The biological advantages of something like CRISPR–Cas are clear. Prokaryotes — bacteria and less-well-known single-celled organisms called archaea, many of which live in extreme environments — face a constant onslaught of genetic invaders. Viruses outnumber prokaryotes by ten to one and are said to kill half of the world’s bacteria every two days. Prokaryotes also swap scraps of DNA called plasmids, which can be parasitic — draining resources from their host and forcing it to self-destruct if it tries to expel its molecular hitch-hiker. It seems as if nowhere is safe: from soil to sea to the most inhospitable places on the planet, genetic invaders are present.
Prokaryotes have evolved a slew of weapons to cope with these threats. Restriction enzymes, for example, are proteins that cut DNA at or near a specific sequence. But these defences are blunt. Each enzyme is programmed to recognize certain sequences, and a microbe is protected only if it has a copy of the right gene. CRISPR–Cas is more dynamic. It adapts to and remembers specific genetic invaders in a similar way to how human antibodies provide long-term immunity after an infection. “When we first heard about this hypothesis, we thought that would be way too sophisticated for simple prokaryotes,” says microbiologist John van der Oost of Wageningen University in the Netherlands.
Mojica and others deduced the function of CRISPR–Cas when they saw that DNA in the spaces between CRISPR’s palindromic repeats sometimes matches sequences in viral genomes. Since then, researchers have worked out that certain CRISPR-associated (Cas) proteins add these spacer sequences to the genome after bacteria and archaea are exposed to specific viruses or plasmids. RNA made from those spacers directs other Cas proteins to chew up any invading DNA or RNA that matches the sequence (see ‘Lasting protection’).
How did bacteria and archaea come to possess such sophisticated immune systems? That question has yet to be answered, but the leading theory is that the systems are derived from transposons — ‘jumping genes’ that can hop from one position to another in the genome. Evolutionary biologist Eugene Koonin of the US National Institutes of Health in Bethesda, Maryland, and his colleagues have found1 a class of these mobile genetic elements that encodes the protein Cas1, which is involved in inserting spacers into the genome. These ‘casposons’, he reasons, could have been the origin of CRISPR–Cas immunity. Researchers are now working to understand how these bits of DNA hop from one place to another — and then to track how that mechanism may have led to the sophistication of CRISPR–Cas.
A recent wave of high-profile cyber-attacks — with objectives ranging from disrupting critical infrastructure to influencing the US presidential election — has heightened attention around the need for stronger security and governance measures in the public domain. Technological advances have also facilitated a significant uplift in industrial espionage, which could grow further in an era of state-sponsored use of cyber technology. Meanwhile, the future weaponization of AI and robotics by rogue states or terrorists and the scope for hacking global satellite systems are also firmly on the radar of security specialists.
As businesses embrace innovation, they also take on new risks. Not only are companies buying and employing technology that creates new exposure, their IT systems are becoming increasingly connected to those of other companies in their value chain, such as suppliers, customers and utilities. Additionally, more IoT devices are being deployed to improve productivity or increase safety. This expanding interconnectedness, often facilitated by devices with limited security, creates additional points of vulnerability to cyber-attack and makes assessing the risk permutations that much more difficult.
Other innovations in the technology landscape, such as the migration of data and software to the Cloud and the use of AI and robotics in commercial applications, are also shifting the nature of cyber risk. At the same time, companies implementing innovations may be assuming, through legacy contracts, new liabilities where legal precedent is embryonic at best, along with vulnerabilities they will find challenging to mitigate or transfer into insurance markets.
Cross-border data flows are being slowed by a rise in government intervention. Some measures are aimed at consumer protection. For example, the European Union’s General Data Protection Regulation (GPDR) is driven primarily by privacy concerns on personal data. Other initiatives are aimed at state protection, driven by heightened security concerns. These measures enforce a range of protectionist policies, including prohibitive technical standards, censorship, surveillance and data localization. China, for instance, has joined Russia in tightening the requirements placed on foreign companies to store information within national borders. Increasing regulation is complicating the space for business to work in and aggravating “splinternet” tendencies.
These trends may present significant challenges for businesses. Compliance with new regulation could be costly, and failure to comply could result in significant sanctions. Restricted access to digital supply chains and markets will create complexities for firms with global operating models. In an era of heightened nationalism, this direction could threaten open global competition.