Nassim Nicholas Taleb is one of the most influential authors in the corporate and economic world, thanks to his essays addressing probability analysis, finance, and philosophy. In fact, his Black Swan theory, which gives its name to one of his works, and which he first explained in “Fooled by Randomness”, is a reference point for risk management, not only in companies, but also in geopolitics and other areas. For this reason, this theory can also be applied to cybersecurity as part of Business Risk Intelligence.

This is how Nouriel Roubini understands it. Roubini is an economist who was able to predict the 2008 financial crisis. On this occasion, Roubini believes that in 2020, a large-scale cyberwar may take place involving nations such as Russia, China, North Korea, or Iran as an asymmetric response to the sanctions imposed by the USA.

However, the most noteworthy thing about Roubini’s opinion on the cyberwar that could be waiting in the future is that it would be considered a White Swan type event, rather than a Black Swan. The difference between each of the “Swan events” is highly relevant because of their characteristics and the implications they could have for organizations.

Risks and colored swans_

The term Black Swan was not invented by Taleb. Rather, it is an expression with Latin origins, meaning something highly unlikely. Given that all the swans in Europe are white, a black swan is something that is impossible or non-existent. However, this was only the case until the British discovered swans of this color in Australia.

Following this premise, Taleb developed his theory using it as a metaphor for the fragility of our system of thought when we encounter a major unknown. In this way, he classifies the Swans as follows:


  • Black Swan: a highly improbable event that is unpredictable, has a massive impact, and after it is first seen, is rationalized with hindsight. Because of this, it tends to create the mistaken belief that it was actually expected.
  • Grey Swan: A highly probable event that is predictable, has an impact that has a series of knock-on effects, and after it happens, the focus is on human errors in valuation or on their incompetence.
  • White Swan: A event that will most likely happen and whose impact can easily be estimated.

Once a major event has happened, there are usually discrepancies regarding what kind of Swan it is. Case in point is the Covid-19 pandemic, since responsibility for its negative consequences can be drawn from its after-the-fact predictability. But Taleb also insists that the Black Swan depends on the observer: “what may be a black swan surprise for a turkey is not a black swan surprise to its butcher”. The aim for organizations is therefore identifying areas of vulnerability in order to “turn the Black Swans white“, says the author.

From black to white_

Because of how dependent it is on the observer, Taleb’s theory is not intended to be an objective universal rule for detecting threats. In fact, a large part of his work constitutes a criticism of traditional risk and probability analysis that do claim to be this kind of universal rule. This is why the assessment of risks and events is still highly complex and why it will continue to be hard to accurately predict certain future events.

However, Roubini’s prediction about cyberwar is both likely and expected. It may be a White Swan, as there are antecedents, such as the huge increase in cyberattacks targeting states: Google’s Threat Analysis Group (TAG) detected 40,000 such attacks throughout 2019, some of which we have already discussed.

But this does not take away from how hard it is to prepare for cyberwar in light of the increasing sophistication of cyberattacks. Therefore, faced with this expected but complex situation, states must identify where their cybersecurity is weakest and remain vigilant. To do this, they must have the capability to discover new vulnerabilities and threats before others do. Cytomic Orion offers such capabilities, complementing the Cytomic Platform’s AI and deep learning: in addition to continuously classifying applications based on their new behaviors, it searches for any kind of suspicious activity using cloud-based scalable data analytics.This way, it is easier to turn potentially catastrophic Black Swans into White Swans for which we can be fully prepared.