Using Donald Rumsfeld’s famous quote “There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don't know. But there are also unknown unknowns. There are things we don't know we don't know.”
In risk, “Known knowns” represent incidents that we experience within our own organisations. We are therefore well aware of them and can learn from the mistake to improve processes and get stronger. “Known Unknowns” represent incidents that other organisations have experienced. These are not well known outside of the affected organisation as often the knowledge is not broadcast, not least for confidentiality and potential reputation impacts. However, these are the best incidents for us to learn from as we have not suffered any loss ourselves but can strengthen our processes from the knowledge of what happened.