Today I was reading a review of the book Security Metrics: Replacing Fear, Uncertainty and Doubt (2007, Andrew Jaquith) and found this interesting use of the black swan concept:

The “black swan event” term was made famous by Nassim Nicholas Taleb in his 2007 book “The Black Swan: The Impact of the Highly Improbable.” For some organizations, computer breaches are black swan events that Taleb describes as “outliers that carry extreme impact.” They are outliers because the chances of something like that happening to your network are pretty small, but when it does, the cost to your organization is extreme.  [http://researchcenter.paloaltonetworks.com/2014/01/cybersecurity-canon-security-metrics/#more-4523]

The author of the review brought this concept up to support the larger point that applying statistical risk  analysis to black swan events is pointless at best and misleading at worst because the data about these events is statistically insignificant.  Computer breaches beyond the routine random collateral damage caused by malicious code should best be managed by building robust, resilient systems that are supported by capable incident detection and response programs.