Kogod Professor Explains 3 Cyber Security Misconceptions

Cyber Security Misconceptions

Cyber crime costs the world economy about $445 billion every year. According to an industry risk analysis report from 2016, cyber risks ranked third out of the top business risks, already 12 places higher than in just five years ago. Needless to say, cyber security misconceptions become a major concern in the modern business world that needs to be addressed sooner rather than later.

Ayman Omar, an Associate Professor in the Department of International Business and a Research Fellow at the Kogod Cybersecurity Governance Center, is working on an in-depth report on cyber risk at an Austrian university. According to the researcher, he has interviewed executives in over 50 organizations in the United States and Europe, and the preliminary findings reveal some startling patterns of decision-making when dealing with cyber risks. Omar recently published an article on the Kogod School of Business website outlining common misconceptions that managers embrace about cybersecurity, and updating the Kogod community of his research.

Misconception #1: Cyber Risk is an IT Issue (vs. a Cross Functional Problem)

The first misconception Omar mentioned is that cyber threats are not just an IT issue. Instead, a successful cyber attack can have an organization-wide impact on the operations, marketing, or logistics departments, as well as other functional areas within the organization. According to Omar, isolating cyber risks in the IT department does not provide a comprehensive risk management strategy that can effectively deals with an issue if it should arise.

Misconception #2: Organizational Focus (vs. Supply Chain Focus)

The pattern Omar has noticed shows that businesses focus of addressing cyber risks as they relate to that specific organization, without taking the entire supply chain into account. In fact, company’s such as Target, Home Depot, Fiat Chrysler, T-Mobile USA, IRS, CVS, Costco, Sam’s Club, and Boston Medical Center have all been compromised by cyber attacks because their third party providers were compromised.

Misconception #3: Assessing Cyber Risks Qualitatively (vs. Quantitatively)

According to Omar, many organizations use a qualitative approach to assess and quantify risks, but a risk that is considered as “high” may be interpreted differently across various units of the organization. Instead, companies should take a quantitative approach when assessing cyber risks.

Along with cyber risk, Omar’s research interests include global supply chain management, specifically targeting areas such as supply chain integration and responsiveness, and sustainability in global supply chains. You can read Omar’s complete thoughts on cyber risk here.


About the Author

Max Pulcini

Max Pulcini is a Philadelphia-based writer and reporter. He has an affinity for Philly sports teams, Super Smash Bros. and cured meats and cheeses. Max has written for Philadelphia-based publications such as Spirit News, Philadelphia City Paper, and Billy Penn, as well as national news outlets like The Daily Beast.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Short Registration

Match with reputable MBA/MS programs in minutes by completing your applicant profile with MetroMBA. As a registrant, you will also gain access to resources, advice and exclusive offers as you research and pursue your graduate business school options.
  • Please only indicate the regions you are interested in pursuing your graduate management education. If you select, "all regions" you do not need to select individual regions.
  • This field is for validation purposes and should be left unchanged.

Your compare list