The average number of cyberattacks per company, at 270 as of 2021, jumped 31% from the prior year, according to an Accenture report. Business leaders must be concerned about data protection and integrity, as well as the costs to both businesses and customers—and particularly as data breaches and other cyberattacks become more common.
“We have seen a continued escalation of cyber incidents,” Keri Pearlson, executive director of interdisciplinary research consortium Cybersecurity at MIT Sloan (CAMS), tells Fortune. “Many no longer make the headlines unless they are so unique, so damaging, or so different than previous incidents.”
The average total cost of a data breach at a U.S. company is $4.35 million, according to research by IBM. And 60% of breaches led to price increases that companies passed on to customers. Despite the fact that data breaches and cyberattacks can suck data, privacy, and money out of a company, many business leaders don’t have the cybersecurity chops to prevent such events.
“As we like to say, The bad guys are getting ‘badder,’’’ Pearlson says. “Cyber risk is so significant that a responsible board can no longer ignore it or just delegate it to a few risk-management experts.”
In addition to bringing more awareness to the havoc that cyberattacks can wreak, MIT Sloan will also teach business leaders some prevention tactics.
While cyber risks are a concern for business leaders, they may come up short with prevention measures. Cybersecurity is on the agenda for corporate boards of directors, with 76% of those surveyed saying they’ve made adequate investments in cybersecurity, according to an Oct. 4 study released by cybersecurity company Proofpoint and CAMS.
“But this optimism may be misplaced,” the authors of the study caution. That’s because the report also found that 65% of board members think their organization is at risk for a cyberattack in the next 12 months, and 47% feel their organization is unprepared to deal with a targeted attack. What’s more, only 66% of board members view human error as their biggest cyber vulnerability, whereas the World Economic Forum reports that human error leads to 95% of all cyber breaches.
“Board members must be knowledgeable participants in cyber leadership,” Pearlson says. “Board members need a set of frameworks, a language, some examples, and actionable insights so they have an independent way to interpret and understand what their organization is doing to be cybersecure.”
In an effort to provide the cybersecurity training necessary to be more secure, MIT Sloan Executive Education announced last week the launch of a new course, Cybersecurity Governance for the Board of Directors. The course is led by Pearlson; Stuart Madnick, a professor of Information Technology at MIT Sloan who has been researching cybersecurity for 40 years; and Kevin Powers, a CAMS research affiliate.
This type of course is “long overdue,” Madnick tells Fortune. He cites a 2015 quote from SEC Commissioner Luis A. Aguila, who warned that “boards that choose to ignore, or minimize the importance of cybersecurity oversight responsibility, do so at their own peril.”
The MIT Sloan course is designed to teach board members the relevant models and best practices so they become more knowledgeable cybersecurity leaders. Participants will learn about the current state of cyber threats and vulnerabilities and think about ways to develop cybersecurity strategies at their companies.
“One role board members have is to make sure the executives in the company are making the best decisions possible to manage the risk faced,” Pearlson says. “Since cybersecurity risk is a significant business risk today, board members must have the right level of knowledge to ask critical questions to be able to evaluate how their executives are doing.”
Students will also walk away with ideas on how to develop a corporate culture of cybersecurity and an understanding of cybersecurity regulations related to their industry. “There are lots of new regulations coming forward, not just from the SEC, but also White House, Congress, and most states and countries around the world, that are imposing more high-level responsibilities on companies,” Madnick adds.
Enrollment for the course is now open, and the first program runs from Nov. 30 to Dec. 3. It’s hosted live online over the course of the three days, with about four to six hours of class per day. The course costs $4,500, and the program includes case studies, exercises, lectures, and discussions.
“No other cybersecurity course covers this range of topics in quite the same way we do, taught by researchers doing primary research in this area and sharing it with directors and leaders in an understandable, actionable way,” Pearlson says.
Participants receive a certificate of course completion, and the course is worth 2.0 executive education units at MIT Sloan. The school hosts several other online cybersecurity courses, including Cybersecurity for Managers: A Playbook.
See how the schools you’re considering fared in Fortune’s rankings of the best master’s degree programs in data science (in-person and online), nursing, computer science, cybersecurity, psychology, public health, and business analytics, as well as the doctorate in education programs and MBA programs (part-time, executive, full-time, and online).
