About this Theme

“The point of futures literacy is to become more adept at inventing imaginary futures: to use these futures to discern system boundaries, relationships and emergence; to invent and detect changes in the conditions of change; to rethink the assumptions we use to understand the present.”

In the world we live in, characterised by increasing levels of volatility, uncertainty, complexity and ambiguity, it is more important than ever that we equip ourselves with strategies for effectively reasoning about the future in order to plan and prepare for futures both anticipated and unanticipated. While this is true across all areas of society and government, the challenges of reasoning about the future in relation to cyber security, and the imperative to do so effectively, are further intensified. The pace of technological change and its implications for society, bringing both threats and opportunities, is one of the driving forces behind cyber security in all its aspects. Whether it’s assessing the risk of moving proprietary data to the Cloud, considering the potential impacts of emerging technology on current and future industry, or designing trusted automated products, it’s critical that cyber security takes the lead in rigorous futures thinking. We see Futures Literacy as the practical capability that enables us to do this rigorous thinking, and to use the future to inform action in the present. Being ‘futures literate’ means being conscious of and understanding why and how we are using the future. By becoming futures literate, as individuals and organisations, we can make more effective decisions to plan and prepare for a range of possible futures in cyber security.

Risk management is one key application, often treated as a prescriptive activity following specific steps to produce objective outputs. Cyber risk management has so far been heavily focused around specific processes or tools. Given the rapid digitalisation and connectivity of the products and services that society interacts with on a daily basis, risk analysts must become better at thinking about the future and developing narratives that can resonate with a wide spectrum of future risk. Embedding futures literacy across the cyber risk management process is critical to meeting this need: from the variety of tools and methods available to cyber risk practitioners to analyse cyber risk and futures; to the communication of risk information in ways that effectively motivate action in the present; to the wider cyber risk management process that can cope with futures complexities in our digital systems.


While a futures literate approach to cyber risk management is critical, the concerns of cyber security go beyond the process of managing risk for specific systems or current problems. Cyber security needs to also grapple with broader questions about digital futures and consider the implications, threats, opportunities and unanticipated events, of a range of different futures. This may be in relation to the evolution of current technology, emerging and future technology and also, critically, how developments in technology may interact with and impact on society, policy, organisations and individuals. A focus on technology alone is insufficient to exploring what we care about in digital futures. We need to equip ourselves with methods to reason about the future that can bring deep expertise in technology together with a structured exploration of the range of ways in which technology may interact with the world.


If we’re all to thrive and to keep our citizens safe in this fast-paced digital age then we must all become more futures literate. The expertise and infrastructure of the Research Institute for Sociotechnical Cyber Security (RISCS), working in partnership with the National Cyber Security Centre (NCSC), provides an excellent foundation on which to build the national and global capacity in futures literate cyber security.

RISCS Showcase

RISCS Showcase 2021: Anticipation

Professor Genevieve Liveley introduced the Anticipation Theme at RISCS Showcase 2021.

Research Fellow

Genevieve Liveley


Listen to our podcast from CyberUK21

Securing the Future: Emerging Technology and Futures Literacy

We’ve often historically thought about emerging tech through a purely technological perspective, but really we need to consider how society and people will interact and use it, as well as considering the markets and economics perspectives. Anticipation is an emerging discipline in cyber security that is concerned with how we imagine and tell stories about cyber security futures and Futures Literacy is the skill set that we need to do it effectively. Speakers: Anna, NCSC Reid Derby, Cyber Central Ben Koppelman, CyberSmart Prof Genevieve Liveley, University of Bristol Simeon Quarrie, VIVIDA.

Stories of Cyber Security (SOCS) Project

This project examines the potential for stories and storytelling to inform and support more effective communication of cyber security good practice and policy.

Download the Combined Report (pdf)


Publication: Futures Literacy through Narrative

Liveley, G., Slocombe, W., and Spiers, E. (2021). ‘Futures Literacy through Narrative’, Futures, 125.

This paper, published in the journal Futures, synthesizes some of the research findings from the RISCS Anticipation and Prospection theme. It argues that successfully managing risk in cyber security involves particular expertise in thinking about the future using future-based information to take action in the present. It suggests that ‘futures literacy’ or FL – defined here as “the capacity to think about the future” – is particularly important in the domain of cyber security because it helps to clarify the knowledge and understanding needed in order to achieve optimal risk assessments and plans for resilience. And it investigates the ways in which we might better understand futures thinking by recognizing the impact of narrative frames upon the processes of anticipation and prospection, taking as its case study “the principle of minimal departure” – the cognitive bias or heuristic which directs us to assume that the conditions of any (future) possible situation or world will resemble closely a (past or present) world with which we are already familiar.

CyRes and FLiNT Futures Storybook

One of our key business and industry collaborators (also a member of the RISCS Advisory Board), Peter Davies, saw the opportunity to use this research to help support his work speaking to boards about managing legal risk and on the governance risk management obligations of directors in the context of cyber resilience and safety. So, together with colleagues at FLINT (Futures Literacy through Narrative) – Dr Emily Spiers and Dr Will Slocombe – we produced a storybook of futures news media stories on the theme of cyber resilience and safety.   All of these fictional narratives are informed by robust current sociotechnical data on emerging and futures trends in this space and inspired by real news stories. They are all dated to a near future of March 30th 2031.
Futures stories like these can help to focus minds on the significance of cyber resilience when managing the risks and obligations that boards and others are legally responsible for as part of their governance plans. They can help boards to:
  • identify learning points from these future scenarios to inform action now
  • spot weaknesses in their existing cyber practices
  • explore together what can be done by Boards to mitigate risks and harms in these scenarios

You can read the stories in the slider below: