Cybersecurity: “black swan“ events in a connected world

Susana Alwasity    21 March, 2023

In today’s society, technology has transformed the way we live, work and interact. A greater risk of cyber threats has arisen with the increased use of internet-connected devices and networks. As a result, cyber security has become a concern across all sectors, especially for critical infrastructures, ranging from financial, energy, healthcare or government institutions.

As the frequency of serious cyber-attacks against companies, governments, utilities and hospitals increases, as we have seen in recent months (even bringing operations to a halt and affecting business continuity), it is clear that organisations must have two effective action plans and strategies in place:

  • First, one to deal with common and known cyber threats, such as phishing, malware, data theft or denial-of-service (DDoS) attacks, after, for example, Microsoft broke the record of stopping the largest DDoS attack in 2022.
  • And second, prepare for other disasters or “black swan” events that can occur suddenly, dealing with serious cyber-attacks that can cripple not only their operations, but even spread to other industries.

What is a “black swan” in Cyber Security?

A “black swan” is an unpredictable and highly striking event or occurrence that can have significant and far-reaching consequences. It is used as a metaphor to describe events that cannot be predicted but may have consequences that can affect a wide range of people, industries, or countries

The term has gained popularity since the publication in 2007 of the book The Black Swan: The Impact of the Highly Improbable, written by Nassim Taleb, a Lebanese mathematician and researcher. He argues that highly improbable and high-impact events, such as the 2008 financial crisis, are more common than is commonly thought and are often underestimated and misunderstood by most people.

Examples of black swan events include the Spanish flu, the terrorist attack of 11 September 2001 in the United States, or even the recent COVID-19 pandemic worldwide from 2020. It is relevant to mention that the coronavirus pandemic, although it has had a major impact, is generally considered a foreseeable event.

At the digital level, some examples considered as black swans are the following attacks:

  1. SolarWinds in 2020, where cybercriminals compromised the company’s software and were able to access the systems of several US government agencies as well as private sector companies.
  2. The Log4Shell exploit in 2021, which affected millions of devices and servers and allowed attackers to take remote control.
  3. Massive data breaches, such as the one that affected Facebook in 2021, where the personal data of more than 533 million users was exposed.
  4. The attack by a ransomware group on the Colonial Pipeline in 2021, which brought oil supplies to a standstill and exposed the vulnerability of critical infrastructure, and led to the declaration of a state of emergency in the US.

These events were not an isolated occurrence, as they highlighted how cyber-attacks can have a major impact on society and the economy, so it is important to be prepared to deal with and mitigate the effects of Cyber Security black swan events.

Cyber-attacks can be sudden or spread slowly like a developing pandemic.

It is worth noting that cyber-attacks can be sudden, like a natural disaster, or spread slowly like a developing pandemic, so businesses must be prepared to prevent and detect extreme and emerging threats.

How to prevent a “black swan” event in Cyber Security

In the digital realm, Cybersecurity attacks are evolving exponentially and highlighting the lack of preparedness on the part of organisations, where risks are unclear and there is no certainty that they have all been assessed.

In the event of a cyber-attack, organisations must be prepared to meet the evolving challenges of cyberspace and take proactive measures to protect their critical assets. To mitigate these events, entities must adopt a proactive mindset and consider all possible scenarios in their Cyber Security action plans.

In today’s ever-changing world, it is not enough to analyse what is already known, but also to investigate risks in the digital realm. This means that companies need to spend time examining what types of cyber crises they might face, no matter how unlikely.


In conclusion, organisations need to be proactive: be prepared for any eventuality; continuously monitor their systems and networks for unusual activity; have a clearly defined incident response plan and test it regularly to ensure it is up-to-date and effective; invest in cyber intelligence and prevention, as well as train and raise awareness among employees in identifying and preventing cyber threats; analyse risks; have tools and technologies that enable them to quickly detect and respond to any security threats; and collaborate with other entities.

Collaboration can help identify threats faster and take action to prevent them.

By following these recommendations, organisations can be better prepared to deal with cybersecurity “black swan” events and minimise their impact, so that their business or service continuity is not compromised.

Featured photo: Holger Detje / Pixabay