Tens of thousands of geeks sat bent over tables starring into laptop screens in the Las Vegas conference halls. Many were making mischief – breaking into each other’s machines and demonstrating how to steal data and take down websites.
From dawn to dusk, the computer hackers competed and networked with each other in the offline world. Junk food and iced coffee cups were sprawled over tables amongst a tangle of wires and cables.
For one extended weekend each year, cyber criminals and saints have been flocking to Def Con; a festival of computer hacking that began with a few dozen participants in 1993 but has grown into the biggest show of cyber security prowess, that the world’s biggest technology companies dare not miss.
The corporations’ interests have been in information technology security. Several big scandals have rocked the business world and exposed how valuable virtual data is, and how much damage its miss-management can cause.
At the same time, demand for data specialists has reached an all-time high. Business schools have begun educating MBA and master students in big data and cyber security, while various IT sector careers have traditionally been popular options.
The UK government estimates that cyber crime costs the economy £27 billion a year.
“Many organisations would claim that information is their most valuable asset, yet they don’t have the management commitment to ensure that information is secure,” says Richard Skipsey of SGS United Kingdom, a leading business services company.
Executive appointments have highlighted the growing demand for technology and data executives. This week, Deutsche Bank hired Richard Shannon from Goldman Sachs as Americas chief information officer, and Scott Marcar from Royal Bank of Scotland as head of information technology infrastructure.
SGS estimates that the average cost to a large organisation of its worst security breach ranges from £450,000 to £850,000.
Cyber attacks rose 14% last year, with criminals targeting intellectual property-rich industries such as pharmaceuticals, mining and electronics, according to a report by Cisco.
The European Central Bank admitted last month that its defences had been breached by hackers who stole users’ contact details.
Cisco said a key problem with cyber security was a lack of employees with the right skills. The company estimates that there could be a shortage of one-million employees in the sector.
There is a growing need for better management of data. By 2015, 21% of companies with an annual turnover of $250 million or more will have chief data officers, according to IT services firm Gartner.
“Data-related roles are already on the rise,” says Mithun Sridharan, managing director of BlueOS, a strategic marketing firm which offers big data and analytics services.
“Currently, there is a dearth of professionals with the required skills, and as more companies board the big data bandwagon, the demand for big data and analytics professionals will only increase.”
Companies are increasingly paying for their senior-level employees to get a business education in data. Inge Kerkloh-Devif, executive director of global business development at HEC Executive Education, said that big data was an up-and-coming area: “I think there will be a big need in training executives for strategic decisions on big data.”
MBA students are now developing skills such as strategy simulation modelling, data visualization and strategy analytics at business school. HEC Paris, the leading French school, teamed up with IBM to revamp its MBA program to cater for data training.
“This course proved hugely popular,” says HEC’s Dean, Bernard Garrette. “Students with an education in business analytics are seen by many recruiters to bring added value to the workforce,” he adds.
MBAs have a natural affiliation with data management – many are already analytical in nature. Dr Guy Champniss, an expert in consumer behaviour and professor of marketing at Henley Business School, agrees that they are well placed to capitalize on this demand.
Dean Bernard, however, does not think big data education creates better managers on its own. “Training in big data does not necessarily create a top consultant or marketer; it is how a student uses these skills to complement their existing skill-set that will get a student noticed by top recruiters,” he says.
However, with this surge in data management demand, there are several security issues that companies face. Policies related to privacy, security, intellectual property, and even liability have yet to be addressed.
It is also unclear how companies can protect competitively sensitive data, or data that should be kept private. There are significant legal issues, and questions are raised about the intellectual property rights attached to data, and who is responsible when inaccurate data leads to negative consequences.
Dr Guy says that this is the next “huge hurdle” for companies. “It’s just breaking in various places now, and it’s a major issue for all businesses,” he adds.
Companies are now investing to sure-up their IT systems. Deutsche Bank has said it is investing €1 billion to ensure its systems can meet new regulatory requirements. It has also doubled its budget for IT compliance.
Some schools have begun educating MBAs specifically in cyber security. At the US’s Sellinger School of Business, students can sign up for a part-time, one-year cyber security certificate program, as part of their MBA studies or as a standalone. Tuition is about $13,600.
A report by the UK’s Department for Business, Innovation and Skills found that 78% of large organisations were attacked by an unauthorised outsider in 2013 – and the resulting costs to these companies roughly tripled.
SGS, which employs about 80,000 people, has stressed the importance of management commitment for information and IT systems departments.
While business schools see employer demand for data roles, data security is equally crucial to businesses, which are increasingly concerned about cyber attacks.
Richard says that it should be implemented as part of a company’s overall business strategy. “Effective information security must be championed, funded and managed at board level,” he adds.