Why Smart Security Leaders Fail Under Pressure And How to Avoid Those Mistakes

Decision‑Making Under Pressure
Written By Francisco Javier Milian, CPP®

Security work, whether cyber or physical, is stressful. When alarms go off, alerts spike, or someone calls “We have a situation,” you don’t get warm‑up time. You’re expected to think clearly and act fast.

But here’s the truth most security professionals won’t say out loud:

Even very smart, very experienced security leaders make bad decisions under pressure.

And it’s not because they’re incompetent. It’s because stress changes how the human brain works. Research from the last decade gives us a clear picture of why this happens and what you can do to stop it.

Below are simple explanations and security‑specific examples to help you recognize the traps and avoid them.

1. Stress Messes with Your Brain’s “Control Center”

When stress hits during an incident like a ransomware attack or a perimeter breach your brain shifts into “react first” mode. Research shows that acute stress weakens the parts of the brain that help you stay flexible, think clearly, and correct errors. Instead, you become more reactive and more likely to miss key details.

What this looks like in security:

  • Cyber: During a live breach, the IR lead focuses on one server they think is the entry point but misses lateral movement happening elsewhere.

  • Physical: A GSOC operator keeps watching the camera feed where the first suspicious movement happened and overlooks a second intruder entering from another door.

This isn’t incompetence. It’s biology.

2. Your “Gut Feeling” and Your “Runbook Brain” Fight Each Other

Researchers say we make decisions using two systems at the same time:

  • Fast thinking: gut feelings, instincts, pattern recognition

  • Slow thinking: step‑by‑step logic, checklists, runbooks

Under pressure, these two systems compete. Leaders either act too fast based on instinct or get stuck overthinking. Studies show the best decisions happen when leaders recognize which mode they’re in and switch when needed.

Another major review shows that pressure and emotion affect whether intuition or analysis works better, so “trust your gut” isn’t always the right move.

Security examples:

  • Cyber: An analyst suppresses an alert because it “looks like last week’s test,” but it’s actually a real intrusion.

  • Physical: A supervisor delays calling law enforcement because they want more information, even though time is critical.

3. “Everyone Has a Plan Until They Get Punched in The Mouth." Mike Tyson

When people feel threatened, they tend to narrow their thinking, reduce communication, and rely on old routines even when those routines don’t fit the current situation. Researchers call this threat‑rigidity, and recent reviews show it’s extremely common in high‑pressure environments.

One study of U.S. agencies showed that when organizations feel reputational pressure, they become more rigid and less innovative.

Security examples:

  • Cyber: After a public breach, leadership insists on following the same old containment script, even though the attacker is using new tactics.

  • Physical: After a security incident makes the news, leaders lock down operations so much that officers can’t adapt or make smart real‑time decisions.

4. Confidence Helps… Until It Blinds You

Studies of CEOs show that confidence can actually improve performance by encouraging bold decisions. But under pressure, confidence can cross into overconfidence, which leads to ignoring warning signs or skipping critical checks.

Security examples:

  • A CISO is certain they’ve “seen this attack before,” so they skip running a fresh investigation path and miss critical evidence.

  • A physical security chief decides to handle an escalating incident alone, convinced they “have it under control,” but underestimates the complexity.

5. Too Much Information = Bad Decisions

Security teams deal with massive cognitive load alerts, radio calls, logs, maps, dashboards, emails. Research shows that heavy mental load weakens our ability to think clearly, even if we’re usually very logical.

Other studies show that unclear or cluttered visuals make it even harder to make good decisions under time pressure. Simple, clear uncertainty visuals help leaders choose better.

Security examples:

  • Cyber: The war‑room slide deck is 50 pages long, so leadership goes with the first “seems right” option instead of the best one.

  • Physical: A GSOC map has too many icons and no clear risk zones, so the team misjudges the highest‑risk location during an event.

6. Teams Don’t Learn from Incidents Unless It’s Designed That Way

Studies show people often don’t learn from failure because failure feels embarrassing or unclear. Learning requires three things:

  1. Opportunity (clear info about what went wrong)

  2. Motivation (a safe environment that avoids blame)

  3. Ability (simple tools for analyzing the issue)

Another study confirms that emotions and self‑protection make it hard for people to learn from their own mistakes.

Security example:

  • After a data breach or onsite incident, the report lists “what happened,” but nobody identifies the wrong assumptions the team made, so the same mistake happens again.

How Security Leaders Can Avoid These Traps (Simple, Practical Steps)

1. Start major incident calls with a 90‑second pause

This sounds small, but research shows it helps you think clearly.  

Try this:

  • Take a few slow breaths

  • State the decision you’re making

  • Ask whether it’s reversible

  • Ask for three options before choosing

This stops the “panic brain” from taking over.

2. Use a “Decision Mode Switch”

Decide ahead of time:

  • When to trust fast thinking (routine, low‑risk, familiar problems)

  • When to slow down (high risk, unfamiliar, irreversible)

Use this formula: stakes × novelty × irreversibility

If it’s high → switch to structured decision‑making.

3. Make dissent part of the process

To avoid threat‑rigidity, add this question to every incident call:

  • “What’s another way to see this?”

  • “What could we be missing?”

Recent research shows pressure makes people stay quiet, so leaders must actively invite alternative views.

4. Use “tripwires” to prevent overconfidence

Before acting, set:

  • A go/no‑go rule

  • A time limit to reassess

  • A quick red‑team challenge

This protects you when confidence starts ignoring evidence.

5. Reduce cognitive load wherever possible

Try:

  • One‑page summaries instead of long slide decks

  • Clear visuals with ranges or “most likely paths”

  • Fewer decisions per meeting

This matches what research says about improving decision quality under load.

6. Make after‑action reviews simple and blame‑free

Ask three questions:

  1. What assumption was wrong?

  2. What signal did we miss?

  3. What will we change next time?

Studies show people can only learn from failure if the environment feels safe and the lessons are clear.

A Quick 30‑Day Improvement Plan

Week 1: Start doing the 90‑second reset in all high‑pressure meetings.

Week 2: Add the “What are we missing?” question to all incident calls.

Week 3: Use tripwires for at least one high‑stakes security call.

Week 4: Run one simple, blame‑free after‑action review and make two improvements.

Small habits like these reduce mistakes more than any tool or dashboard upgrade ever will.

Final Thoughts

Security leaders don’t fail because they lack skills.  They fail because humans under pressure behave in predictable ways.

But once you understand those patterns, and build a few simple habits, you make clearer decisions, lead calmer teams, and respond to incidents with confidence instead of adrenaline.

Francisco Javier Milian, CPP®

Founder of The Educated Risk Company

Previous

The Science of Split Second Decisions: What Your Brain Does in Crisis (Security Leader Edition)
Next

Why Security Awareness Training Fails When the Incident Hits (and What Security Leaders Should Do Instead)