Source: securityboulevard.com – Author: Matt Palmer
A few years ago I wrote a short article about the Titanic, and the lessons for cyber risk management.
However, there’s arguably a far more interesting part to that story.
When the RMS Titanic hit an iceberg on 15 April 1912, she set off flares and her wireless operator sent out a distress call. The RMS Carpathia responded, but by the time she arrived, the Titanic had already sunk: only those who had made it to the lifeboats could be saved. Some 1,500 people died.
Another ship was closer and could potentially have responded faster—perhaps even fast enough that more lives could have been saved. Yet despite seeing the flares, she did nothing.
The SS Californian was a cargo vessel captained by a 34-year-old Brit, Stanley Lord. As the Titanic sank, she was close by—between 5 and 20 miles from the Titanic’s position.
However, the captain was having a nap at the time.
While Lord’s ship was nearby, it’s not clear they knew an incident had occurred. Crew members saw white flares, but mistook them for celebratory—perhaps not an unreasonable assumption. No wireless signals were received, as the ship’s sole wireless operator worked the day shift. You could argue there were some control limitations (should they have had 24×7 wireless cover? Maybe. Could they have justified that cost if not required to? I doubt it). But these aren’t things the captain could have changed. It was also perfectly reasonable for Lord to get some rest. When he went to bed, it was a quiet night. I’ve slept just fine while leading a 24/7 response to a critical cyber incident—after getting it under control, of course. For a leader not to rest under such circumstances would be dangerous.
These factors meant the SS Californian didn’t become aware of the incident until receiving a wireless message in the morning—by which time it was far too late to help.
Despite regular sleep being a normal part of the human condition, and imperfect organisational controls being routine—since all risks have to be managed with regard to cost—the debate was quite binary, with many taking sides for or against Lord. This is not unusual. You could ask Heathrow CEO Thomas Woldbye how he felt after sleeping through a power outage earlier this year.
After the sinking of the Titanic, this caused a scandal. Two inquiries were undertaken: a United States Senate hearing and a British Wreck Commissioner’s inquiry. Nobody was impressed. The hearings were critical, and the media unforgiving.
Rather than evaluating a young captain who followed sensible protocol — stopping after reaching an ice flow in the dark, then resting in the chart room before misinterpreting unclear signals — movies and media portrayed an older man in his 40s or 60s, sleeping peacefully in a comfy cabin while callously ignoring obvious cries for help.
No formal charges were brought against Captain Lord or his crew, but he spent the rest of his life fighting to clear his name.
So what can we learn from Captain Lord?
Not responding—or being seen not to respond—to an incident is hard to live down. Yet responding to uncertainty carries its own risks. At a minimum, overreaction. Had Lord responded only to find a celebrating Titanic, would he have been the panicky captain who ruined his crew’s rest to chase after a firework? Worse, if he had attempted to sail through an ice field in the dark, he could have put his ship and crew at risk, with the potential loss of even more lives. With a duty of care to consider, responding to uncertain signals is itself a risk. Indeed, if that had been Lord’s usual behaviour, he would likely have lost the confidence of both his company and his crew.
His actions then appear reasonable, if perhaps not optimal—and that was the eventual judgement. Years later, a further analysis suggested that even if Lord had responded and got underway as promptly as could reasonably be expected, the SS Californian would simply have arrived alongside the RMS Carpathia, collecting survivors rather than saving more lives.
That may not be the whole story.
Lord did have some options. He knew signals were present and relied on his own interpretation. Suppose instead he had woken his wireless operator and asked him to listen out? The Californian might then have heard the Titanic’s distress call. That may or may not have changed the number of lives lost—but what did he have to lose by seeking better information?
During the 2013 Target data breach, the company’s security team received alerts from their outsourced security operations centre (SOC) about suspicious activity. These were forwarded from the security team in Bangalore to the team in Minneapolis but were deemed not to require immediate action. That decision allowed the breach—which compromised the personal and credit card information of millions—to continue for an extended period.
In triaging signals that indicate a potential incident, then, there are three options—not two.
First, you can treat the signals as noise and take no action. Often (usually, even), that’s right—but not always. This was Lord’s choice, and he lived to regret it.
Second, you can take action immediately. Lord could have taken a heading from the flares, woken his crew, fired up the engines, and sailed full speed for the Titanic. This would have been a risk.
Third, you can seek more data. This option is often forgotten amid the pressure and urgency. But it’s usually possible to seek further information, and the cost of doing so is typically lower than the cost of immediate action and more useful than inaction. As long as more information helps you make a better decision, it’s a good course of action. At best, you save the day. At worst, you understand the signals better. Lord could have woken his wireless operator. Target could have checked for further signs of compromise. And Mr Woldbye at Heathrow? His COO was on duty and made the necessary decision. Unlike the SS Californian and Target, Heathrow’s COO was empowered and made the call. Whether it was right or wrong—time will tell. But in being able to act, they maintained control of the incident.
If in doubt, then?
Do something.
And if you’re in bed, on a ship surrounded by ice in the middle of the night, when you see a light in the distance?
You have three options—so make your decision.
___
*** This is a Security Bloggers Network syndicated blog from Palmer on Cyber authored by Matt Palmer. Read the original post at: https://mattpalmer.net/palmeroncyber/lessons-from-the-titanic-when-you-dont-respond-to-a-crisis
Original Post URL: https://securityboulevard.com/2025/06/lessons-from-the-titanic-when-you-dont-respond-to-a-crisis/?utm_source=rss&utm_medium=rss&utm_campaign=lessons-from-the-titanic-when-you-dont-respond-to-a-crisis
Category & Tags: Security Bloggers Network – Security Bloggers Network
Views: 0
