggers doubt.
• Doubt creates hesitation.
• Hesitation creates procrastination.

It’s a double whammy when people equate security with fear, giving them more reasons to doubt, hesitate, and delay deciding.

3. Cybersecurity requests can be complex and confusing

Clarity is the fuel for acceleration, and essential for deciding what to do.

If you can’t explain how solving this problem creates value for the organization, their best bet is to deny or delay until they can get a better understanding.

If you’re waiting on a decision, take an empathetic approach.

Explore what information and context they need to decide and give it to them. Help them break out of the fear loop with a map that connects the dots between the problems they need to solve and your request.

Choose clarity over complexity to get a better decision faster.