“Business managers have to pay attention to threats... It’s better to act than react to the threat,” says Alan D Carswell, vice-dean of the cyber security department at University of Maryland’s business school.
Maryland is one of a growing number of business schools in the US to offer courses to tackle digital threats. Its MS in cyber security can be combined with its MBA program. Students may also earn a certificate in Information Assurance.
Others include GWU School of Business, which runs a specialized World Executive MBA with a cybersecurity specialization – whose students work on cyber security projects at the European Cybercrime Centre and at NATO in Brussels – and the Fox School of Business, which teaches a master in Information Technology Auditing and Cyber Security.
Also, George Mason University offers an MS in Management of Secure Information Systems, designed to develop leadership skills in an area that is fast becoming crucial for business managers.
Cyber security is relevant to all business students, according to J.P Auffret, director of the program. “There’s a shortage of skilled professionals in the field – especially with this leadership gap,” he says.
The problem stems from the lack of connection between technologists and executives. “There is an urgent need to bridge the gap between the code-level technologists and top management,” says Peter Swire, professor of law and ethics at Georgia Institute of Technology who has advised US president Barack Obama on cyber security.
Georgia Tech runs the MS Information Security program, and an Information Security Strategies and Policy course, which caters to business students and computer science graduate students, and is taught by Peter.
“By lifting their eyes above the day-to-day, they [students] gain confidence and practice [by] thinking about how to provide value to entire organizations,” he says.
Oxford University’s Saïd Business School recently announced plans to run a Cyber Risk for Leaders Program – which is targeted at business executives.
Professor David Upton, co-director of the course, says: “Cyber security should be a standard part of any business education.”
Management forms a crucial part of tackling cyber crime, because most data breaches are caused by employee mistakes, according to a report by IBM.
David says companies must create a culture in which employees can feel comfortable reporting potential cyber security problems.
He thinks that all business schools will have to provide students with an education in cyber security. “Understanding cyber risk and how to manage it will eventually become as much as part of the leader’s standard skill-set as managing financial risk,” he adds.
Coventry Business School in the UK recently launched a National MBA in Cyber Security to combat the growing threat to information security, and to help bridge the skills gap.
Dr Jason Ferdinand, head of the cyber security management research group at the business school, says technological advancements have brought new business opportunities but have also increased the risk of data breaches.
He believes that management is crucial in the fight against the dark world of cyber crime. “Knowledge of cyber security is fundamentally important for successful management and leadership now,” he says.
Demand is being driven by executives looking to gain an edge but also by less-experienced MBA applicants who see data security as a growing area of career opportunity.
The global cyber security industry will grow to $155 billion by 2019, according to data from MarketsandMarkets, a market research firm, much of that growth coming from the insurance sector.
“We desperately need managers who understand how cyber security is a management concern, in order to produce effective future leaders in all areas of society,” says Jason at Coventry.
The challenge in developing and launching more cyber security programs is the relative lack of academics focusing on this subject area in terms of leadership and management, and the lack of research, he says
But he adds: “In the next few years I believe that all leading UK universities will offer cyber security management education.”