Cyberspace and Cybersecurity to 2025: Three Scenarios


The next decade will see enormous growth in cyberspace: more people, more devices, more connectivity, more data. The expansion of connectivity offers abundant opportunities for businesses, governments, and individuals, but also significant risks, especially those related to cybersecurity.

The pace of technological change will pose challenges, but will also offer opportunities for governments, businesses, societal organizations, and individuals to collaborate and innovate. Public policy will have a significant impact on the progress of this growth—and one of the biggest challenges will involve balancing the promotion of technological innovation and the new risks it poses to cybersecurity.

The risks posed to cybersecurity will come not just from criminals, hackers, and spies, but from policies, too. The policies of governments, businesses, and organizations can all influence the nature and extent of ICT development and cybersecurity.

The way societies respond to such issues as trade liberalization, education and workforce needs, immigration, and international cooperation will help shape the way in which the evolution of cyberspace unfolds. Governments, for example, can open up trade and foreign investment or restrict them.

They can agree to develop and enforce international standards or confine themselves solely to creating national standards. Businesses can support the development of innovative technologies through R&D investment and support technology intended to increase productivity, or they can focus use of technology solely on cost-cutting measures. And organizations can train and educate the workforce to meet changing labor needs or persist in promoting obsolete educational systems.

In 2014, Microsoft produced a report called Cyberspace 2025: Today’s Decisions, Tomorrow’s Terrain, which examines the complex relationship between policies and the development of ICT. The report offers three scenarios that illustrate the impact of policies on technological development—and explore how cyberspace and cybersecurity might unfold over the next decade.


The Microsoft scenarios begin with three baseline projections involving technology, demographics, and workforce needs. No matter how cyberspace progresses, these three trends will have a powerful impact on the development of ICT and cybersecurity— and pose challenges to both public and private organizations attempting to adjust to them.

  • Expansive technological growth. The next 10 years will bring expansive growth in the population of Internet users, the number of broadband subscriptions, and the billions of objects connected by the Internet of things (IoT). The challenge presented by this expansion will involve balancing support for the development and dissemination of transformative technology with the need to provide protection from security and privacy threats. While burdensome compliance regulations would restrict economic innovation, the right balance will yield reduced costs, improved e-government, and increased convenience.
  • Demographic shifts. The population of developed countries is rapidly aging while the population of working-age adults in emerging nations is increasing dramatically. These concurrent demographic shifts will heighten the urgency of addressing mounting resource needs and long-term economic sustainability.
  • Workforce education needs. The anticipated boom in technology will boost the demand for—and shortage of—medium- and high-skilled workers, while there will likely be an enormous surplus of low-skilled workers. This will challenge educational institutions, public entities, and private employers to develop a workforce with the new skills needed.


  • Microsoft provides plausible scenarios of how cyberspace and cybersecurity may unfold over the next 10 years, and points out that elements of each of these scenarios may play out in different regions of the world. Since these developments will have an enormous impact on how business is conducted both globally and in specific markets, businesses may use these scenarios as global, regional, and country-specific guideposts to how ICT might develop worldwide and in specific markets. Government policies will have a powerful influence on the direction of these developments—and will provide indicators for businesses on whether (and how) to do business in markets under different ICT policies.
  • Since the scenario that plays out may vary from region to region or country to country, companies should closely monitor signs that indicate that the worst-case Canyon scenario will take hold in important markets in which they do (or hope to do) business. Restrictions on Internet access and activity or nation-specific laws and standards regarding IP and cybersecurity, for example, may signal an unfriendly environment for ICT innovation.
  • Since virtually all businesses will benefit from further ICT innovations—which improve operational efficiency and facilitate direct consumer contact, for example—most businesses may find it worthwhile to consider lobbying national governments to support the recommendations suggested by this report. These include policies that promote a free and open Internet while ensuring privacy protections; improve ICT infrastructure; support R&D; educate workforces with the skills needed for the modern economy; facilitate open trade; and foster consistent international standards affecting cyberspace and cybersecurity.