Kogod Professor Explains 3 Cyber Security Misconceptions

Cyber crime costs the world economy about $445 billion every year. According to an industry risk analysis report from 2016, cyber risks ranked third out of the top business risks, already 12 places higher than in just five years ago. Needless to say, cyber security misconceptions become a major concern in the modern business world that needs to be addressed sooner rather than later.

Ayman Omar, an Associate Professor in the Department of International Business and a Research Fellow at the Kogod Cybersecurity Governance Center, is working on an in-depth report on cyber risk at an Austrian university. According to the researcher, he has interviewed executives in over 50 organizations in the United States and Europe, and the preliminary findings reveal some startling patterns of decision-making when dealing with cyber risks. Omar recently published an article on the Kogod School of Business website outlining common misconceptions that managers embrace about cybersecurity, and updating the Kogod community of his research.

Misconception #1: Cyber Risk is an IT Issue (vs. a Cross Functional Problem)

The first misconception Omar mentioned is that cyber threats are not just an IT issue. Instead, a successful cyber attack can have an organization-wide impact on the operations, marketing, or logistics departments, as well as other functional areas within the organization. According to Omar, isolating cyber risks in the IT department does not provide a comprehensive risk management strategy that can effectively deals with an issue if it should arise.

Misconception #2: Organizational Focus (vs. Supply Chain Focus)

The pattern Omar has noticed shows that businesses focus of addressing cyber risks as they relate to that specific organization, without taking the entire supply chain into account. In fact, company’s such as Target, Home Depot, Fiat Chrysler, T-Mobile USA, IRS, CVS, Costco, Sam’s Club, and Boston Medical Center have all been compromised by cyber attacks because their third party providers were compromised.

Misconception #3: Assessing Cyber Risks Qualitatively (vs. Quantitatively)

According to Omar, many organizations use a qualitative approach to assess and quantify risks, but a risk that is considered as “high” may be interpreted differently across various units of the organization. Instead, companies should take a quantitative approach when assessing cyber risks.

Along with cyber risk, Omar’s research interests include global supply chain management, specifically targeting areas such as supply chain integration and responsiveness, and sustainability in global supply chains. You can read Omar’s complete thoughts on cyber risk here.

regions: Washington, DC

About the Author