In the world we live in, characterised by increasing levels of volatility, uncertainty, complexity and ambiguity, it is more important than ever that we equip ourselves with strategies for effectively reasoning about the future in order to plan and prepare for futures both anticipated and unanticipated. While this is true across all areas of society and government, the challenges of reasoning about the future in relation to cyber security, and the imperative to do so effectively, are further intensified. The pace of technological change and its implications for society, bringing both threats and opportunities, is one of the driving forces behind cyber security in all its aspects. Whether it’s assessing the risk of moving proprietary data to the Cloud, considering the potential impacts of emerging technology on current and future industry, or designing trusted automated products, it’s critical that cyber security takes the lead in rigorous futures thinking. We see Futures Literacy as the practical capability that enables us to do this rigorous thinking, and to use the future to inform action in the present. Being ‘futures literate’ means being conscious of and understanding why and how we are using the future. By becoming futures literate, as individuals and organisations, we can make more effective decisions to plan and prepare for a range of possible futures in cyber security.

Risk management is one key application, often treated as a prescriptive activity following specific steps to produce objective outputs. Cyber risk management has so far been heavily focused around specific processes or tools. Given the rapid digitalisation and connectivity of the products and services that society interacts with on a daily basis, risk analysts must become better at thinking about the future and developing narratives that can resonate with a wide spectrum of future risk. Embedding futures literacy across the cyber risk management process is critical to meeting this need: from the variety of tools and methods available to cyber risk practitioners to analyse cyber risk and futures; to the communication of risk information in ways that effectively motivate action in the present; to the wider cyber risk management process that can cope with futures complexities in our digital systems.

While a futures literate approach to cyber risk management is critical, the concerns of cyber security go beyond the process of managing risk for specific systems or current problems. Cyber security needs to also grapple with broader questions about digital futures and consider the implications, threats, opportunities and unanticipated events, of a range of different futures. This may be in relation to the evolution of current technology, emerging and future technology and also, critically, how developments in technology may interact with and impact on society, policy, organisations and individuals. A focus on technology alone is insufficient to exploring what we care about in digital futures. We need to equip ourselves with methods to reason about the future that can bring deep expertise in technology together with a structured exploration of the range of ways in which technology may interact with the world.

If we’re all to thrive and to keep our citizens safe in this fast-paced digital age then we must all become more futures literate. The expertise and infrastructure of the Research Institute for Sociotechnical Cyber Security (RISCS), working in partnership with the National Cyber Security Centre (NCSC), provides an excellent foundation on which to build the national and global capacity in futures literate cyber security.

RISCS Showcase 2021: Anticipation

Professor Genevieve Liveley introduced the Anticipation Theme at RISCS Showcase 2021.