As humans, we don’t take risks just for the thrill of it. We take risks to make progress. Every incident is simply a manifestation of risk—its impact isn’t guaranteed, nor is its probability—but its existence is certain.
Without risk, there would have been no tea clippers navigating the treacherous waters to India, nor space shuttles exploring the cosmos. Every new development brings with it the possibility of disaster, and as individuals and organizations, we need to reduce the likelihood of such events. Yet we must also prepare to manage the consequences when they do occur. It’s through this ability to survive and adapt that we advance.
Progress demands risk. This is true not just in technology or industry but also in cybersecurity. Just as any innovation requires taking a chance on failure, progress in the digital realm necessitates accepting the potential for cyber incidents. The key is acknowledging and managing these risks.
But the issue of risk isn’t just about cyber security—it’s about the human condition. It’s about our fears and desires, what drives us forward, and our constant pursuit of something better, or different. Every step we take toward progress involves risk. And when we survive the consequences, we learn and grow.
Incidents are about more than just survival. They reflect the care we take for others, for our organizations, and for our purpose. They reveal our need for safety, achievement, and meaning, resonating across all levels of human needs, from survival to self-actualization. In Maslow’s hierarchy, incidents touch every layer—they are, in essence, fundamental to progress.
Despite the crucial role of risk and incidents in driving growth, there’s surprisingly little open conversation about managing their impact. Perhaps it’s because we naturally prefer to focus on successes and happy outcomes. But the truth is, we learn far more from our failures than from our wins. When we fail, the reality of our decisions becomes painfully clear, offering invaluable lessons in how we can do better.
Winston Churchill once said, “Truth is incontrovertible. Panic may resent it. Ignorance may deride it. Malice may distort it. But there it is.” In today’s world, flooded with misinformation and ‘fake news,’ this sentiment holds even more weight. We are often misled, whether by malicious actors or our own ignorance. And when panic sets in, it clouds our judgment, leading us to either freeze or under-respond—both of which play into the hands of those who wish to harm us.
But even in the chaos, the truth remains. Now is the time to seek it out.
Incidentally isn’t about providing you with all the answers. I don’t claim to have a perfect filter for cutting through the noise. You may know as much, or more, or less than I do—and that’s fine. The purpose here isn’t to lecture, but to start a conversation.
I hope that through these posts, you find something interesting, thought-provoking, or even something you vehemently disagree with. If you do, I encourage you to join the conversation. Share your perspective, so we can all learn together.
This newsletter will be valuable to those who respond to cyber incidents, those who might one day face them, and those who hope they never will. If you’re certain it will never happen to you, you’re probably in the wrong place.
There’s a high probability that you’ll find valuable insights here, though I can’t promise perfection. But the risk of not delivering on the promise, like all risks, is managed with expertise and prioritization. Please let me know if I fall short of your expectations.
As a note, I haven’t imported subscribers from my previous newsletter. I’ll be in touch to give them the option to join.
Join me here, and let’s explore the balance of risk, incident response, and progress together.
*** This is a Security Bloggers Network syndicated blog from Palmer on Cyber authored by Matt Palmer. Read the original post at: https://mattpalmer.net/palmeroncyber/introducing-incidentally-why-we-must-embrace-risk-and-learn-from-incidents