Image if your business is hit by a phishing attack when an unsuspecting employee opens a rogue email. Or your clients’ financial details are stolen when an imposter posing as your bank communicates with you.
Or if your online sales are squashed when a hacker overloads your system with traffic.
These scenarios may seem unlikely to some business managers who have never had to consider code, DDoS, or HTTPS. But as the threat of cyber crime expedites they are something every aspiring chief executive officer must grapple with.
“Business leaders, government leaders, and public servants are all so concerned about cyber security that the issue sits right at the top of any corporation,” says Tad Oelstrom, director of the National Security Program at Harvard University. “There is a distinct possibility that this could be hugely damaging to companies in many aspects — to start with financially; people [clients] might lose faith that their information can be stored safely.”
While most companies are enthusiastic about keeping their systems secure, they are held back by a lack of technical knowledge and a severe shortage of managerial talent.
As an example PwC, the professional services firm, estimates nearly nine out of 10 large organizations suffer a security breach — and the number of breaches doubled in 2015. “The problem with cyber attacks is that some are simply nips in the skin but some are knives through the heart. But we’re under increasing threat of big bad attacks,” says David Upton, fellow at the Global Cyber Security Capacity Center at Oxford University, and professor of operations management at the Saïd Business School.
Stuart Madnick, professor of information technology and director of (IC)3, MIT Sloan School of Management’s cyber security initiative, says there is a huge culture gap between those who make money and those who count it. As a result, “companies need people in decision making roles that understand the consequences of cyber attacks. [But] that expertise is lacking,” he says.
As a growing number of organizations are leveraging big data analytics the need to keep information safe has never been more vital. “This is a big concern. We want the convenience of accessing data on any device at any time. But this raises a lot of security challenges,” says Shawn Mankad, assistant professor of information management at Cornell University’s Johnson School of Management.
The trend for business schools to jump on the big data bandwagon began in 2008. Warwick Business School and NYU Stern for example are among those pioneering specialist master’s degrees in business analytics.
But now they are exploring more trendy information management topics. Chief among them cyber security.
“Our objective is to make students know the reality of these risks,” says Bertrand Monnet, chair for criminal risk management at EDHEC Business School. “The threat has to be addressed not just by technicians but by the head of the company. Because they are in charge of performance and cyber crime can totally destroy the performance of any company.”
EDHEC has rolled out an elective course for its MBAs. Others like Harvard, Oxford, and Stanford run full programs. Coventry University Business School is pioneering an MBA degree in cyber security, which is backed by Sir Kevin Tebbit, the former director of Britain’s intelligence agency, GCHQ.
Dr Jason Ferdinand, the program’s director, says: “All MBA students should be taught about cyber security because it is a major challenge in today’s organizational world. It is not just a technical issue — it is a management issue.”
Ernst & Young, the consultancy, says boards are looking closely at their cyber security strategies. Business schools are starting to take note. Peter Swire, a professor at Georgia Tech’s Scheller College of Business, who has advised president Barack Obama on cyber security, says Scheller is developing a course for business managers in its MS in Information Security.
“Cyber security has become a C-level issue. The top management is involved if there is a data breach,” he says.
Not many schools have committed to investing in full degree programs. But they say demand is there. “We have seven Kogod School of Business students working for the Kogod Cybersecurity Governance Center,” says Bill DeLone, executive director of the Center, which runs two cyber security courses and is developing two more.
Given the explosion of high-profile hacks on companies from JPMorgan to Sony, schools say others will follow suit. “As it’s become a permanent part of the landscape for corporations it’s becoming a permanent part of the landscape for business schools,” says Jean-Pierre Auffret, director of the MSc in Secure Information Systems at George Mason University’s School of Business.