High-profile data breaches have become all too common in recent years with companies such as Target Home Depot and Anthem forced to own up to and handle PR nightmares following large-scale hacks. As a result, security has become a major priority for businesses both big and small -- but hackers always seem to be one step ahead. Experts agree that there is a growing need for cybersecurity professionals and universities across the country haven't caught up to the needs of the corporations. In fact, a recent study by CloudPassage found that most schools earn an "F" grade when it comes to teaching the next generation of cybersecurity pros.
The study from CloudPassage evaluated the top ranked technology universities based data from U.S. News and World Report's Best Global Universities for Computer Science, Business Insider's Top 50 best computer-science and engineering schools in America, and the 2015 QS World University Rankings for Computer Science and Information. CloudPassage evaluated the 122 universities on these lists to see what they offer in terms of cybersecurity courses and the cybersecurity requirements for each student to graduate -- and the results were dismal.
According to Robert Thomas, CEO of CloudPassage, the poor results suggest an immediate need for change in higher education. "In a world of escalating threats and attacks -- universities have a responsibility to address security with their students," he says.
Cybersecurity requirements for undergraduates are lacking
The report from CloudPassage revealed that out of the top 10 computer science programs in the U.S., not a single program requires a cybersecurity course to graduate. And on the list of Business Insider's top 50 computer science programs, only three schools out of the 50 require a cybersecurity course for graduation. Perhaps most surprisingly, out of the 122 schools reviewed, only one -- the University of Alabama -- requires three or more cybersecurity courses to graduate.
Using this data, CloudPassage assigned a grade to each university, and found that out of the top 50 schools on Business Insider's list, not a single university earned an A for its cybersecurity efforts and only three earned a B -- beyond that, 11 universities earned a C, 28 earned a D and eight earned an F.
"There needs to be a fundamental shift in the cybersecurity paradigm; we must get to a point where every university requires computer science majors to complete cybersecurity training as a graduation requirement, so that the programmers and developers of the next generation have security front-of-mind when delivering products to market," says Thomas.
However, these stats illustrate that cybersecurity is still not a priority for most universities -- even at schools with the top-rated computer science programs in the nation. Cybersecurity is quickly becoming a priority for organizations, so if students aren't graduating with the necessary education, the skills gap will only grow wider. However, it's not as if cybersecurity is completely lacking in undergraduate programs, most universities offer courses in cybersecurity -- even if it's only one course -- but most programs don't require students to take these courses in order to graduate. Rather, cybersecurity is viewed more as an elective, suggesting they expect students to enroll in the course if they see themselves getting into security after graduation. The reality of the situation is that security affects nearly every aspect of IT and technology at a company, and it's not just something the CSO needs to be worried about.
Sign up for CIO Asia eNewsletters.