A growing number of business schools are offering MBA in Cyber Security as online attacks become a daily part of corporate life.
As malicious attempts to breach the information systems of organisations become more common, everyone on the management team needs to understand how to prevent them, Anitha Chinnaswamy, course director for Coventry’s Cyber Security Management MBA, told the Financial Times. She adds: “Security now lies in both technology and policy, process and people.” When Coventry University (UK) ran its MBA students through a simulated cyber attack, few of them knew what to do. Chinnaswamy points out that during such attacks, business professionals typically turn to the IT department, which should not be the case.
Global enterprise security spending is expected to reach more than USD 96 billion in 2018, according to research and advisory company Gartner, up 8% from 2017. Most of the training focuses on technical skills, but some argue that this alone is not enough. “Technical skills . . . by themselves are not sufficient to achieve effective cyber security,” Alan Brill, senior managing director for cyber security and investigations at security company Kroll, told the Financial Times. Preventing breaches, he says, relies as much on managing the online behaviour of employees as installing firewalls. Moreover, because cyber attacks have financial, legal, and reputational implications, professionals from an increasingly wide range of corporate functions need to understand the threats and how to prevent or respond to them. “Each MBA programme should have at least some content on cyber security,” Brill adds.
For now, this vision appears far from reality, but it is gathering steam. In the US, for example, the University at Albany’s Business School offers a full-time MBA specialisation in cyber security, covering both managing risks and analysing security incidents. Among the online courses offered by Florida Tech is an MBA in Cyber Security.
In Europe, IE (Spain) is among the business schools that have recognised the need for digital security skills among business professionals. The International MBA & Master in Cybersecurity dual degree programme combines the training in general management provided by the International MBA with training in cybersecurity provided by the Master in Cybersecurity. The Master side of the course is designed to prepare professionals to define and lead cybersecurity strategies and teams. Participants dive into information security threats and trends, regulatory and security frameworks, risk management, cyber intelligence, and crisis response. The study plan includes topics such as security incidents, security of electronic payment systems, cybercriminology, and cybercrisis management and resilience.
Coventry University was the first to offer such a course in the UK. Launched in 2015, the Cyber Security Management MBA is taught through face-to-face workshops on campus as well through online content. Topics include strategic thinking and analysis, network security, crisis communications and international cyber and digital law. From September, the university will have cyber security MBA students and regular MBA students studying core subjects — such as finance and marketing — together, with additional modules available for those with the security specialism. This will allow for a broader exchange of knowledge and experience between professionals from different backgrounds, says Chinnaswamy. “It’s the networking aspect,” she says. “It gives them an opportunity to interact with each other.” While some of the students on Coventry’s course are security experts, most come from a range of industries and functions, with few having extensive or specialised technical knowledge.
By contrast, the students taking the MBA in Cyber Security at London Metropolitan University (UK) are professionals who manage cyber security departments or processes. To take the course these students must have a background in computing or a related discipline. Hazel Messenger, MBA course leader at London Metropolitan, said: “They want to blend management knowledge with the specialist area they’re in. They are wanting to sit at a board meeting and to understand what the guy from marketing and finance is saying.”
The Coventry and London Metropolitan courses reflect the need for two different types of cyber security management courses. One for strategy, operations or finance executives who are moving into the cyber security side of the business and another for professionals with a technical background who are rising through the ranks of senior management.
“Someone from a technical background might need help in understanding the geopolitical environment or strategic decision making, whereas the business person might need some help in understanding network architecture,” according to Tim Ogle, cyber security expert at 7Safe, a division of PA Consulting that provides cyber security investigation services as well as training.
Business schools are not alone in teaching the management side of cyber security. At Texas A&M School of Law (US), a Master of Laws degree in Risk Management includes a course in cyber security, which Brill, the director at Kroll, teaches. Regardless of sector, he says, cyber security education needs to expand beyond the realm of computer science. “Organisations that consider cyber security to be a technology problem — something that can be offloaded to the ‘techies’ — are almost guaranteed to have incidents.”
Source: The Financial Times