The attack on TalkTalk, the latest in a long stream of high-profile business hacks, has been labelled as a “wake up call” for business. But despite the growing cyber threat, cyber security is yet to become a focus for many companies and business schools.
Those leading the push for cyber security in formal business training have told BusinessBecause that more business schools should develop specialist courses to combat hacking.
David Upton, professor at Oxford University’s Saïd Business School, which this year launched a UK cyber risk program for senior business managers, said: “Cyber security should be a standard part of any business education.”
Peter Swire, professor at Georgia Institute of Technology, which has a course on information security for business students, said there is an “urgent need” to bridge the gap between the code-level technologists and top management.
“We train our students to fill that gap,” added Peter, who has advised US president Barack Obama on cyber security.
Over the past 12 months, companies from adultery site Ashley Madison to carmaker Fiat Chrysler and Dixons Carphone, the retailer, have been rocked by cyber attacks.
Nine out of 10 large companies in the UK alone have suffered an online security breach, according to a survey by PwC and the UK Department for Business, Innovation and Skills in June. What’s more, the average cost of the most damaging breaches for big firms more than doubled over a year to £1.4 million.
“The multiple threats of computer crime have enormous consequences, not only financial and reputational but [they] also can harm a nation’s security and well-being,” said Konstantina Kappou, director of the MSc Financial Risk Management at Henley Business School.
Dr Jason Ferdinand, head of the cyber security management research group at the UK’s Coventry Business School, which launched last year an MBA in cyber security, said that for too long, cyber security has been seen as a technological and legal issue.
Yet, “knowledge of cyber security is fundamentally important for successful management and leadership”, he said.
The news of TalkTalk’s hack came as Accenture published research showing 50% of the world’s 109 biggest banks have no board members with technology experience, despite cyber crime “becoming a hot topic”, said Marie Kratz, director of the risk research centre at ESSEC Business School.
Financial firms have been some of the most high-profile victims: both the insurer Anthem and JPMorgan Chase have suffered large-scale breaches.
Experts say there is a lack of understanding among business managers about the need and importance of cyber security. “Rapidly evolving cyber security problems are complex in nature,” said Amjad Ali, cyber security advisor at University of Maryland, which offers a business-related master’s program in cyber security.
Other business schools have developed courses around cyber security, although they remain sparse. In the US, GW School of Business runs a specialized World Executive MBA with a cybersecurity specialization, and Fox School of Business teaches a master in Information Technology Auditing and Cyber Security.
Yet cyber security is relevant to all business students, said J.P Auffret, director of the MS in Management of Secure Information Systems at George Mason University. “There’s a shortage of skilled professionals in the field,” he said.