Cybersecurity is an issue that's not going away, and according to a new report from the Pew Research Center, it's likely to only become more critical in the future. Surveying a number of Internet experts, Pew found a consensus that the next decade will be filled with more cyber attacks, with bigger consequences.

Most Internet Security Experts Expect a "Major Cyber Attack"

Pew surveyed over 1,500 Internet security experts as part of its Digital Life in 2025 series. Unlike standard polls, Pew only asked one major question:

"By 2025, will a major cyber attack have caused widespread harm to a nation's security and capacity to defend itself and its people?"

By "widespread harm," Pew specified it meant "significant loss of life or property losses/damage/theft at the levels of tens of billions of dollars." Then, Pew just asked the experts to elaborate on their answer.

Out of the 1,642 experts that responded, Pew found that 61 percent said a major attack was indeed coming in the next decade, while only 39 percent thought not.

The "Yes" Group: Four Major Themes 

Out of the majority of experts that thought a significant cyber attack would occur before 2025, Pew found four major themes emerging in their explanations.

First, that critical infrastructure for defense, banking, transportation, and other daily nationwide essentials are all Internet-connected, "inviting targets."

A respondent with the Network Information Center noted, "The biggest vulnerabilities are with the financial, energy, and transportation sectors -- which represent the soft underbelly of our society and are increasingly under siege from thwarted cyber attacks."

And it appears that inviting targets will only proliferate more, as technology gets more intertwined with everyday life. For example, Internet activist Tim Kambitsch wrote, "The Internet of Things is just emerging. In the future, control of physical assets, not just information, will be open to cyber attack."

Second, that most Internet-connected systems aren't designed with a primary focus on cybersecurity. As IT industry manager Elena Kvochko put it, "...a large portion of critical infrastructure facilities still rely on software and technology created decades ago and which has not been upgraded. The level of sophistication of adversaries generally progresses much faster..."

Third, that in recent historical examples like the Stuxnet worm (that temporarily derailed the Iranian nuclear program) and the responses to large government-threatening protests in recent years, we've already seen instances that qualify as major cyber attacks. Extrapolating into the future, it seems that attacks, similar or even more intense, are all but assured. "If an agency can create something like Stuxnet to sabotage Iranian nuclear facilities," wrote Dutch assistant professor of communications Maurice Vergeer, "it's a question of time for another agency to come up with another piece of malware to sabotage essential infrastructure.

Finally, while the possibility of cyber attacks looms over all of us, there are "noteworthy divides" between those that are prepared and unprepared.

As Columbia University professor Henning Schulzrinne responded, "Primarily financial services (both trading and financial transactions) and maybe the power grid seem vulnerable and their disruption is most likely to inflict large collateral damage."

But Schulzrinne's analysis gets even more grim: "Both are dominated by legacy systems, with a limited willingness to make the necessary investments in upgrades and, particularly for utilities, limited technical depth in their staff."

The "No" Group: Three Themes

Of the 39 percent of experts that didn't think a major cyber attack was likely in the next ten years, Pew found three types of argument.

The first major argument against the possibility of a major cyber attack before the year 2025 centered around optimism in the progress of security fixes and rising security standards, along with confidence in the ability to mitigate the damage of attacks due to the distributed nature of the Internet.'s Robert Bell, for example, stated, "While the possibility of such widespread disruption certainly exists, it has become a priority among most industrialized nations to understand and respond to the threat. I expect smaller-scale incidents but not large-scale loss of life or billions of dollars of property loss."

The second argument was that the threat of retaliation will deter malicious groups from being too ambitious in the size and scope of attacks -- relegating them to exploiting small, less important vulnerabilities.

As technology writer Fred Hapgood noted, a major attack that causes losses in the tens of billions of dollars, for example, would "trigger serious retaliation and the hackers responsible can never be 100 percent certain that they haven't left a trail somewhere."

In the context of cyberwar between nation-states, Technology Education Institute founder Garland McCoy simply put it, "Mutually-assured destruction worked [in the Cold War], works now, and will work in cyberspace."

Finally, some Internet security experts simply see the threat of major cyber attacks as something that is far too overblown -- possibly, in part, because some organizations have something to gain from a climate of constant fear.

"Perhaps I am optimistic, wrote Microsoft Research's principal researcher, Jonathan Grudin, "but this concern seems exaggerated by the political and commercial interests that benefit from us directing massive resources to those who offer themselves as our protectors."

"It is also exaggerated by the media because it is a dramatic story," he added.

What do you think? Are you worried about a large-scale cyber attack in the future, or do you think Internet security will continue to be imperfect, but not critically so?

Let us know in the comments!