Cyber crime is rife, spurred by hackers who are targeting the financial and consumer data held by companies from the retail to banking industries.
Such is the threat posed by cyber criminals that business is being forced to treat the matter as of critical importance. Managing the risks of cyber crime has become a boardroom level topic, as everyone from shoppers to executives become more concerned over their data.
“Cyber security is now a boardroom concern,” says Phillip Hodgins, a principal advisor at KPMG. “Yet, for it to stay that way, executives need a clear understanding of its relevance to their own organization…Too often security measures are seen as restrictive.”
A report published by the World Economic Forum this year estimated a $3 trillion cost to the global economy if cyber security is not taken seriously.
The education of business leaders on risk has so far focused on areas of finance. But as companies start to harness the power of technology to fight cyber crime, educational institutes are beginning to dip their toes into the dark world of cyber security.
David Upton of the Global Cyber Security Capacity Centre at Oxford University, and a professor at the Saïd Business School, says there is a need to bridge the gap between technologists and executives.
“Cyber security should be a standard part of any business education,” he says, including IT strategies around big data, social networks and the cloud.
As an example of the growing need for cyber security in leadership development, Oxford Saïd this year launched a cyber risk program in the UK for business executives. Similar programs exist in the US at GWU School of Business, which runs a cyber risk specialization in its executive MBA, and at the Fox School of Business, which teaches a masters in cyber security and IT auditing.
“Knowledge of cyber security is fundamentally important for successful management and leadership now,” says Dr Jason Ferdinand, head of the cyber security management research group at Coventry Business School. The UK school last year launched an MBA in cyber security, to help bridge the skills gap.
Jason says there is a need for executives who are able to understand all areas of business and cyber security. “Effective management is fundamentally important for addressing cyber crime. For far too long, cyber security has been seen as a technological and legal issue,” he says.
Amjad Ali, cyber security advisor at University of Maryland, which offers a masters program in cyber security, says combatting cyber crime requires a multidisciplinary approach from executives. “Rapidly evolving cyber security problems are complex in nature,” he says.
Yet there is a lack of understanding among business managers about the need and importance of cyber security.
Experts argue they must take into consideration technical, legal, ethical and policy aspects and address cyber threats in a holistic manner. “There is an urgent need to bridge the gap between the code-level technologists and top management,” says Peter Swire, professor at Georgia Tech, which offers an IT strategies course to business students.
The dark world of web crime has been brought to light by high profile attacks, such as the attacks on US retailer Target and JPMorgan Chase, the bank.
PwC, the professional services firm, says the number of global cyber security incidents last year surged by nearly 50% to more than 40 million. One in ten breaches incurred a cost greater than $10 million.
“It is becoming a hot topic,” says Marie Kratz, director of the CREAR risk research centre at ESSEC Business School in France. “Companies and governments are asking for tools to handle cyber risk.”
While attention has focused on the risk posed by cyber criminals to the financial services sector, every industry is ramping up their online defence. “Breaches are becoming increasingly sophisticated, often involving internal staff to amplify their effect, and the impacts we are seeing are increasingly long-lasting and costly to deal with,” says Andrew Miller, cyber security director at PwC.
At the most senior level, chief information security officers are in high demand, while further down the chain there are promising careers which combine cyber risk with management.
“Cyber crime in itself represents a huge area for investment and offers another form of risk assessment,” says Dr Konstantina Kappou, program director for the MSc Financial Risk Management at Henley Business School.
Paul Schoonenberg, head of MBA careers at Aston Business School, says banks and other financial institutions have long been bolstering their risk teams, while boutique risk consultancies have been growing their client bases.
“Risk management within a financial institution is seen as a core skill, with chief risk officers closer than they have ever been to their CEOs,” he says.