May is filled with college graduations. Commencement speeches will reflect on what students have accomplished, and what lies ahead. As I walk through the university campus where I teach, I can’t help but think about what our students will face as they move into the workforce.
Every day, we hear about a new security threat — from viruses to application vulnerabilities to fraud and cybercrime.
To say that it’s a challenging time for business and security leaders is an understatement. The IBM X-Force Threat Intelligence team estimated that more than half a billion records with personally identifiable information (names, emails, credit card numbers, passwords) were leaked last year. The fact is that information security has evolved past the purview of just cybersecurity specialists and IT experts.
The 2013 IBM CISO Assessment called for security leaders to become more business focused. The reverse needs to happen as well. Business leaders must have a solid understanding of information security and cybersecurity issues. How else can you effectively protect your company’s information and intellectual capital if you can’t foresee potential threats?
Just last year, when we conducted our Cybersecurity education study, participants indicated that work to incorporate cybersecurity topics into business programs was primarily in the planning and development stage. Dr. Peter Warren Singer, senior fellow and director of the Center for 21st Century Security and Intelligence at the Brookings Institution, summed up the challenge well in his interview with Forbes magazine: “Seventy percent of executives, whether in the technology industry or the paint industry, are dealing with cybersecurity questions—and yet no major MBA program is teaching them how to handle the risks.”
The good news is that we’re starting to see universities and colleges take the first step and offer students an interdisciplinary approach as recommended in the study.
Here are just three examples I learned of recently.
- Stanford University offers a joint Computer Science MS/MBA program. In this program, MBA students focus on business courses their first year, and then can expand their coursework in computer and network security topics their second and third years.
- University of Dallas offers an MBA degree with a Cybersecurity concentration. This 42 credit hour program educates business students on numerous cybersecurity challenges, including data protection, compliance and legal issues, penetration testing and vulnerability assessment, and digital forensics.
- Salve Regina University in Rhode Island, where I serve as an adjunct faculty member in the Business Studies and Economics department, also recently added a Cybersecurity concentration to its MBA program. The concentration provides MBA students with additional coursework in cybersecurity threat analyses and management.
I think we will continue to see more multi-disciplinary programs like these to help business leaders create a more secure future. Ultimately, however, cybersecurity must be viewed as a core skill for future business leaders. Instead of being taught as part of an information systems concentration or technology track, it must become as integral to their education as finance, strategy, law or risk management.
What do you think? How should universities and colleges incorporate cybersecurity education into their business degree and MBA programs?
Share your answers in the comment section below.
If you’d like to read more about leading cybersecurity education practices, case studies, and IBM’s recommendations, download the IBM Center for Applied Insights study, Cybersecurity education for the next generation.