Why Good People Make Bad Decisions in a Crisis
Key Highlights
- Crisis doesn't eliminate training. It changes how people think, making conditioned behavior more likely than deliberate analysis.
- Organizations build resilience by preparing people for uncertainty, not simply by adding more procedures or checklists.
- As AI-powered deception grows more convincing, understanding human behavior becomes as critical as strengthening technology.
Every security organization invests in procedures. Policies are written, training is delivered and exercises are conducted with the expectation that when a crisis unfolds, people will respond as they’ve been taught.
Reality is rarely that predictable.
When fear, urgency and uncertainty collide, the brain doesn’t always behave the way procedures assume it will. People who know exactly what they’re supposed to do may hesitate, freeze, follow the wrong person or make decisions that seem irrational once the crisis has passed. Those responses aren’t necessarily signs of poor training or weak leadership. They are often the result of how the human brain responds under acute stress.
This second installment in my five-part series examines a question at the heart of crisis management: Why do people fail to follow procedures when those procedures matter most? The answer challenges many of our long-held assumptions about training, leadership and the belief that we remain in control when pressure is at its greatest.
Why rational thinking breaks down under stress
Most security procedures are built on the simple assumption that people will behave rationally under pressure.
They’ll recall their training, follow steps in order, communicate clearly, wait for authorization to act, then act in alignment with policy and institutional goals, just as outlined in the organization’s standard operating procedures (SOPs). In calm environments, this assumption mostly holds. In crises, it collapses. Completely. Not because people are careless or incompetent, but because stress changes the chemical makeup and communication pathways in the brain, well before it changes behavior.
Under acute stress, the nervous system shifts into survival mode. Blood flow prioritizes large muscle groups over fine motor control. Focus narrows. Memory retrieval becomes unreliable, if not outright impossible. Time perception distorts.
This isn’t psychology in the abstract. It’s biology.
When stress takes the wheel, the prefrontal cortex, which governs deliberate thinking and decision-making, becomes less influential. The brain increasingly relies on learned habits, instinctive threat responses and emotionally driven social cues.
Which means that in a crisis, people don’t execute procedures. Behavior becomes guided more by conditioning than deliberate analysis.
Continuing the Conversation at GSX 2026
The ideas explored in this article are part of Dr. Frazer Thompson's educational session at GSX 2026 in Atlanta.
"The New Triad of Safety for Security Leaders in Converged Risk Environments" examines how cyber threats, AI-enabled influence, organizational culture and human behavior intersect during high-pressure incidents. Drawing on examples from public venues and critical infrastructure, the session explores how blended threats emerge and how systems thinking can strengthen organizational resilience across people, technology and operations.
Session details:
Monday, Sept. 14, 2026
11:15 a.m. – 12:15 p.m.
Georgia World Congress Center
Room B405/B406A
Crises reveal the organization you’ve built
When organizations or teams experience failures during incidents, the default response is predictable. “We need more training.” “We need clearer procedures.” “We need better compliance.” However, adding more information to a system that is already failing under stress is rarely the solution. In fact, quite the opposite. And over-proceduralizing can increase fragility.
Long checklists assume stable authority, clear information, sequential decision-making and that there’s time to think!
The reality is that crises provide none of these. What people actually rely on in those moments are what feels familiar. There is a natural recognition of who seems confident — and that individual, regardless of their role in the event, is subsequently looked to as a leader. People will also scan the crowd to see what others are doing, and what actions can be taken immediately to reduce their current level of discomfort.
In a crisis scenario, this is why people wait for permission that never comes, follow the wrong leader, absolutely freeze despite knowing “what to do,” or act decisively — but outside protocol.
These aren’t moral failures. The are predictable human responses to uncertainty, and stress reveals the organization you really built. One of the most overlooked truths in security is this. Crises don’t change organizations, they reveal them. Strip them bare, expose them down to their very core.
Stress reveals what organizations hide
Acute stress removes the buffer of deliberation. What follows is revelation. Acute stress strips away process and pretense, and what remains is the organization’s true operating system — its habits, its assumptions and its limits. Acute stress events expose informal power structures, communication bottlenecks, cultural norms around authority and initiative, and perhaps most importantly, trust deficits.
In calm times, these dynamics remain invisible, hidden in plain sight. Masked by predictable routines that are “just good enough,” trainings that never meet real consequence, and the ignorant assumption that order of routine is the same thing as preparedness. Under stress, these dynamics become decisive.
If employees are conditioned to defer in the course of their everyday responsibilities, they will wait, even when waiting is dangerous. If leadership typically communicates ambiguously, don’t expect this to change in a crisis. Confusion will multiply.
If speaking up is culturally risky, silence will dominate precisely when clarity is needed most. Everything left unsaid widens the gap between the stories and untruths we tell ourselves and the reality of what's actually happening. The organization does not merely pause; it drifts, guided by habit, instinct and the faintest cues of authority rather than by reasoned judgment. The cost of staying quiet is never neutral; it accumulates, moving not by deliberate reasoning but by the inertia of habit and instinct. It shapes decisions and reveals who we truly are when the calm has vanished.
Security incidents are psychological audits, whether we intend them to be or not. Team members second‑guess themselves, trust erodes and the space for truth‑telling narrows. Over time, the organization learns to survive on adaptive silence rather than courageous clarity.
Yet silence is reversible. Psychological safety, modeled consistently by leadership, can interrupt the spiral, helping to prepare the team for the worst. Practical interventions to prepare for a crisis event may include:
- Clarifying norms: Define when and how anyone, regardless of rank, can challenge assumptions or share emerging risks. In your every day, day-to-day, make it safe for people to speak up and invite them to do so.
- Modeling vulnerability: Leaders who admit uncertainty signal that truth‑seeking outweighs ego protection. There is no shame in admitting that you don’t have all the answers.
- Establishing debrief rituals: Post‑event reflections normalize open dialogue about success and failure, reducing fear of reprisal. After Action Reviews can be done for anything — at project completion, after a fund-raising event, for anything.
- Practicing communication under stress: Simulation exercises train teams to override social hesitation through rehearsed, assertive communication. Plan a table-top exercise and get an outside agency involved to make it as real as possible.
When these strategies take root, the organization exchanges instinctive silence for deliberate speech, ad-hoc instinct for a confident operating cadence. The hum of uncertainty remains, but it is met with steady voices ready to translate confusion into coordinated action.
About this series
Security threats no longer fit neatly into physical, cyber or operational categories. They increasingly overlap, requiring organizations to rethink how they prepare people, processes and technology for crisis.
In this five-part series, Dr. Frazer G. Thompson examines how human behavior, organizational culture and emerging technologies are reshaping security leadership and resilience.
Series roadmap
- The new perimeter: Where physical, cyber and human systems converge
- The psychology of crisis behavior: What people actually do under stress
- Scenario-based training: How gaming prepares staff before and after incidents
- AI and undiscovered threats: How emerging technologies exploit trust and ambiguity
- Integrated resilience: Building security cultures that adapt, recover and evolve
Rather than focusing on hypothetical future risks, this series examines the realities security leaders face today and the practical steps organizations can take to prepare for increasingly complex, interconnected threats.
AI exploits human behavior
Layer cyber and AI threats onto this psychological reality and complexity doesn’t just increase. It compounds.
AI-driven impersonation, deepfake audio and adaptive social engineering rarely succeed because systems fail first. They succeed because humans do, specifically under conditions of urgency, ambiguity and perceived authority. These tools are designed to collapse reflection time and replace it with instinct.
An employee who receives a convincing call from “leadership” during a stressful moment doesn’t experience it as a cyber event. They experience it as a human interaction, a conversation that feels familiar, relational and emotionally loaded.
Consider a simple but increasingly common scenario.
An operations manager is already dealing with a service outage. Phones are ringing. Teams are waiting for direction. Then a call comes in from someone who sounds exactly like a senior executive. The tone, cadence and even verbal tics are right. The message is urgent: “We’re about to lose a critical client. I need you to bypass the usual approval and release access now. We’ll clean up the paperwork later.”
In that moment, the employee is not evaluating phishing indicators or threat models. They are navigating:
- A spike in stress and cognitive load
- Strong authority cues
- Cultural expectations around responsiveness and loyalty
- Fear of delaying action or being the person who “made it worse”
The decision they make is not irrational. It is contextually human. This is why procedures alone won’t solve the problem and why checklists crumble under pressure. Training that assumes calm, linear thinking collapses under emotional load.
Preparing people for those moments requires more than procedures. It requires realistic, scenario-based training that exposes them to uncertainty, helps them recognize their own responses under pressure, and builds the judgment needed to navigate a real crisis.
Recovery shapes future resilience
Most organizations obsess over the first minutes of a crisis. Far fewer plan for what follows. Yet recovery is where the long-term damage — or resilience — is determined.
After an incident, trust may be fractured and confidence shaken. Identities up and down the chain of command will be challenged and event narratives contested. People will constantly replay their actions internally. They wonder if they froze, failed or made things worse, and without a structured recovery process, shame and silence take root. In the cycle that is crisis preparedness, this erodes readiness for the next event.
If we accept that crises are psychological events before they are operational ones, then security leadership must evolve. Not by abandoning procedures, but by embedding them within a realistic understanding of human behavior under stress.
The questions security leaders should be asking
Threats are becoming faster, more blended and more psychologically sophisticated, and AI will continue to blur reality. Cyber incidents will continue to spill into physical, financial and reputational harm, and stress will remain inevitable.
Preparing for that environment requires more than investing in new technology or refining existing procedures. It requires leaders to examine how their organizations behave when stress disrupts routine, authority becomes ambiguous and uncertainty takes hold. That begins with asking a different set of questions.
- Where do our people hesitate when pressure rises, and why?
- Where do they overreact, shortcut or defer too quickly?
- How does authority function when information is incomplete?
- What behaviors do we reward implicitly during emergencies: speed, compliance or silence?
- How do we help people recover psychologically after an incident, not just respond tactically during one?
These questions don't sit neatly inside a single function. They cut across security, psychology, training, leadership, communications and technology. They also require humility: the willingness to admit that even well-trained, well-intentioned people will behave differently when fear, urgency and uncertainty collide.
Preparation goes beyond the plan
Organizations that thrive won’t be the ones with the most perfect procedures or the thickest policy manuals. They’ll be the ones that understand how people actually behave under pressure and prepare for that reality deliberately, honestly and compassionately.
In the next article, we’ll examine how scenario-based training helps organizations move beyond procedural knowledge to practical judgment. Properly designed immersive exercises do more than test response plans. They expose assumptions, strengthen decision-making under stress and help teams build the resilience needed to recover when real crises unfold.
The future of security won’t belong to the organizations that plan the most. It will belong to those that prepare people to think clearly, adapt quickly and act with confidence when plans begin to fail.
Editor’s Note: SecurityInfoWatch is republishing a five-part series by Dr. Frazer G. Thompson with permission from the author. Originally published on his Substack, the series examines how physical security, cybersecurity, crisis psychology, and artificial intelligence are reshaping organizational preparedness and resilience.
About the Author
Frazer Thompson
Vice President of Operations at PIER 39
Dr. Frazer G. Thompson is Vice President of Operations at PIER 39 in San Francisco, where he oversees operational readiness and security integration for a public-facing destination that welcomes more than 11 million visitors annually. A senior attractions operations executive and crisis consultant, he has nearly 30 years of experience in high-pressure environments, including leadership roles with Disney and Universal Studios. His work focuses on crisis management, human behavior, resilience, and decision-making under stress. Thompson has contributed to Joint Counterterrorism Assessment Team (JCAT) publications and is the author of "Edge of Calm: Leadership and Crowd Psychology During a Crisis."

