Small and medium-size enterprise (SME) leaders are ignoring the significance of cybersecurity risk management. The statistics for the number of SME organizations becoming victims of cyber-attacks increased significantly in 2025 and beyond. Although most SME leaders perceive themselves as non-targets, cybersecurity remains a key area of focus that all firms, regardless of their size, must confront. The area of concern or problem is that many SME organizations are operating without cybersecurity risk management and are at risk of a cyber-attack. The study's findings indicate that 42.5% of the 259 SME leader survey participants had not made an investment in cybersecurity. To investigate behavioral decisions in SME leaders, this study used the Behavioral Decision Theory (BDT) to understand the cognitive biases and heuristics that influenced the decision making of SME leaders. This was a quantitative study of 259 SME leaders residing in the United States that examined leader risk awareness, leader risk tolerance, and leader decision making (Melbourne Decision Making Questionnaire) to identify factors affecting preparedness in cybersecurity risk management. From a theoretical perspective, the findings expanded the understanding of decision leadership-making in cybersecurity preparedness by demonstrating that risk awareness plays a vital role in predicting preparedness. From a practical standpoint, the results can be used to guide on the activities through which leadership of SMEs can improve their preparedness in terms of cybersecurity.