Incidentally

Share this post

Incidentally
Incidentally
Incidentally, incidents matter.
Copy link
Facebook
Email
Notes
More

Incidentally, incidents matter.

An introduction to the debate on cyber incident response

Matt Palmer
Sep 10, 2024

Share this post

Incidentally
Incidentally
Incidentally, incidents matter.
Copy link
Facebook
Email
Notes
More
Share

Incidentally. The word itself sounds inadvertent; secondary. And in theory incidents are exactly that - a distraction from purpose, a painful moment in an otherwise rewarding journey.

But that’s not really true. We take risks not for fun, but to make progress. Incidents are simply a risk materialising; their impact is not inevitable, nor their probability -but their existence is.

Risk is good. Without risk, there could have been be no tea clippers to India, and there could be no shuttles to space. With new developments come the inevitable risk of disasters, and so we - the organisations and individuals taking these risks - need to minimise the chance of this happening, but also to control the costs when they do.

Because we can do that we survive to tell the story, and so progress is made.

Progress therefore requires that risk is taken, and that incidents must always be possible, just as any progress in technology or information also depends on the possibility of serious cyber security incidents, the risk of which must be acknowledged and managed.

This issue is not so much about cyber security as about the human condition. Our fears, and our desires. That which drives us forward. Our striving for more, or better, or different.

And in so doing we take a risk, and survive the consequences, and learn.

Incidents are about survival, and about safety and security. They are about the care we take for others and our organisations, about our need for achievement, about purpose and meaning, and about seeing our world differently. In Maslow’s hierarchy of needs, incidents illustrate all.

So not really incidental at all.

Why I’m launching this now

Given how important it is to manage the impact of incidents, there should be more written and shared about it. But perhaps we prefer to move on to happier thoughts; after all who wants to dwell on the things we didn’t get right? However we learn little or nothing from success. We learn from when we fail, because the truth of our decisions is finally made visible to us in the cost to ourselves and others.

“Truth is incontrovertible. Panic may resent it. Ignorance may deride it. Malice may distort it. But there it is.” - Winston Churchill

With misinformation and ‘fake news’ we are increasingly lied to, the malice of those both at home and abroad distorting our understanding. The modern pace of change makes us inevitably ignorant, and as a result sober and balanced warnings are often met with derision. When all else fails us and there is no choice but to accept our situation, panic too often grips us and distorts our outlook: we freeze or under-respond, further worsening our situation to the benefit of those who would cause us harm.

But the truth remains incontrovertible, if only we can find it. Now is the time to look.

The home for responders, for leaders, for learners and teachers

This exercise is not about me giving you the answers. I do not have a magical filter through which to see the signals in the noise. You may know as much as I do, or more, or less: it does not matter. You do not need or want to be lectured. My goal instead is that others find this interesting, or thought provoking, or just plain wrong. If you do, I trust you will join the conversation, share your perspective, and help all us learn together.

What to expect

This occasional newsletter will be of value to those who do respond to cyber incidents, to those who may do so, and to those who hope they never will.

It will be no help at all to those who are certain it will not happen to them. If this is you, you are in the wrong place: try this strategy instead.

There is a high probability of regular insight in this newsletter, but there are also risks, including non-performance and poor performance. These risks are managed through expertise and prioritisation, but they are not nil. Please tell me if I do not meet your expectations.

I’ve not imported subscribers from my previous newsletter, but I will email them and give them the choice.

Who am I?

Formerly a fortune 500 global CISO, I have served as a technology and cyber security leader for some of the world’s leading financial institutions, and had the privilege to advise both countries and corporations.

At Jersey Cyber Security Centre, my role is to lead Jersey’s cyber defence, overseeing the direction of JCSC to promote and improve cyber resilience across critical national infrastructure, businesses, communities, and citizens.

In all these roles, I have dealt with many incidents. Some successfully, and others less so. I do not relish the next one, but I know it is coming. Perhaps it is already here.

Part of my role is to improve the way we handle cyber incidents and communicate good practice. Here I am, doing that this week:

My goal is to do that with this newsletter too. If you read it and share it, I will be encouraged. So my time is in your hands.

Read me, share me!

Just as it took you time to read this, it took me time to write it. In exchange for my giving this to you for free, I ask only that you forward it to a friend and suggest that they subscribe: so they can also be better prepared for the inevitable - and therefore better placed to survive a cyber incident and thrive.

Regards,

Matt

Thanks for reading Incidentally! Subscribe for free to receive new posts and support my work.

Share this post

Incidentally
Incidentally
Incidentally, incidents matter.
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

Ready for more?

© 2025 Matt Palmer
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More