Most Lost Cybersecurity Deals Don't Go to a Competitor. Here's Where They Actually Go.

The biggest blind spot in many cybersecurity pipeline reviews is the deals that went nowhere, not the ones that lost to a competitor. Sales teams run sharp deal reviews on competitive losses because the loss is visible. They run almost none on the deals that drifted out of the pipeline without a clear reason, because the loss has no shape. Across the largest dataset ever assembled on the question, that second column is bigger than the first by a wide margin.

Matt Dixon and Ted McKenna's analysis of 2.5 million sales conversations, published in The JOLT Effect (2022), found that 40 to 60 percent of forecasted B2B deals end in no-decision rather than going to a competitor. Of those no-decision losses, 56 percent come down to buyer indecision, not the customer preferring the status quo. Forrester's State of Business Buying 2024 reports that 86 percent of B2B purchases stall at some point in the cycle. Gartner's 2025 survey of B2B buyers found that 74 percent of buying groups exhibit unhealthy conflict during decision-making.

In cybersecurity sales, where enterprise buying groups regularly exceed 10 stakeholders, sales cycles run 12 to 18 months, and M&A reshapes the vendor landscape every quarter, no-decision losses have become the silent majority of every loss column. This article examines what that costs, what causes it, the signals that predict a deal heading toward no-decision instead of a competitor, and how cybersecurity sales teams can change their loss-review process to track it.

The Data on No-Decision

The largest dataset on no-decision losses comes from Matt Dixon and Ted McKenna's The JOLT Effect (2022), which used machine learning to analyze 2.5 million recorded sales conversations across multiple industries to identify the drivers of sales success and failure. Across all deals studied, 40 to 60 percent of forecasted B2B deals ended in no-decision (The JOLT Effect).

Within that no-decision column, the split between status quo bias and indecision is roughly 44 to 56. Buyers preferring to keep what they have account for 44 percent. Buyers who agreed the vendor's solution was the right one but couldn't pull the trigger account for the other 56 percent. Dixon and McKenna call this second pattern FOMU, fear of messing up, and argue it is the dominant cause of lost deals in modern enterprise B2B sales.

Across all deals studied, only 44% of deals lost to inaction are due to the customer's preference for the status quo. The other 56% of the time, the customer expresses a desire to abandon their status quo and move forward with the vendor's solution but is unwilling or unable to make a decision and commit. — The JOLT Effect

Forrester's State of Business Buying 2024 puts the broader stall rate at 86 percent of B2B purchases, a wider frame than the JOLT-specific no-decision metric but directionally aligned with the same finding (Forrester).

Gartner's May 2025 survey of 632 B2B buyers found that 74 percent of buying groups exhibit unhealthy conflict during decision-making, and that buying groups reaching consensus are 2.5 times more likely to call the deal high quality afterward (Gartner).

There is no published, cybersecurity-vertical-specific no-decision rate in current research. None of the major analyst firms — Gartner, Forrester, IDC — have isolated the cybersecurity sales loss column from the broader B2B aggregate. That gap matters, because the structural pressures on cybersecurity sales make it more likely than the average B2B category to push deals into no-decision rather than competitive loss.

Why Cybersecurity Makes It Worse

Several structural realities make cybersecurity sales especially vulnerable to deals that go nowhere. The variables compound. Each one increases the probability of a no-decision outcome on its own, and a typical cybersecurity enterprise deal is exposed to all of them at once.

Buying groups in cyber sit at the high end of the B2B range. Gartner's current B2B average is 6 to 10 stakeholders, and cybersecurity enterprise deals consistently track at the upper end of that range or beyond — CISO, IT leadership, procurement, legal, compliance, and increasingly the CFO. Each stakeholder is a parallel objection track, not a sequential one. The probability of a group purchase decision drops to 31 percent once more than 5 stakeholders are involved (Gartner).

Sales cycles have lengthened sharply. Enterprise cybersecurity deals routinely run 12 to 18 months from initial contact to signed contract. Cycles have lengthened roughly 22 percent since 2022 across B2B as procurement and security review get layered into every purchase. What looks like a 60-day deal becomes a 6 to 9-month cycle once procurement engages, and a longer cycle creates more exit ramps for no-decision.

M&A is creating buyer-side paralysis. 2025 cybersecurity M&A hit a record $102 billion across 398 deals, a 294 percent year-over-year increase, per Momentum Cyber's 2026 Almanac (SiliconANGLE). Gartner forecasts that 70 percent of organizations will consolidate cloud-native security vendors to a maximum of three by 2025. Fortra's 2025 State of Cybersecurity Survey found 40 percent of organizations have already begun consolidating tools, with another 21 percent planning to (Fortra). When buyers are watching the vendor landscape consolidate every quarter, the rational move on a non-urgent project is to wait.

Quota attainment is collapsing. RepVue's most recent CrowdStrike data shows roughly 41 percent of reps hitting quota. The Bridge Group's 2024 SaaS AE Metrics & Compensation Report found 51 percent of AEs hit quota across SaaS, down from 66 percent in 2022, and median win rate dropped to 19 percent in 2024 from 23 percent in 2022. Ebsta and Pavilion's 2025 GTM Benchmarks reported 76 percent of sellers missed quota in H1 2025, with win rates dropping to 19 percent from 29 percent the prior year (Bridge Group, Ebsta, RepVue). The deals that aren't closing aren't all going to competitors. Many of them aren't going anywhere.

Buyers are operating without reps. Gartner's research shows B2B buyers spend just 17 percent of their total buying time with vendors, and 61 percent prefer rep-free buying experiences. Forrester data finds 41 percent of B2B buyers begin a purchase process with a single preferred vendor in mind. The rep often does not even know the deal is heading toward no-decision because they are not in the conversation when the decision drifts.

Each of these variables, by itself, would raise the no-decision probability for any deal. In cybersecurity in 2026, every variable is active simultaneously on every enterprise pursuit. The structural ceiling on win rate has dropped, and the structural floor on no-decision losses has risen, and the data confirms both.

What No-Decision Actually Looks Like

The sources of no-decision in cybersecurity have a recognizable shape. None of them show up as competitive losses, but each one kills the deal as completely as a loss to CrowdStrike or Palo Alto Networks.

The buyer gets pulled into incident response. A breach detection late on a Friday or a ransomware event over a weekend reorders the entire security team's priorities for 60 days. The vendor evaluation that was three weeks from contract review pauses indefinitely. By the time the team comes back to the eval, the vendor short list looks different, and the original pursuit gets folded into a broader review.

The CISO leaves and the new one wants to start the technology review over. CISO tenure averages 18 to 26 months across enterprise organizations. When the seat changes, the new CISO frequently treats inherited evaluations as their predecessor's work and rebuilds the short list from scratch. The vendor that was leading often is not the vendor the new CISO would have started with.

Compliance jumps the line. A regulatory change, an audit finding, or an insurance renewal can pull the entire security budget toward audit prep and remediation, freezing net-new tooling decisions for two to four quarters. The board approves a different program, like identity, data protection, or AI security, and yours quietly drops off the strategic roadmap without an explicit kill decision.

The internal champion gets promoted off the project. The new owner inherits the vendor short list along with everything else on the queue, but does not have the same conviction about which vendor wins. Without a champion, the deal has no internal advocate, and the next stakeholder objection that lands without a counter is the one that ends the pursuit.

In each scenario, the buyer is still polite. They still answer some emails. They still say they are interested in 6 months when asked. The deal stays in the pipeline two or three quarters past the point it should have been killed, eating forecast accuracy and rep attention. The AE never gets a clean no to learn from, so the team cannot run a proper deal review. Coaching focuses on the visible competitive losses because those are the ones the team knows how to debate.

The Signals That Predict It

Research across sales operations consistently points to a small set of leading indicators that distinguish a deal heading to no-decision from one heading to a competitive loss. None of them are subtle individually. The challenge is that no single signal is decisive. It is the cluster that matters, and many CRMs are not instrumented to surface clusters.

Multi-threading drop-off is the strongest single signal. Gong's analysis of B2B sales data shows multi-threading lifts win rates by roughly 130 percent on deals over $50,000, and reps who engage three or more buyer-side contacts close at more than three times the rate of those who don't (Gong). When a champion who used to engage three other stakeholders starts replying solo, the deal has narrowed to a single point of failure. The Ebsta and Pavilion 2025 GTM Benchmarks found that delayed deals reduce win rates by 113 percent, and that early decision-maker involvement boosts win rates by 55 percent. The absence of decision-maker engagement is a strong leading indicator.

Response latency increases from previously engaged stakeholders. The buyer who used to reply in hours starts replying in days, then weeks. The shift is gradual enough that reps often do not notice it until the deal is in week 14 of what used to be a 4-week response cadence.

Stakeholder turnover and meeting-attendance decay. A key contact moves teams or leaves. The executives who came to the first two calls are not on the third. The buyer reschedules without explanation, then again. Drops in cross-channel engagement, like email opens falling, content downloads stopping, the buyer disappearing from the rep's LinkedIn engagement, all show up before the buyer goes silent.

Procurement queue posture changes. A buyer who was actively engaged with procurement on the security questionnaire suddenly is not. A previously engaged procurement contact is replaced mid-cycle without context, indicating internal reassignment that the rep was not informed about. Procurement is the last buyer-side function the rep typically meets, and the first to go quiet when the deal is heading toward no-decision.

By the time the deal is logged as a no-decision, those signals were visible months earlier. The reps who learn to read them stop investing in deals that were never going to close. The reps who do not end up running half their quota against zombie pipeline.

How to Actually Track It

Tracking no-decision starts with categorization discipline. Most CRMs default to a closed-lost reason picker that lumps everything non-won into lost to competitor, lost on price, or no response. That is not enough.

CRM categorization discipline. Effective sales operations carve out distinct close-lost reasons for stalled, no-decision, paused, and timeline-shifted deals. Each one has a different intervention profile and a different forecasting implication. A deal stalled by an active incident response is fundamentally different from a deal that drifted because the champion left, even though both end up in the same column on a generic CRM. Forecasts that distinguish the two are tighter, and post-mortems based on accurate categorization are useful.

Win-loss interview discipline. Klue's win-loss methodology recommends a 90-day post-close window for buyer interviews, the Goldilocks Zone where the decision is fresh enough to be remembered accurately and old enough that emotions have settled (Klue). Mature programs sample wins, competitive losses, and no-decisions separately, with sample sizing across all three categories. A typical study might run 25 wins, 35 losses, and 20 no-decisions across a 10-week window for deals at or above $250K ACV. Skipping the no-decision interviews because the deal did not lose to anyone is the most common mistake.

In-deal signal monitoring. The signals that predict no-decision are observable while the deal is still in flight. Multi-threading hygiene, response-latency tracking, meeting-attendance decay, and stakeholder turnover all leave a trail in calendar data, email metadata, and call recordings. Many teams have the data and do not surface it. The reps doing it well are running their own personal signal-watching systems because the platform is not doing it for them.

Decision-confidence framing. This is the core finding of JOLT, and the one most often missed. If 56 percent of no-decision losses are FOMU rather than status quo, the response is not more aggressive cost-of-inaction framing. That is the right move for the 44 percent of status-quo losses, but it can backfire on the FOMU buyer who is already overwhelmed by risk. FOMU buyers need risk de-escalation, like smaller initial commitments, opt-out clauses, mutual success criteria, references they can talk to without rep mediation. The seller's job is to make saying yes feel less consequential, not more.

The Real Competitor in Cybersecurity Sales

The framing many sales teams use, like we won, we lost to a competitor, we lost on price, encodes an assumption that every deal has a winner. In cybersecurity in 2026, many deals do not have a winner. They have a buyer who ran out of conviction somewhere between the demo and the procurement queue.

Treating no-decision as a tracked, measured, separate failure mode is the structural shift. The reps who learn to spot the signals early stop investing in deals that were never going to close. The teams that build their forecasting around the real loss column, not just the visible one, get to a tighter pipeline, a more honest forecast, and a more useful deal review.

The real competitor in cybersecurity sales is not another vendor. It is the customer's own paralysis. The reps who can read it, name it, and respond to it in the moment are the ones running ahead of quota in an environment where many of their peers are running behind.

FAQ

What is a no-decision loss in B2B sales?

A no-decision loss is a forecasted deal that does not close with any vendor, neither the rep's company nor a competitor. The buyer concludes the cycle without a purchase decision. The two most common patterns are status quo preference, where the buyer decides keeping the current state is acceptable, and indecision, where the buyer wants to move forward but cannot commit. Matt Dixon and Ted McKenna's analysis in The JOLT Effect found that 40 to 60 percent of forecasted B2B deals end this way, with 56 percent of those losses driven by indecision rather than status quo bias.

What percentage of cybersecurity deals end in no-decision?

There is no published cybersecurity-vertical-specific no-decision rate in current research. The cross-vertical B2B figure of 40 to 60 percent likely understates the cybersecurity rate, because cybersecurity buying groups consistently run at the upper end of Gartner's 6 to 10 B2B stakeholder range or beyond, with higher complexity per stakeholder; sales cycles are longer (12 to 18 months versus the cross-vertical average of 6 to 9 months); and M&A churn in the vendor landscape adds buyer-side paralysis specific to the category.

Why do most CRMs not track no-decision separately?

The default closed-lost reason picker in most CRM platforms (Salesforce, HubSpot, Dynamics) lumps no-decision into no response, on hold, or other. Custom configuration is required to carve out stalled, no-decision, paused, and timeline-shifted as separate close-lost reasons. Many sales operations teams have not invested in that customization because the metrics they are measured on, like pipeline coverage, win rate, and quota attainment, do not require the distinction. The cost of not making it is invisible until the no-decision pipeline becomes large enough to distort the forecast.

What is the difference between FOMU and status quo bias in lost deals?

Status quo bias is the buyer concluding that the current state is acceptable and a vendor change is not worth the effort. The response is cost-of-inaction framing, like quantifying the price of staying where they are. FOMU, or fear of messing up, is the buyer agreeing the change is needed, agreeing the vendor's solution is the right one, and still being unable to commit. The response is risk de-escalation, like smaller initial commitments, opt-out clauses, and customer references the buyer can talk to without rep mediation. Confusing the two and applying status-quo response to a FOMU buyer is one of the most common reasons FOMU deals stay stuck.

What are the earliest signals a deal is heading to no-decision?

Multi-threading drop-off is the strongest single signal. When a champion who used to engage three other stakeholders starts replying solo, the deal has narrowed to a single point of failure. Other leading indicators include response latency increases from previously engaged stakeholders, reduced meeting attendance from decision-makers, repeated rescheduling without clear reasons, drops in cross-channel engagement (email opens, content downloads, LinkedIn activity), and procurement-queue posture changes. The cluster matters more than any single signal.

How should cybersecurity sales teams change their loss-review process?

Three changes. First, configure CRM close-lost reasons to separate no-decision from competitive loss. Second, sample no-decision deals in win-loss interviews at parity with wins and competitive losses. Third, surface in-deal signals like multi-threading, response latency, and meeting attendance into deal reviews while deals are still in flight, not just at close. Without these three changes, no-decision losses stay invisible in the loss column and stay unaddressed in coaching.

References

1. Matt Dixon and Ted McKenna. The JOLT Effect: How High Performers Overcome Customer Indecision. Portfolio, 2022. Analysis of 2.5 million recorded sales conversations. JOLT Effect
2. Momentum Cyber. 2026 Cybersecurity Almanac. $102 billion in 2025 cybersecurity M&A across 398 transactions, a 294 percent year-over-year increase. SiliconANGLE coverage
3. Forrester. The State of Business Buying, 2024. 86 percent of B2B purchases stall at some point in the buying cycle. Forrester
4. Gartner. "Sales Survey Finds 74% of B2B Buyer Teams Demonstrate 'Unhealthy Conflict' During The Decision Process." Press release, May 7, 2025. Survey of 632 B2B buyers conducted August through September 2024. Gartner
5. Gartner. "Sales Survey Finds 61% of B2B Buyers Prefer a Rep-Free Buying Experience." Press release, June 25, 2025. Gartner
6. Gartner. "60% of Tech Buyers Regret Nearly Every Renewal/Expansion Purchase." June 2023. Gartner
7. Bridge Group. 2024 SaaS AE Metrics & Compensation Report. 51 percent of AEs hit quota in 2024 (down from 66 percent in 2022); median win rate 19 percent (down from 23 percent in 2022). Bridge Group
8. Ebsta and Pavilion. 2025 GTM Benchmarks Report. 76 percent of sellers missed quota in H1 2025; delayed deals reduce win rates by 113 percent; early decision-maker involvement boosts win rates by 55 percent. Ebsta
9. RepVue. Cloud Sales Index, Q2 2024. Cybersecurity vendor quota attainment data, including CrowdStrike, Palo Alto Networks, SentinelOne, Varonis, and Armis. RepVue
10. Klue. "How to Conduct Win-Loss Interviews: Step-By-Step Guide." 90-day Goldilocks Zone for buyer interviews. Klue
11. Gong. "Data Shows Top Reps Don't Just Sell — They Orchestrate (with AI)." Multi-threading lifts win rates by roughly 130 percent on deals over $50K; engaging three or more buyer-side contacts delivers a 3x+ win-rate uplift. Gong
12. Fortra. 2025 State of Cybersecurity Survey. 40 percent of organizations have begun consolidating cybersecurity tools and vendors; another 21 percent planning to. Fortra

*Written by Jonathan, founder of KillChain Sales. Ten years across software engineering, cybersecurity, and cybersecurity sales. If you're an AE or sales leader trying to track the deals that go nowhere, join the waitlist or connect on LinkedIn.*