The complexity of modern networked systems has negative consequences in the form of intended and unintended security incidents. Information security is not the first field to grapple with such challenges. In safety, incident learning systems (ILS) have been used to control high risk environments. Many of these systems, such as NASA's Aviation Safety Reporting System, have demonstrated considerable success while others have failed. Prior to implementing ILS in information security, it is prudent to learn from experiences gained in safety. We use System Dynamics to investigate how factors such as management commitment, incentives, recriminations and resources affect a safety incident learning system. We find that the rate of incidents is not a suitable indicator of the state of the system. An increasing or decreasing incident rate may both be caused by either increased or decreased security. Other indicators, such as the severity of incidents, should be used.