Digital systems have transformed, and will continue to transform, our world. They have the potential to deliver significant benefits to society and are central to our security, wellbeing and economic growth. To realise these benefits, we will need robust cybersecurity.
This Royal Society report considers the policy frameworks necessary to address these cybersecurity challenges, and the emerging research challenges over the next five to ten years.
The UK is particularly well-placed to realise the benefits of an emerging digital society, owing to its supportive government policy, strong research base and history of industrial success. These benefits have already been substantial, but they remain at risk. Cybersecurity at most organisations is lagging behind the state of the art, and as a result is not delivering the reliable protection we need. Attacks are increasing, and breaches cause substantial harm to individuals and organisations. This erodes trust, and along with it, the potential benefits digital systems are able to deliver.
Trust is essential for growing and maintaining participation in the digital society. Organisations earn trust by acting in a trustworthy manner: building systems that are reliable and secure, treating people, their privacy and their data with respect. As part of this, organisations need to provide credible and comprehensible information to help people understand and assess how secure they are.
Resilience (the capacity to learn and adapt under stress or in the face of shocks) is essential for earning people’s trust. Organisations and systems that are resilient are best placed to provide more useful products and services, and protect their customers in a world where cyber threats are constantly changing and evolving.
Research and innovation can generate advances that help cybersecurity keep up with the evolving cyber risks. This helps create a trusted and resilient digital environment. To support progress in cybersecurity research, a more ambitious, challenge-led research funding organisation should be developed, and research should be pursued that integrates insights from different disciplines and around the globe.
Translation of innovative ideas and approaches from research will create a strong supply of reliable, proven solutions to difficult to predict cybersecurity risks. This is best achieved by maximising the diversity and number of innovations that see the light of day as products.
Policy, practice and research will all need to adapt. This report makes recommendations to help build a trustworthy, self-improving and resilient digital environment that can thrive in the face of unanticipated threats, and earn the trust people place in it.