Three reasons, basically: bureaucratic confusion, the mission’s unique legal status, and the murky nature of the intelligence warning of potential threats.
After the attack on the mission, the State Department convened an Accountability Review Board to identify what went wrong with security. Its final report faulted”systemic failures and leadership and management deficiencies at senior levels” for the inadequate security at the mission.
One major cause of those deficiencies was that no one was quite sure who was in charge of the mission’s security. Two State Department bureaus, Diplomatic Security and Near Eastern Affairs, had nominal authority. However, there were no clear lines of responsibility; no person or bureau had point on Benghazi security. So while both bureaus made piecemeal improvements to the mission’s security, they didn’t add up to enough to make a real difference.
Moreover, the mission’s confusing legal status made meeting its security needs particularly hard. The Benghazi mission wasn’t an embassy or even an official consulate; it was so off-book that the Libyan government was never officially notified of its existence. This strange legal status put the mission outside the normal State Department procedures used to allocate security funding and personnel.
Finally, since no one in the US intelligence community had evidence of an imminent attack, neither Ambassador Stevens nor the State Department made Benghazi security a very high priority. Stevens’ trip to Benghazi on the day of attack wasn’t coordinated with the US security team based with the US embassy in Tripoli, so they didn’t go. The ambassador, according to the review board, “did not see a direct threat of an attack of this nature and scale.” So while Stevens did ask for more security, his requests weren’t taken as urgent enough to overcome the bureaucratic muddle standing in their way.