What can cybersecurity learn from disaster science?

Firewalls, exploits, zero days, patching cycles. We often talk about cybersecurity in technical terms; but at its core, cybersecurity is about managing risk. About protecting what matters. And that’s exactly what disaster science is all about too. 

So what happens when we bring those two worlds together? 

Megan Samford (VP and Chief Product Security Officer for Energy Management at Schneider Electric) has a unique perspective. With a background in emergency management, she approaches cyber not just as a tech problem, but as a risk and resilience problem. And she believes there’s a lot cybersecurity practitioners can learn from traditional disaster science.

“When I first started working mainly in cyber I tried to convince myself that it was very different from the emergency management world I came from,” Megan told us. “Over time I’ve found that really both are just disaster sciences, although cyber doesn’t yet know it is! The foundations of what it means to protect something are the same, they’re just expressed through different threat models and control points.”

It’s a powerful insight – so let’s look at the lessons we can learn from disaster science. 

Common ground: Preparedness, response, recovery

In both cybersecurity and disaster science, there’s a dual focus. You have to stop bad things from happening – but you also have to prepare for when they inevitably do. 

In emergency management that might mean planning for floods, fires, or earthquakes. Putting evacuation systems in place, simulating emergency response operations and budgets, and establishing communication systems to make sure everyone knows what to do when something goes wrong. In cybersecurity, it means planning incident response systems so you know what steps you have to take when a breach occurs. 

In both fields, you need: 

• Preparedness: Have you planned for different scenarios? Do you have the right people, processes, and tools ready to act?
• Response: When something happens, can you detect it quickly and act fast to contain it?
• Recovery: How do you restore systems, rebuild trust, and learn for next time?

That cycle – prepare, respond, recover – is baked into disaster science. But in cybersecurity, many organisations still focus far too much on prevention, and not enough on the rest of the cycle.

Training for chaos

One of the key lessons from disaster response is the value of training under stress. First responders drill for emergencies. Military teams run through tabletop scenarios. Why? Because when a crisis hits, it’s too late to figure things out from scratch – teams need to be so familiar with their role in a response that they can jump into action with zero notice. 

Cybersecurity teams can borrow that thinking. Incident response plans shouldn’t sit in drawers gathering dust. They should be tested, challenged, and improved through regular simulations.

Just like firefighters train for different types of blazes, cyber teams should be running playbooks for data breaches, DDoS attacks, cloud misconfigurations, and more. It’s not just about tech skills; it’s about communication, coordination, decision-making under pressure. And those are areas where cyber still has a lot to learn from emergency management.

Community over isolation 

We talk about it all the time. And so does every single cybersecurity leader we speak to at Black Hat MEA. Community and collaboration is critical to the future of cyber. 

Disaster response is inherently collaborative. Local government, emergency services, NGOs, and private sector organisations all have to work together to share resources, communicate clearly, and integrate disparate processes and services into a coherent emergency response. 

Too often in cyber, we still operate in silos. Threat intelligence is hoarded. Lessons learned are kept private, instead of expanded out to drive greater resilience across the field. And organisations are left to fend for themselves in the face of sophisticated adversaries.

But as cyber threats grow more complex and interlinked, collaboration is non-negotiable. We have to share information, develop cross-sector partnerships, and build the kind of trust that allows people to say: ‘Here’s what we learned – don’t make the same mistake.’ 

Samford’s background in emergency management gives her a natural inclination toward this kind of thinking; and it's something she believes cybersecurity needs more of.

A mindset shift 

At the end of the day, what disaster science offers cybersecurity is a shift in mindset.

It’s not just about defending networks – it’s about protecting people, services, infrastructure, and trust. It’s not just about stopping threats; it’s about building resilience.

So maybe the best cyber practitioners of the future won’t just be tech experts. Maybe they’ll be resilience engineers. Disaster scientists. Risk thinkers. Because, as Samford put it, “the foundations of what it means to protect something are the same.” We just need to see it.

Have you applied lessons from outside cybersecurity in your work? From disaster response, military operations, public health, or something else – we want to know how you’re bringing cross-industry knowledge into your approach to security.