As technologies advance, so do the skills of hackers seeking to exploit system vulnerabilities.
Organizations need to understand cyber risks and plan for tomorrow’s challenges.
We’ve outlined the trends which could shape the future of cybersecurity and how to prepare for them.
In order to disrupt a country, halt major commercial flows or make important financial gains, hackers usually look for vulnerabilities that have not yet been discovered. The constant technological evolution is a catalyst for them to find new flaws to exploit.
Therefore, in a fast-evolving digital ecosystem, decision-makers in government, industry, academia, and civil society need to anticipate and address tomorrow’s cybersecurity challenges to stay ahead of the curve.
Below are some of the key insights, tensions, and trade-offs that will likely shape the future of cybersecurity and that can help an organization better prepare to face cyber threats.
1. Progress in cybersecurity, but access must be widened
Public and private investments in security technologies, as well as broader efforts to tackle cybercrime, defend critical infrastructure, and raise public awareness about cybersecurity, are likely to reap tangible payoffs by 2030. Cybersecurity will be less about “defending fortresses” than moving toward acceptance of ongoing cyber-risk, with a focus on bolstering resilience and capacity for recovery. As markers of this trend, passwords could be nearly obsolete by 2030, cybersecurity will be widely taught in primary schools, and cryptocurrencies will be more effectively regulated. Still, while investments in more secure systems and basic cyber hygiene will raise many above the “cyber poverty line,” progress is likely to be unevenly distributed across communities and geographies.
2. Worsening crisis in trust online
Erosion of trust online is poised to deepen and continue to undermine offline relationships and institutions. Advances in artifical intelligence (AI) and machine learning (ML) will make it increasingly difficult to distinguish between humans and machines online, potentially leading many people to shift their activities back offline and even revert to using analogue devices. In a world of increasingly sophisticated synthetic media and AI-based cyberattacks, cybersecurity will become less about protecting confidentiality and more about protecting the integrity and provenance of information. Unfortunately, at the moment when societies most need to come together to solve major problems like climate change, distrust could lead to a retreat from regional and global cooperation. We need to work to avoid this outcome.
3. Double-edged sword of AI and ML technologies
There is both optimism and uneasiness about the rapid pace of scientific advancement and commercial adoption of AI and ML technologies. On the upside, we will see vast innovation in sectors such as medicine and transportation, as well as improvements to cybersecurity. On the downside, AI will also lead to innovation in cybercrime, and ML models could train themselves to achieve illicit or devious ends. There is a lack of clarity in how governments, companies, or communities will ensure that AI and other technology-based systems are built, deployed, and monitored safely and ethically, and no clear forum from which that guidance will come.
4. Downsides (and limited upsides) of internet fragmentation
The trend toward “digital sovereignty” and internet fragmentation will continue, as efforts toward internet interoperability and cross-border data transfers will compete with efforts by governments to establish localized or regional controls over online spaces. This may be an opportunity for local communities to have more agency in defining digital security, but we could also see a “wild west” of disinformation, surveillance, and more powerful cyberattacks emanating from rogue states that have isolated themselves from the global internet. The trend toward deglobalization could also lead to more pronounced “regional pockets of truth,” with differences in information defined by geographic or other boundaries, and governments could exert more control through technology.
5. Pull and push between regulatory experiments and the future of privacy
By 2030, we will know whether early cybersecurity efforts at privacy legislation (such as Europe’s GDPR) are delivering on their policy objectives, but it remains uncertain whether we will have improved methods for managing personal data by 2030 or will be living in a world in which we have given up on contemporary notions of individual privacy.
6. Metaverse uncertainty
Participants were split between those who believe that the metaverse (or metaverses) will not materialize, and will be considered a failed experiment by 2030, and those who believe we need to accelerate policy innovation to keep up with the new privacy and security issues that a fully realized metaverse will pose. However, the most dystopian visions of the future that emerged from the workshops were based on a passive consumer (i.e., living in the metaverse to escape problems in the real world). The antidote to this dystopia, and a key aspect of what the future holds, relies on our ability to educate citizens to embrace critical thinking.
7. Sovereignty and shifting power dynamics
In the workshops held in Europe, we heard concerns about a blurring of frontiers between governments and private corporations (for example, a few participants speculated about a future in which the largest tech companies hold seats on the UN Security Council). From US-based participants, we heard more concerns about a trend toward digital sovereignty, the security issues companies face in addressing increasingly divergent regulatory requirements around the world, and lack of a practical human rights framework for determining compliance trade-offs. Most agreed that the public sector will play an important role as both buyer and investor in technology and in developing guardrails in how cybersecurity plays out.
Planning for future cybersecurity risks
It is imperative for security practitioners to take a holistic view on the advancement of digital technologies to stay ahead of the curve. As per the Global Cybersecurity Outlook Report, a varied range of new technologies is being adopted by organizations, significantly raising the complexity of securing the digital ecosystem and widening the attack surface for malicious actors to exploit. It is therefore paramount to monitor how these technologies evolve, together with their social, economic and political contexts to make informed business decisions on organizational resilience.
The World Economic Forum, in collaboration with the Center for Long-Term Cybersecurity (CLTC), is running the Cybersecurity Futures 2030 initiative. It is a foresight-focused scenario-planning exercise to inform cybersecurity strategic plans and enable practitioners to understand the impact and prepare for the future of digital security.