Cookies on this website

We use cookies to ensure that we give you the best experience on our website. If you click 'Accept all cookies' we'll assume that you are happy to receive all cookies and you won't see this message again. If you click 'Reject all non-essential cookies' only necessary cookies providing core functionality such as security, network management, and accessibility will be enabled. Click 'Find out more' for information on how to change your cookie settings.

Organisations, governments and users are increasingly vulnerable to cyberattacks, which effects may range from threatening the foundation of modern information society, to causing catastrophic failure of nation-wide critical infrastructure. As a result, a great deal of effort has been given to mitigating the risks stemming from cyber-attacks and has established the field of cyber-security. To defend against cyber-attacks, defenders are required to foresee threat actors’ actions some way in advance to implement protective means. This interdependency places anticipatory practice at the heart of cyber-security. Despite the importance of these activities, little work exists that considers the details of anticipatory practices in cyber-security. This chapter explores how a forward-looking stance and the use of that forwardlooking stance to affect a change in the present are a key concept and goal of cybersecurity. Literature on anticipation in cyber-security is reviewed and its importance illustrated through the use of a detailed case study. In this study, we draw upon empirical accounts of five cyber-threat analysts’ day-to-day practices to explore how futures are envisioned and used in the attempt to protect cyber-space. We find that anticipation of the future is, under different names, a wellconsidered stance in cyber-security that attracts attention from practitioners and theorists alike. The practices that were uncovered proved to be highly anticipatory in nature. Defenders take an “attack attitude, ” where they aim to envision possible future attack behaviours to inform their defence responses. Analysts engage in external and internal knowledge acquisition activities to obtain knowledge about the attack and defence space and anticipate the future. Yet, obtaining this knowledge presents a major challenge due to the ambiguity and amount of information available. We conclude that improving cyber-defenders’ anticipatory capabilities may enhance the overall sense-making process and improve decision-making.

Original publication





Book title

Handbook of Anticipation: Theoretical and Applied Aspects of the Use of Future in Decision Making: volume 1,2

Publication Date





1559 - 1585