Why a 'Near Miss' Database Is Key to Improving Information Sharing

CYBER RISK CYBERATTACKS & DATA BREACHES THREAT INTELLIGENCE Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know. Why a 'Near Miss' Database Is Key to Improving Information Sharing Organizations disclose attack details, though information may be limited, following a breach, but what if they did the same with close calls? Arielle Waldman,Features Writer,Dark Reading March 25, 2026 4 Min Read SOURCE: ANDRIY POPOV VIA ALAMY STOCK PHOTO RSAC 2026 CONFERENCE – San Francisco – When people talk about transparency in cybersecurity, they are usually referring to organizations disclosing breaches and incidents. At RSAC Conference this week, two security experts made the case for why success stories deserve equal attention, and why focusing on near-misses can strengthen security defenses. Wendy Nather, senior research initiatives director at 1Password and Bob Lord, head of consumer working group at hacklore.org, emphasized how the industry needs to prioritize transparency, and outlined ways to do so – starting with sharing near-misses. Information sharing, which encompasses threat intelligence, indicators of compromise, and reports of vulnerability exploitation, is an essential component to combat and stay ahead of cyber threats. The victim blame game, shame, finger-pointing, and regulatory punishments contribute to a lack of transparency, particularly when it comes to ransomware. But that needs to change if organizations want to be proactive, even when it feels daunting. Related:With Government's Role Uncertain, Businesses Unite to Combat Fraud Getting Down to the Root Cause Exposure without exploitation or an identity compromise attempt stopped by architecture are two examples of a near miss, explained Nather. The former is something she frequently observed because many companies struggle to implement sufficient logging capabilities. "A near miss is anything that almost happened, that makes you say, 'wow if it wasn't for that thing, it would have been really bad'," Nather said. Companies celebrate moments of heroics or good luck happenstances. They recognize that a threat or attempt was a close call, but they simply return to work, explained Lord, noting how everyone does the same thing, especially management. Loading... That mindset leads to a lack of conversations around near misses in the wild, he said. "Not trying to use a near miss as an opportunity to run through the full incident response plan is a big waste of time," he warned. To promote transparency around near misses, the industry needs to eliminate the blame game, he urged. Particularly because human error relates to the proximate cause of an issue and not the root cause, the speakers explained. Finding the root cause presents enough challenges as it is. "The idea that the term 'root cause' is not an actual conclusion, it's the label we place on our decision to stop looking further. This blew me away," Lord revealed. "If you've ever had an argument with coworkers over what the root cause of an accident was, this is probably one of the major reasons is you defined when you were going to stop looking differently than they did." Related:Cyberattackers Don't Care About Good Causes Stop Before Blaming the Human Humans face a brunt of the blame rather than the systems and technologies companies use and the speakers agreed that it's a problem. Employees may be part of the cause of an incident because they clicked a phishing link or fell for a vishing attack where a threat actor impersonated the IT help desk. Conversely, maybe an employee or company didn't do something securely like implement multifactor authentication or reused passwords. "I hate the saying, 'humans are the weakest link'," Nather said. "How about we build systems so that humans don't have to be responsible." Human error is brought up constantly as attackers deploy increasingly sophisticated social engineering tactics to gain access to a victim organization. But human error should signal the start of the investigation, not the conclusion, said Lord who described it as a "social judgement." The mindset that systems created this problem shifts responsibility from systems to the human, who is inevitably going to fail, he added. Systems naturally drift toward higher risk under pressure, efficiency, and competing goals, Nather and Lord explained. Humans will try to bypass security to operate faster. Related:What Orgs Can Learn From Olympics, World Cup IR Plans "Anytime you're tempted to blame someone for a near miss, it's a signal that you should look deeper at the system, not the person," Nather said. Developing a Near Miss Database Eliminating the blame game around human error could promote better information sharing practices by relieving fear or embarrassment. For example, feeling safe enough to elevate near misses to company executives could provide a "gold mine of information," said Nather. To level that up across the industry, Nather suggested aggregating data around near misses so as not to single any one company out. That way, more people may be willing to share which could "help regulators and the industry," she said. Trust happens between individuals, not organizations, added Nather. Hearing real-life stories from individuals is more beneficial compared to a set of standardized information. Developing a voluntary near-miss reporting channel like how the government handles breach reporting is one way to achieve this. Submissions could be confidential or anonymized, and explicit safe harbor from regulatory contractual requirements; replacing compliance burden with ways to drive improvement. The data set could detail what almost happened, what stopped it, which control mattered, and what assumptions were proven wrong. From there, trends and lessons could be published without naming organizations. That way Nather and Lord hope to shift near misses as "evidence of confidence, not weakness." RSAC Conference MAR 23, 2026 TO MAR 26, 2026 Join thousands of your peers at RSAC™ 2026 Conference in San Francisco from March 23–26. Discover new strategies, explore bold technologies, and connect with peers who share your challenges and ambitions. Don’t just attend the Conference—be part of the community that defines what’s next. SECURE YOUR SPOT Read more about: CISO Corner About the Author Arielle Waldman Features Writer, Dark Reading Arielle spent the last decade working as a reporter, transitioning from human interest stories to covering all things cybersecurity related in 2020. Now, as a features writer for Dark Reading, she delves into the security problems enterprises face daily, hoping to provide context and actionable steps. She looks for stories that go past the initial news to understand where the industry is going. She previously lived in Florida where she wrote for the Tampa Bay Times before returning to Boston where her cybersecurity career took off at SearchSecurity. When she's not writing about cybersecurity, she pursues personal projects that include a mystery novel and poetry collection.     Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Cybersecurity Forecast 2026 The ROI of AI in Security ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like CYBER RISK Switching to Offense: US Makes Cyber Strategy Changes by Robert Lemos, Contributing Writer NOV 21, 2025 CYBER RISK Dark Reading Confidential: Battle Space: Cyber Pros Land on the Front Lines of Protecting US Critical Infrastructure by Dark Reading Staff SEP 23, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 CYBER RISK Tariffs May Prompt Increase in Global Cyberattacks by Robert Lemos, Contributing Writer APR 09, 2025 Edge Picks APPLICATION SECURITY AI Agents in Browsers Light on Cybersecurity, Bypass Controls CYBER RISK Browser Extensions Pose Heightened, but Manageable, Security Risks CYBERSECURITY OPERATIONS Video Convos: Agentic AI, Apple, EV Chargers; Cybersecurity Peril Abounds ENDPOINT SECURITY Extension Poisoning Campaign Highlights Gaps in Browser Security Latest Articles in The Edge СLOUD SECURITY CSA Launches CSAI Foundation for AI Security MAR 24, 2026 ENDPOINT SECURITY Ransomware's New Era: Moving at AI Speed MAR 23, 2026 CYBER RISK With Government's Role Uncertain, Businesses Unite to Combat Fraud MAR 19, 2026 THREAT INTELLIGENCE Inside Olympic Cybersecurity: Lessons From Paris 2024 to Milan Cortina 2026 MAR 16, 2026 Read More The Edge Want more Dark Reading stories in your Google search results?