The world is changing, and with it so is the internet. Or perhaps it\u2019s the other way around. The internet continues to create new business and social opportunities that massively scale and widely interconnect. The increasing depth and volume of personal and corporate data make it a more rewarding target for cyber crooks and state-sponsored espionage or sabotage. At the same time, greater connectivity provides more potential attack vectors.This makes industry, governments and individuals uneasy and unsure how to prepare. Predicting the exact nature of future threats and how to combat them is difficult, but a new study from The Internet Society (ISOC) offers credible insight. ISOC was founded by internet pioneers Vint Cerf and Bob Kahn in 1992 \u201cto promote the open development, evolution, and use of the Internet for the benefit of all people throughout the world.\u201d On September 18, ISOC released its Paths to our Digital Future report, which sheds light on how the development of the internet might continue to service everyone.The report is the result of surveys, phone interviews and roundtables conducted in 2016 with more than 3,000 ISOC members and partners, outside experts, and users in both the private and public sectors. It focuses on six \u201cdrivers of change\u201d that will impact the internet in the coming years: the internet and the physical world; artificial intelligence; cyber threats; the internet economy; networks, standards, and interoperability; and the role of government. Although only one of the drivers targets cyber security, findings in all areas have a direct or indirect impact on it.The report reflects respondents\u2019 questions and concerns relevant to the future of the internet as an economic driver and social medium. A central theme is that for the internet to continue to be successful in both areas, it must be trusted, safe, and easy to use. Below are a few of the security-relevant issues the report raises.\u00a0What effect will government action (or inaction) have on cyber security?Respondents expect legacy governmental and regulatory policies will continue to be counterproductive. Technologies such as artificial intelligence (AI), internet of things (IoT) and blockchain\u2014all of which play significantly in the cyber security space\u2014will further stress policy frameworks. \u201cNeither government nor the private sector can deal with the scope and scale of cyber threats alone. It will require collaboration,\u201d says Constance Bommelaer de Leusse, senior director, global internet policy at ISOC.Bommelaer de Leusse says that many people expressed concern that governments make take actions that undermine cyber security. \u201cGovernmental interest in national security will continue to manifest in regulatory actions, which inevitably compromise personal privacy and security,\u201d said one participant in the study.\u201cPolicymaking that is reactive and not long term may fragment the internet along nation-state boundaries and also undermine human rights,\u201d says Bommelaer de Leusse. "Technically, this fragmentation will happen if governments try to limit the ability of the system to fully interoperate and exchange data packets in an end-to-end way \u2014 undermining one of its fundamental properties, and keys to its success. We see a worrying trend in this direction in some parts of the world that prioritize short-term national interests \u2014 sometimes referred to as \u2018cyber sovereignty\u2019 \u2014 over longer-term interests and shared responsibility.\u201dSome government actions might prove to be positive. \u201cThere is also a scenario where, for example, data protection laws, liability, and consumer protection laws are supportive of cyber security strategies, and where governments promote and enable the most efficient solutions,\u201d says Bommelaer de Leusse.\u00a0[Related: Xerox CISO: How business should prepare for the future security threat landscape]Another trend that alarmed participants in the report is the rise of state-sponsored cyber attacks as the internet is becoming increasingly intertwined with national security. \u201c[An] uncertain prospect is the use of\u00a0cyber arms and cyberwars to achieve political gains between major powers. This is already happening but it is uncertain whether it will lead to major disruptions to the network and perhaps reduce confidence by internet\u00a0users in it,\u201d said one participant in the study.\u201cSociety is becoming increasingly dependent on the internet, in anything from political processes to our economies, and this makes cyber attacks an attractive means for malicious actors \u2014 including state sponsored attacks,\u201d says Bommelaer de Leusse.\u00a0With no political solution apparent, Bommelaer de Leusse cites the need for international norms to help control this type of state behavior. \u201cOrganizations should consider state-sponsored attacks as a possibility in their risk assessments. Understanding what assets, whether in terms of data or infrastructure, that might be a target for politically motivated attackers needs to be considered,\u201d she says. \u00a0The rise of cyber security haves and have-notsAs cyber security risk and complexity increase, so do the resources needed to respond to them. Some study participants see this creating \u201csecurity divides\u201d where some entities won\u2019t be capable of dealing properly with threats. This is expected to occur among nations, individuals in society, and businesses.\u201cOne of the most alarming issues we see in this report is the risk of an emerging security divide \u2013 both within and between societies,\u201d says Bommelaer de Leusse. \u201cThis security divide can play out at the individual user level, with some users having the skills and resources to protect their data, but it can also become a divide at the organizational level where new businesses from developing countries are at a disadvantage due to security.\u201dWhile an organization may have adequate skills and resources, its partners and providers may not, and that will create vulnerabilities. \u201cIt may be the ecosystem of banking services that your business depend on, your ISP, or the legal framework in your country that puts your business at a security disadvantage,\u201d says Bommelaer de Leusse, who adds that collaboration among all the actors within an ecosystem is required to promote security.How will the IoT impact organizations?Study participants expect what Bommelaer de Leusse characterized as \u201can explosion\u201d of new devices connected to the internet. This suggests that the range of attack vectors and vulnerabilities will increase. \u201cThis will not only increase the risk of attacks, but potentially also the severity of the attacks as they connect to the physical world,\u201d says Bommelaer de Leusse.That risk is compounded by the nature of businesses adopting IoT technology. \u201cWe will also see a range of new or traditional business entering the digital world, some of which might lack the experience, awareness and skills to effectively secure their devices,\u201d says Bommelaer de Leusse, adding that ISOC encourages organizations to adopt the Online Trust Alliance\u2019s (OTA\u2019s) IoT Security Framework. It provides best practices and security principles to guide the deployment of IoT.\u00a0[Related:\u00a0Realistic ways to lock down IoT]Will securing the internet make it harder to use?Again, the report emphasizes that the internet must remain safe and easy to use. Users today complain about some basic security measures such as two-factor authentication, so it\u2019s reasonable to question whether future security measures will discourage users. \u201cThere\u2019s lots of talk surrounding security and\u00a0encryption, but users aren\u2019t willing to use anything that\u2019s even slightly inconvenient. I suspect in five years we\u2019ll still be talking about how important security is, and things will be even more insecure,\u201d said one participant in the study.Bommelaer de Leusse says that doesn\u2019t need to be the case if organizations focus on security awareness and take a solution focused approach. \u201cThe biggest concern we see today is a lack of security, which translates into undermining trust in the internet. Users and businesses need to feel confident that the integrity of their data is protected, and a trend towards increasing attacks against the network and its services is likely to undermine this confidence and trust. The key here is risk management, and to minimize the risks through better security practices and at the same time strive to optimize the benefits inherent to the internet\u2019s open and global nature. Collaborative security is key to efficiently minimize that risk.\u201d\u00a0[Related:\u00a0Is universal end-to-end encrypted email possible (or even desirable)?]Meeting future security challengesIf there is a cyber security lesson in the findings of the ISOC report, it\u2019s that organizations need to review and rethink how they conduct business and protect their assets and data. \u201cThe underlying issue is that many businesses\u2019 first priority is to collect data, not secure it,\u201d says Bommelaer de Leusse. \u201cLack of end-to-end encryption, and as in some cases neglecting to encrypt stored data, are just some of the factors that exacerbate the problem, and the impact of a data breach on the users.\u201d[Related: The real reason we can't secure the internet]Although report participants expect investments in cyber security to rise, Bommelaer de Leusse believes money alone is not the answer. \u201cThe biggest hurdle is not necessarily money, but security awareness and security as a priority. The OTA did a report two years ago that showed that over 90 percent of the breaches they studied could have been prevented, and that 29 percent of those were actually caused by employees\u2014accidentally or maliciously\u2014due to a lack of internal controls."Collaboration and communication are also critically important. \u201cUnderpinning all of these issues is the challenge for many industries, and other stakeholders, in considering the need for collaboration in cyber security,\u201d says Bommelaer de Leusse. \u201cThe internet is a highly interdependent system, and no single actor can adopt a fix-all solution. It will require collaboration among vendors and manufacturers to ensure that devices are secured by design, and that users can interact with the device to confirm or perform updates, make configuration changes, and so on.\u201dThe study\u2019s findings also reinforce the notion that security needs to be embraced from top to bottom within an organization, especially those who collect the personal data of individuals. There is growing sentiment that organizations need to do more to protect personal data and take more responsibility when there is a breach. \u201cOrganizations that handle private data need to clarify their accountability and have full transparency on how date is handled. If there is a breach, the weight should be on the shoulders of those handle the data,\u201d says Bommelaer de Leusse.