In this second scenario, the frequency and severity of attacks is significantly increased, and international cooperation in combating the proliferation of attack tools and knowledge eludes efforts to bolster defences. More attacks aim to destabilize services (such as national payment networks) provided by private- and public-sector institutions. Government cyber resilience regulations become increasingly directive, forcing strict industry- and country-specific compliance to complex new mandates. Governments raise barriers to cross-border flows of information and technology. Defence takes the form of siloed initiatives and limited information-sharing. Consumers become increasingly cautious, curtailing use of mobile technologies for banking and other services.
Company operations under this scenario feel more exposed and restricted. As attacks escalate, cyber resilience teams increasingly deploy systems with inherent vulnerabilities, thus playing “catch-up” with attackers. Responses are hampered by a lack of institutional knowledge-sharing. Stringent security measures limit enterprise productivity and hinder innovation. Fears of cyber risks significantly delay the adoption of new business and technology innovations. Over time, the higher barriers to cross-border movement of information and technology hamper the efficiency of world trade and corporate resource allocation.