Chapter 3. Future Scenarios
On the future landscape of cyber resilience, the various dialogues identified dozens of shaping elements. These included such different drivers as the proliferation of attack tools, investment in educating end-users, international cooperation in fighting cybercrime, and the availability of economic opportunities in the developed and developing world. From this assortment, priority areas were distilled, and two essential drivers were defined of the future cyber resilience environment: pace of increase in the intensity of the cyber threat; and pace of increase in the quality of response from private institutions and the public sector. (See Figure 11.)
FIGURE 11: TWO PRIMARY DRIVERS IN DEFINING FUTURE SCENARIOS
A secure, robust cyber resilience environment spanning the public and private sectors would enable business and technology innovations, such as cloud computing and mobile Internet, to create between US$ 9.6 trillion and US$ 21.6 trillion in economic value between now and the end of this decade. But if that secure environment fails to materialize because rapidly increasing cyberattacks are met with less rapidly increasing defence capabilities, a backlash against digitization could leave as much as US$ 3.06 trillion of that value unrealized. Judging from the interviews and workshops, the executives believe that society is headed towards such a scenario, and that many components of that outcome are already beginning to materialize.
From this base and other extensive workshop sessions, three alternative future scenarios for 2020 have been created. The scenarios put cyber threats in sharper relief and form an economic value model that could be either achieved or threatened by an evolving cyber resilience ecosystem (see Figure 12). The three scenarios are:
- Scenario One: Muddling into the future
- Scenario Two: Backlash against digitization, prompted by proliferating cyberattacks
- Scenario Three: Accelerated digitization thanks to robust cyber resilience
FIGURE 12: ALTERNATIVE FUTURE SCENARIOS FOR 2020
Scenarios testing at the Annual Meeting of the New Champions
Christopher Mondini, Vice-President, Stakeholder Engagement, North America & Global Business Engagement, ICANN
Scott David, Executive Director, Law, Technology and Arts Group, University of Washington
Peter Schwartz, Senior Vice-President, Global Government Relations, Salesforce
- Scenario A: Cyber threats increase, but sophistication of institutions does not. Businesses continue to reach the way they have in the past and the attack vendors continue to group together and increase in their relative sophistication.
- Scenario B: Fears about cyber security slow down cooperation and trust. Sophisticated attack vectors are disseminated to a wider range of actors with some harboring truly destructive intent. This ripples into implications for consumer purchasing habits, limiting business strategies and severely inhibiting government regulations
- Scenario C: Technology and security become enablers to growth. Governments come together in the face of an ever increasing threat to facilitate the dramatic uplift in institutional capability and international cooperation.
- Scenario D: After destructive attacks, public-private cooperation is improved, but consumer trust is eroded. A series of highly visible, destructive attacks shake the bedrock of consumer purchasing habits, forcing businesses to shift the way the act.
Participants discussed the implications of each of the scenarios. Some of the themes that emerged included:
- A push for new and innovative solutions from third party vendors to help combat newer and more sophisticated threats
- A need to reformulate business strategy to consider changes ranging from countries in which companies feel comfortable operating in to the way they connected with consumers
- A need for greater regional and international cooperation between nations to align regulations as well as prosecute criminals
- Opportunities will emerge for new businesses in insurance or risk markets to help businesses mitigate the potential downside from cyber risks