In this baseline scenario, attackers retain an advantage over defenders who continue to respond to threats reactively, albeit successfully. The level of threat rises incrementally, and a greater sophistication of attack tools consistently leaves defenders trailing. Institutions implement more stringent controls, but government intervention remains fragmented. No powerful international bodies emerge to coordinate the fight against cyber threats through the sharing of information and knowledge on attacker locations, intentions and strategies. Few cross-industry associations are effective in facilitating such exchanges.
At the operating level in this scenario, most business decisions likely are made without factoring in cyber resilience. Leaders continue to lack a clear grasp of the magnitude and nature of cyber threats. Senior business executives and company boards rarely engage with CISOs to consider the implications of business decisions on cyber resilience. Fragmented security solutions create operational inefficiencies such as slower transaction times. On the one hand, the potential advancement of new cyber defence technologies could hold out the opportunity for improved future security. On the other hand, fears of cyber resilience risks stemming from new business and technology innovations likely significantly delays adoption of those technologies, perhaps slowing global economic growth.