Control Is an Illusion
Chaos, Cybersecurity, and the Fragile Order of Our Digital Lives
Recently, I stumbled across a fascinating interview with Brian Klaas titled “We Control Nothing, But We Influence Everything” (watch it here). In it, Klaas talks about the illusion of control in our lives - how chance, randomness, and arbitrary events shape everything from personal outcomes to political systems.
That idea stuck with me, especially when I thought about cybersecurity. We often believe we can secure our data, predict threats, and design systems that anticipate every outcome. But the reality is far messier. Cybersecurity, like society, is chaotic and unpredictable, shaped by forces far beyond our reach.
Curious, I went down a rabbit hole — diving into chaos theory, systems thinking, and human-centred design. What I found, reshaped how I think about digital security. It's not about controlling complexity, but learning how to move through it.
Chaos Theory in the Digital Age
Chaos theory is built on a simple but powerful idea: tiny changes in a system’s initial state can lead to radically different outcomes. It's a perfect metaphor for the digital world.
A phishing email clicked, a password reused, or a developer copy-pasting insecure code from Stack Overflow are not major events on their own. Yet, they ripple through systems and organisations, sometimes with devastating effect. They are the digital equivalents of accidents that become inevitabilities, because systems were never built with chaos in mind.
Digital security isn’t shaped by clean, logical flows. It is shaped by contingent convergence — where outcomes are the result of unexpected collisions between people, technologies, and environments.
The Delusion of Individualism
One of the most dangerous myths in cybersecurity is that we are solely responsible for our own safety. This individualistic framing suggests that breaches occur because someone was careless, or someone failed to “follow best practices.”
But this framing hides a deeper truth: most of us exist inside systems we don’t control.
Our data is stored by others, shaped by surveillance economies, and influenced by design choices we never agreed to. We don’t “own” our data. It circulates in vast, hidden infrastructures that are fragmented, copied and analysed. Believing we have control over it is comforting, but largely false. Chaos theory reminds us that in complex systems, the behaviour of the whole cannot be fully reduced to the parts and we are merely one node in a massive, dynamic web.
Patterns, Order, and False Predictability
In cybersecurity, we obsess over patterns like attack vectors, threat models, and compliance checklists. These frameworks offer a sense of control, but much like forecasting weather, digital systems remain unpredictable even when we understand their mechanics.
Most security strategies work until a new zero-day is discovered, or a trusted vendor is compromised, or someone makes an unexpected decision under pressure. Take the recent surge of AI-generated phishing attacks. In early 2025, several major financial institutions were hit by personalised spear-phishing emails created using generative AI trained on leaked internal documents and executive social media. These emails mimicked writing styles, referenced real meetings, and bypassed traditional detection tools because they didn't match existing patterns. The attacks didn’t break the system; they distorted human trust in ways no one had anticipated.
The order we see is often retrospective, not predictive. Real resilience lies not in eliminating chaos, but in designing systems that can adapt to it.
Shifting from Control to Influence
Here’s the shift that chaos theory invites: perfect control is impossible, but meaningful influence is not.
In cybersecurity, this means designing with people in mind — supporting them instead of blaming, nudging safer behaviour instead of enforcing rigid rules, and accepting that systems are messy rather than trying to control them.
Control is comforting, but it’s rarely real. Influence, on the other hand, is possible. And powerful.
In a world increasingly governed by code and connectivity, the belief that we are in full control of our digital selves is a modern delusion. Cybersecurity professionals, policymakers, and individuals alike must confront a difficult reality: we are not sovereign over our systems, we are participants in ecosystems shaped by chaos, randomness, and human messiness.
But this isn’t cause for despair. It’s a call to design better systems, ones that accept unpredictability, prioritise human dignity, and shift from controlling everything to influencing what matters.
“Because in chaos, there is still meaning. And in uncertainty, there is still responsibility.”
Insightful read.
This was a beautifully thought-provoking piece. I really appreciated how you wove chaos theory into the conversation on cybersecurity. Tt reframes the issue in such a human, grounded way. The reminder that our role is to influence, not control, feels especially relevant in today’s unpredictable digital world. Thanks a lot!!!