Systemic Cyber/In/Security

Recent events have given the impression that cyber incidents are becoming more frequent, more organised and more costly in the damage that they inflict. Yet, while low-level micro disturbances are an everyday reality, the world has yet to see a cyber incident of systemic proportions. Establishing the likelihood of such an occurrence, however, is impossible. Systemic cyber-risks are unpredictable and incalculable due to the uncertainty surrounding them. The complexity of the socio-technical environment that they co-create makes traditional linear risk management approaches lose their meaning. This article argues that rather than trying to establish control over something that we cannot fully grasp, we need to learn how to embrace uncertainty when dealing with the digital realm. This implies a focus on dialogue and information exchange to increase situational awareness, a focus on strengthening technical and social resilience as well as sustained efforts to nurture a fault tolerant political culture that accepts the possibility of failure and lives with a certain and inevitable degree of insecurity.