Are Companies Taking Cyber Security Seriously?

The Deloitte hack in September was just the latest in a long line of high-profile security breaches in 2017. In October, in an interview with The Telegraph, Jeremy Fleming, the new head of security organization GCHQ in the UK said, “If GCHQ is to continue to help keep the country safe as we prepare for our second century, then protecting the digital homeland – keeping our citizens safe and free online - must become and remain as much part of our mission as our global intelligence reach and our round-the-clock efforts against terrorism.”

Who is being hacked?

The guys over at informationisbeautiful.net have handily put together a great visual representation of how the size and regularity of data breaches have increased over recent years. It certainly raises a few questions. Are companies doing enough to ensure their cyber security? And, are management teams being trained sufficiently to roll out security processes?

Research from a Cyber Crime Observatory run by Politecnico di Milano School of Management, has highlighted how little is being done by companies in terms of their cyber security. Their research focused on the information security systems and expenditure breakdown of 803 SMEs operating in Italy in 2016, and the findings were eye-opening to say the least.

Only 9% of SMEs run training courses or email updates teaching staff about IT security risks, with the number rising slightly to 20% of medium-small firms, and 24% of larger firms.

“Although 93% of SMEs report that they allocated a security budget for 2016, this does not necessarily mean that it was spent in a well-informed manner. In fact, the top-reported reason for security expenditure was to comply with legislation (48%).”

What can companies do to protect themselves?

We spoke to Alessandro Piva, director of the research observatory, who says that, “The exponential rise in hacks must be matched by a much more decisive drive towards protecting the wealth of information held by companies.” And while large companies marshal 75% of the total Italian market spend in security solutions (worth €972 million in 2016), “few of them have developed any real strategy or plans on the matter”. He argues that things are even worse within SMEs who, “underestimate the question of raising awareness among their staff.”

And it is certainly not a problem that is just isolated to Europe. A survey conducted by CNBC and Survey Monkey of 2,000 small-business owners, across a variety of industries in the US, showed that only 2% viewed the threat of a cyberattack as the most critical issue they face. It is understandable that taxes and cost of employee healthcare might weigh higher on the minds of small business owners. However, the fact remains that half of the 28 million small businesses in the US have been hacked, according to the 2016 State of SMB Cybersecurity Report. This clearly shows more must be done to protect data, across all sizes of business.

The role of business schools in data protection

On business schools’ role in protecting against the threat of cyber-attacks Piva says, “Business schools should provide more specific courses focused on information security and data protection, because many companies are making important investments to acquire competencies in these fields. From our recent research, for example, 50% of Italian companies declare that they want to hire new human resources with academic and multidisciplinary skills in the coming months.”

However, there are a number of business schools out there that recognize just how important the issue has become in the modern world. Below are just a few of the MBA programs that are aiming to equip the leaders of tomorrow with the tools they require to combat the threat to cyber security.

A number of business schools are directly addressing the issue of cyber security by offering MBA concentrations. These include the MBA in Cyber Security (MBACS) at Coventry University, the first of its kind to be launched in the UK back in 2015, which looks at the legal, financial and the reputational risks associated with cyber-related threats to businesses.

George Washington University offer a World Executive MBA with Cybersecurity, a 16-month all-inclusive accelerated program, the direct result of a partnership between GWSB and GW’s Center for Cyber and Homeland Security. As part of the MBA you’ll, “delve into US and global cybersecurity strategy, policy and law, and you’ll become acquainted with the full range of cyber threats and their actors.”

London Metropolitan University also run a specialized MBA (Cyber Security) degree, which includes modules on cyber security, cybercrime and cyber security management. The degree covers specific challenges faced by all organizations, including identity theft, scams, fraud and attacks on computer systems. Students learn how to anticipate, deter, detect and resist cyber-attacks on digital assets and activities.

It will come as little surprise that many of these programs are run online. Examples include SMC (Swiss Management Center) University’s MBA in Information Security Management, the University of Texas at Tyler’s MBA with a concentration in cyber security, and Florida Tech’s online MBA with a specialization in cybersecurity.

With no signs that the levels of hacking attempts are going to slow down soon, we can fully expect more emphasis on cyber security in MBA programs in the future.

The final words go to Piva, “Very often cyber criminals use social engineering techniques to breach corporate systems. There are still too many unknowns about how well companies will govern the increasing menaces linked to IT security.”