What causes security teams to hesitate at critical moments while attackers tend to move more decisively?
Attackers, in many ways, have the advantage because they only need to be decisive and act quickly, whereas defenders must be right.
If you consider the environment cybersecurity professionals operate in, it aligns closely with the concept of VUCA – volatile, uncertain, complex and ambiguous. This is a framework I encountered while working in defence, and it applies just as strongly to cybersecurity.
The landscape is volatile because everything changes rapidly, meaning decisions can become outdated or incorrect within minutes. It is also uncertain, as defenders often lack full visibility of what is happening, yet remain accountable for the consequences, which creates significant pressure.
On top of this, the environment is highly complex, with multiple moving parts spanning teams, systems and organisations, including third-party risks. It is also ambiguous, as information comes from many different sources and can be interpreted in various ways, making it difficult to establish a clear understanding of events.
Within this context, there are important psychological factors at play. Working under constant pressure affects how the brain functions, often slowing decision-making. As a result, defenders are dealing with far more cognitive demands than attackers. Their hesitation is not due to a lack of capability, but rather the mental strain of operating in such a challenging environment.
How does uncertainty during an incident impact the speed and quality of security decisions?
Much of this comes down to how the brain functions under pressure.
If you think of the brain as a limited-capacity information processor, it is constantly handling large volumes of data. However, under stress, a phenomenon known as cognitive narrowing occurs. Instead of processing a wide range of information, the brain focuses primarily on the immediate threat, in this case, the cyberattack. While this helps prioritise urgency, it also means less information is taken into account overall.
At the same time, cognitive biases begin to influence thinking. In the need to act quickly, the brain often latches onto the first available explanation and uses it as the basis for subsequent decisions. In a fast-changing environment, this can be problematic, as new information may contradict that initial assumption. However, once a particular line of thinking is established, there is a tendency to stick to it.
This can lead to confirmation bias, where individuals seek out information that supports their initial judgement while disregarding signals that suggest an alternative explanation. As a result, decision-making quality can degrade, particularly in dynamic environments where conditions are continually evolving.
Risk perception also plays a significant role. Under pressure, some individuals become more riskaverse, which can slow decision-making, while others become more risk-seeking, potentially pushing ahead with decisions without fully considering all available information. Both responses can lead to the wrong decision.
Additionally, strong or confident voices within a team can disproportionately influence decisions. When individuals project confidence, others may accept their views without sufficient scrutiny, which can further compromise the quality of decision-making.
Ultimately, it is the combination of uncertainty, pressure and cognitive strain that not only makes decisions more difficult but also fundamentally alters how people think, shaping the entire decision-making process.
Why does human error remain a major risk, even when advanced tools and extensive training are in place?
Tools generate information, but decisions are ultimately made by people.
Organisations can put incident response plans in place and rehearse them regularly. There is also a strong emphasis on building a vigilant security culture. The assumption is that, with these elements in place and well-practised, teams are fully prepared. In reality, what they are prepared for is the playbook: they understand the processes, know how things are meant to work and who to involve at the right time. However, none of this addresses how the brain functions under pressure.
Under pressure, some individuals become more risk-averse, which can slow decisionmaking, while others become more risk-seeking, potentially pushing ahead with decisions without fully considering all available information.
WWW. INTELLIGENTCISO. COM 25