Cybersecurity-Enhanced Futures Thinking for Business Model Innovation in VUCA Environments

Abstract

In an increasingly volatile, uncertain, complex, and ambiguous (VUCA) business environment, organizations must adopt forward-looking strategies to remain resilient and competitive. This study builds upon the Futures Thinking and Business Model Innovation framework proposed by Vähänikkilä and Vakkuri (2025), integrating cybersecurity as a critical dimension of strategic foresight and organizational adaptability. While Futures Thinking enables companies to envision plausible and preferred futures, cybersecurity provides the structural integrity and trust necessary to realize those visions in digitalized ecosystems. Using qualitative methods, including interviews and co-creational workshops in the hospitality sector, the original research identified key barriers to Futures Thinking: lack of understanding and limited resources. This extended study has been conducted by using the insights from the original study. We propose that cybersecurity awareness and preparedness can act as both a catalyst and a safeguard in business model innovation. Cybersecurity considerations, such as data protection, digital trust, and resilience against emerging threats, are mapped onto the five-stage innovation process: environmental scanning, vision formulation, knowledge alignment, innovation implementation, and feedback iteration. Examples from hospitality extended by e-commerce, and logistics illustrate how cybersecurity influences decision-making, customer trust, and operational continuity. The integration of cybersecurity into Futures Thinking tools (e.g., wild cards, foresight canvases) enhances scenario planning and supports dynamic capabilities such as sensing, seizing, and transforming. This early state research and proposed model contributes a novel perspective to the academic discourse by linking cybersecurity with strategic foresight, emphasizing its role not only in risk mitigation but also in enabling innovation. The proposed model encourages tourism organizations to treat cybersecurity as a strategic enabler rather than a technical constraint, fostering future-proof business models that are both visionary and resilient. Validation of the model will take place in autumn 2026.