Advertisement

Why you can’t decide (And what to do about it)

Commentary: The rapidly changing digital world can leave tech executives feeling overwhelmed when they're faced with charting the course of their company's cybersecurity strategy.
(iStockphoto)

There it sits on your desk, awaiting your decision. As a key executive, you have difficult news to deliver to the board, and a recommendation to make. But how will you advocate for a solution when you can’t decide which to choose?

Of the alternatives before you, several would almost certainly be effective, but also expensive. On the other hand, doing less, while easier on the budget, could cost even more in the long run.

What are you going to do? You’ve been asking yourself this question for too long. Everyone is waiting for your decision, but you feel stuck.

Who among us hasn’t struggled with indecisiveness from time to time? In the rapidly changing world of technology, however, delay can be disastrous. No one knows this better than the executive — so why the paralysis?

Advertisement

Often, according to researchers, the reason for indecision is fear. Whether fear of failure, or of the unknown, or conflict, or something else, fear not only keeps us from making good decisions, but can stop us from deciding anything at all, researchers have determined.

Why does fear inhibit decision-making? Neuroscience tells us that a specific area in our brains, called the amygdala, processes fear. When the amygdala gets stimulated, we respond in one of three ways: fight, flight or freeze. It’s fairly easy to understand how these reactions benefited our ancestors, who had to worry about being eaten by predators. We might even be able to see how they could serve modern-day humans in dangerous situations. But for the executive trying to choose a strategy, these responses likely do more harm than good.

When the brain’s fear system activates, it switches off exploratory activity and risk-taking — both essential to good decision-making, according to Dr. Gregory Berns, director of the Center for Neuropolicy at Emory University.

“Just when we need new ideas most, everyone is seized up in fear, trying to prevent losing what we have left,” Berns wrote.

Cybersecurity, in particular, can cause fears that distort decisions. Sometimes, this can work in the CISO’s favor. What’s known in the profession as FUD, or “fear, uncertainty and doubt,” may convince a board reluctant to invest adequately in security measures.

JR-Reagan-Deloitte-portrait

JR Reagan writes regularly for FedScoop on technology, innovation and cybersecurity issues.

But one survey found that security professionals themselves may be victims of FUD. Fear may cause some to shift away from time-tested enterprise risk management and risk-based information security strategies, and embrace, instead, less-proven IT and technical security measures — potentially increasing risk to their organizations.

Fear can cause an excess of caution, as well, a clinging to the status quo instead of making the changes needed to keep pace with cybercriminals’ ever-shifting tactics. For instance, a recent survey found that nearly every organization is at risk of a data breach, but most lack the response capabilities to mitigate the damage should one occur.

According to another study, nearly 90 percent of IT professionals think wearables and the Internet of Things pose a danger to workplace security, yet only about one-third of organizations are taking steps to address these new threats.

Clearly, indecision regarding cybersecurity — and its sibling, inaction — can be hazardous to an organization’s health. How do we free ourselves from the paralyzing effects fear can impart? Here is what research suggests we consider:

Advertisement

Face your fears. When indecision strikes, acknowledging its source — fear — can be an effective first step toward freeing ourselves from its power. What are we afraid of? A survey of 116 CEOs and other executives found that their top fears include being found incompetent (“imposter syndrome”); underachieving, which can spur bad risks as a way to compensate; appearing too vulnerable; being politically attacked by colleagues; and appearing foolish. The next time you feel unable to decide, ask yourself if any of these apply to you, or if it’s something else.

View the “big picture.” Rather than focusing on what bad outcome your decision might cause, try thinking about what you want to achieve. What are your organization’s goals? What strategies do you have for helping to meet those goals? Looking toward the horizon — beyond your fears — may enable you to link the problem to the strategy, which may allow the best solutions to rise naturally to the top.

Trust your intuition. “Trust your gut” is almost a cliché, but intuition can often be overlooked — or disregarded. Not merely instinct, intuition is the synthesis of our feelings, beliefs and experiences. In her book “Women Who Run with the Wolves,” psychologist Clarissa Pinkola-Estes explores a folktale in which a girl becomes lost in the woods. When the doll in her pocket begins to move around, the girl removes it from her pocket and the doll points the way. At first, the doll’s movements are difficult to discern — like the small, quiet voice in our heads telling us what we should, and shouldn’t, do. The more the doll is heeded, however, the stronger it becomes, helping the girl find her path more quickly. Intuition — also known as wisdom — can work the same way, the author writes.

One thing you shouldn’t do: stifle or ignore your fears. Emotion, we now know, is as important to good decision-making as reason. The “gut” and the intellect both play key roles in the best decisions — and may help you not only to make the most reasonable choices today, but also to argue your case passionately, and persuasively, to the board tomorrow.

JR Reagan is the global chief information security officer of Deloitte. He also serves as professional faculty at Johns Hopkins, Cornell and Columbia universities. Follow him @IdeaXplorerRead more from JR Reagan.

JR Reagan

Written by JR Reagan

JR Reagan was the global chief information security officer of Deloitte at the time he served as a contributor to FedScoop, with over 25 years of experience as a consultant and international lecturer on innovation, big data and analytics, AI and cybersecurity.

Latest Podcasts