Chapter 3. Future Scenarios :
Applying the Scenarios
FIGURE 13: POTENTIAL IMPACT OF CYBERSECURITY RISKS TO GLOBAL ECONOMY
In 2012 the McKinsey Global Institute set out to identify the technologies that over the next decade would truly matter to business leaders as they planned strategies, and to policy-makers as they tried to understand how technology would shape the global economy and society. The research focused on the speed, scope and economic value at stake from a dozen economically disruptive technologies — among them, cloud technology, the mobile Internet, and the networks of low-cost sensors and data collection and monitoring, commonly referred to as the “Internet of Things.”
MGI Disruptive Technologies report 2012
Calculated across the full range of some of these innovations, the risk of delays to adoption due to cyber threats could carry a high price tag for the global economy. In the scenario in which private and public institutions “muddle” into the future, the shortfall in estimated value created by 2020 could reach as high as US$ 1 trillion. And in the scenario where the private- and public-sector response to cyberattacks prompts a backlash against digitization, the impact on the global economy could amount to as much as US$ 3.06 trillion in unrealized value creation, or 14% of the total potential value creation of those technologies. (See Figure 14.)
FIGURE 14: FRAMEWORK FOR COLLABORATIVE ACTION
Example. Consider cloud computing. In a best-case scenario, in which a solid cyber resilience ecosystem accelerates digitization, the private and public sectors see greater use of public cloud technologies, with enhanced security capabilities for non-critical workloads. Better use of private clouds handles critical workloads. Both public and private clouds continue to offer similar features. Enhanced security for private clouds comes at minimal performance penalty, and at a more noticeable performance penalty for public clouds. Under this case, cloud computing has the potential to create US$ 3.72 trillion in value by 2020.
In the baseline “muddling into the future” scenario, however, a different norm governs cloud computing’s activity and economic potential. Use of public cloud technologies for non-critical workloads grows, as does use of private clouds for critical workloads. But fear of data breaches hampers use of public clouds for critical workloads. Delayed adoption of cloud computing means that between US$ 130 billion and US$ 470 billion of potential economic value remains unrealized.
Similarly, in the second scenario in which stepped-up cyberattacks, security gaps and a resulting rise in regulations create a backlash against digitization, public clouds are underutilized due to fears of vulnerabilities and higher costs from compliance with stricter policies on third- party access to data and systems. Achieving the full value potential of cloud computing is postponed by three years, and falls short by as much as US$ 1.4 trillion.
In coming years, annual spending on cyber resilience is likely to rise, from US$ 69 billion in 2013 to US$ 123 billion annually in 2020. But the extent of the increase and the return on investment will vary. In the best-case scenario, spending swells 13%, to US$ 139 billion annually, as public and private sectors lift defensive capabilities. In the worst-case scenario, in which US$ 3 trillion of potential economic value is unrealized, global spending nonetheless climbs 28% above the baseline scenario, to US$ 157 billion annually, as attacks step up and governments force compliance with increasingly complex regulations.