Table of contents
- The difference between a near incidents and an actual accident
- How near incidents should be considered
- Near incidents in cyber security: a wake-up call
- Examples of near incidents in cyber security
- The management of near incidents in cyber security
- Prevention: an investment for the future
Near incidents, also known as near misses, are events that could have caused an accident but, for various reasons, did not. According to Legislative Decree No. 138 of September 4, 2024 (NIS 2), a near incident is defined as “an event that could have constituted an accident but did not, including cases where the accident was effectively avoided.”
These events, although they do not cause immediate harm, must be carefully analyzed as they can provide valuable insights for preventing future accidents. It is through the reporting of near misses that organizations can identify gaps in work procedures and improve workplace health and safety.
The difference between a near incident and an actual accident
A near incident is not a true incident, but its importance should not be underestimated. While an incident directly causes harm or negative consequences, a near incident serves as a warning sign: it indicates that the conditions for a harmful event were present, even if the incident did not occur.
Common examples of near incidents include:
- A fall avoided thanks to quick reflexes.
- A machine stopping before causing an injury.
- A gas leak promptly identified and stopped.
In all these cases, it is essential to treat these events as opportunities to improve workplace safety.
How near incidents should be considered
Near incidents should be analyzed with the same rigor as actual incidents. This involves accurate reporting of the near miss, followed by an investigation to identify its root causes. Ignoring a near incident could mean losing a critical opportunity to prevent future risks.
International standards such as ISO 45001 emphasize that workers must be trained to recognize and report near incidents. Employers, on the other hand, have the responsibility to analyze these events and implement improvements in safety procedures.
A near incident can result from various factors, including:
- Human errors;
- Lack of training;
- Structural or technical issues in the workplace.
Near incidents in cyber security: a wake-up call
In the field of cyber security, the near incidents, or near misses play a crucial role in protecting digital infrastructures. In this context, a near incidents refers to an event that could have compromised cyber security but, due to fortunate circumstances or timely interventions, did not cause significant harm.
Analyzing and managing near incidents is essential to identifying latent vulnerabilities and preventing more serious attacks in the future. As with workplace health and safety, in the workplace, a near incident can be seen as a learning opportunity.

Examples of near incidents in cyber security
Here are some examples illustrating how near incidents manifest in cyber security:
- Phishing blocked at the last moment
An employee receives a well-crafted fraudulent email. They are about to click on the suspicious link, but advanced detection software blocks it in time. This event should be considered a near incident because it highlights a vulnerability in the system or employee training.
- Attempted intrusion thwarted by a firewall
A targeted attack on company servers is detected and blocked by the corporate firewall. Although no harm was done, the event reveals that the infrastructure was under attack, indicating a need for stronger defenses.
- Exposed password not exploited
An employee inadvertently shares a company password on an unsecured communication channel. The error is detected before it can be exploited, underscoring the need to review credential management procedures.
- Ransomware neutralized before spreading
Malware is downloaded onto a device, but endpoint protection software identifies and removes it before it can encrypt data. This is a near incident demonstrating the effectiveness of certain tools but also highlighting weak points.
- Misconfiguration corrected in time
A database is temporarily exposed due to human error, but unauthorized access is avoided because the error is quickly fixed. This is another clear example of a near incident that should not be overlooked.
The management of near incidents in cyber security
To ensure digital security, employers must adopt a proactive approach to managing near incidents in the IT domain. Each event should be analyzed to identify vulnerabilities, improve processes, and prevent future attacks.
Companies should:
- Encourage the reporting of near incidents by staff, even when no harm occurs.
- Train employees on cyber security risks through attack simulations and periodic tests.
- Implement monitoring tools to detect suspicious activity in real time.
- Analyze each event to understand what worked and what could be improved.
Prevention: an investment for the future
Just as with workplace safety, near incidents in cyber security should be regarded as valuable learning opportunities. Investing in the prevention and management of these events not only reduces the risk of harm but strengthens the entire security infrastructure.
Building a corporate culture that values the reporting of near misses in the IT field is crucial for creating safe workplaces, both physically and digitally.
In conclusion…
Near incidents are a critical element in managing corporate safety. Recognizing their importance and adopting the right strategies to address them can make the difference between a safe workplace and one where risks are ignored. In a world where prevention is paramount, near incidents should be seen as valuable opportunities for learning to ensure everyone’s health and safety.