Cyber security — or rather a lack of it — has become a hot topic in business, as cyber criminals have successfully targeted institutions such as Target and JPMorgan Chase.
As part of their MBA, the Mannheim Business School students worked with the firm to survey chief information security officers, and came up with eight best practice approaches to information security management.
The credit earned by the students highlights the way cyber security is breaking into the world’s business schools, which have launched dedicated executive education and MBA programs on the topic.
Last year at Stanford, the first cohort graduated from a computer science MBA/MS degree, which delves into cyber security and information management.
“The combination program recognizes the critical connections between technology, innovation, strategy, and execution,” says Madhav Rajan, senior associate dean at Stanford Graduate School of Business.
At Harvard, a cybersecurity course costing $7,600 will run in 2016, aimed partly at business executives who need to balance innovation with the protection of intellectual property.
These programs have been most pronounced in the US, where president Barack Obama has publically urged companies to do more to tackle cyber threats.
At MIT Sloan, an initiative called (IC)3 focuses on the strategic, managerial, and operational issues related to cyber security infrastructure. (IC)3 recently secured $3.5 million from the US Department of Energy to fund its work in the energy sector, including with ExxonMobil and Schneider Electric.
“Cyber security of our critical infrastructure is a serious national security challenge,” says David Schmittlein, MIT Sloan’s dean.
Meanwhile, management professors from Haas School of Business are working with peers from UC Berkeley’s engineering disciplines to foster research programs around the issue, at the Center for Long-Term Cybersecurity.
And Columbia Business School’s Center for Business, Law and Public Policy has hosted sessions on cyber crime with executives from organizations including IBM.
One of the first US programs to launch was Olin Business School’s master in cyber security management, in partnership with its sister school of engineering and applied science, in Washington.
“Protecting proprietary information, intellectual property and all the data that companies store and share via the Internet is of utmost importance to business leaders today,” says Mahendra Gupta, dean of Olin Business School.
Others, including Sellinger School, GW School of Business, Georgia Institute of Technology, and George Mason University offer management degrees in this area.
Peter Swire, professor at Georgia Tech, says there is an “urgent need” to bridge the gap between code-level technologists and top management.
“We train our students to fill that gap,” says Peter, who has advised the US president on cyber security.
In October last year, Kogod School of Business launched the Cybersecurity Governance Center, which will focus on cyber security as a management and governance issue, not just a technology one.
“The relentless growth of cyber crimes against corporations is one of the great corporate governance challenges of our time,” says William DeLone, executive director.
Among the list of high-profile corporate hacking victims are TalkTalk, Sony and pubs group JD Wetherspoon. TalkTalk’s attack cost the UK telecoms company $35 million.
The Center for Strategic and International Studies, calculates that cyber crime incurs a $575 billion cost to the global economy each year.
Harvard Business School MBA Matthew Prince is capitalizing on that cost. He founded CloudFlare, a cyber security start-up, with Harvard classmate Michelle Zatlyn, after winning Harvard’s Business Plan Contest seven years ago.
The company raised $110 million in venture capital last year, from investors including Fidelity, Google, and Microsoft.
Matthew says traditional solutions to hacks such as firewalls, load balancers, and DDoS mitigation appliances are becoming obsolete, “as organizations distribute their applications across geographies and cloud environments”.
Schools in Europe and the UK too have responded to demand for more courses on cyber security.
The UK’s top cyber security executives are being paid more than £10,000 a day, according to recruitment firm Manpower, as demand for specialists has surged fourfold over the past year.
At France’s EDHEC Business School, the Criminal Risk Management department was established with the help of industry leaders, including the chief security officer of Rio Tinto, and delivers customized training programs.
“Cyber security is one of the biggest areas of concern for businesses right now,” says Michelle Sisto, director of the EDHEC Global MBA.
EDHEC has launched a new track for MBA students focused on economic crime risk, which has signed up 15 students, who will visit Silicon Valley to meet with companies involved with cyber security.
“There has been pretty strong interest from students,” Michelle says. “They see it as an area of growth.”
David Upton, professor at Oxford University’s Saïd Business School, which in 2015 launched a cyber risk program for business executives, says: “Cyber security should be a standard part of any business education.”
These programs tend to pool efforts from universities’ business and engineering or science departments, highlighting the multidisciplinary approach needed to take on cyber criminals.
London’s Cass Business School works with its sister School of Informatics to deliver an MSc in Management of Information Security and Risk, costing up to £7,500, which aims to bridge the gap between technical staff and the executive suite.
Meanwhile, Coventry Business School launched last year an MBA in cyber security. “Organizations, particularly those associated with critical national infrastructure, are being systematically attacked, all day, every day,” says Dr Jason Ferdinand, head of Coventry’s cyber security management research group.
He adds: “Knowledge of cyber security is fundamentally important for successful management and leadership now.”
The uptake of cyber security by top business schools is likely to continue, as high-profile hacks on companies show no sign of abating. Marie Kratz, director of the risk research centre at ESSEC Business School, says cyber crime is “becoming a hot topic”.