University managers ‘don’t take cybersecurity seriously’

Sadie Creese says institutions’ leaders endanger research by not prioritising digital security

December 5, 2013

Source: Getty

Think about encrypting: digital security is a low priority for many academics

The overpromotion of academics who are brilliant in their field but “awful” managers is jeopardising the effectiveness of university cybersecurity policies, a conference has heard.

Sadie Creese, professor of cybersecurity at the University of Oxford, said that cyber-risk was not always taken seriously by all members of universities’ executive boards, meaning that digital security practices were “lagging behind” those employed in industry and government.

Speaking at the Cyber Security in Higher Education conference, held by Universities UK in London on 28 November, Professor Creese said that the “hierarchies and the style of management you find in academia” made it difficult to embed in institutions a culture of awareness regarding cyberthreats.

“We are definitely a sector that suffers, at times, from overpromoting people who are brilliant in their discipline, but who are just awful managers, into what amounts to a management role and then expecting them to deal with some of this stuff,” she said. “They are not equipped to do it.”

She added that the problem in many institutions was that “techies” were regarded as the “custodians” of cybersecurity, meaning that it was not always a high priority among senior management teams.

“In universities’ senior administrative bodies, cyber-risk is not something that everybody engages with in the same way they engage with any other material risk,” she said.

“That’s a problem for many reasons, not least because if you have people worrying about seeing the new risks as they evolve, who are all very similar in the way they think, then you won’t spot the new [developments].”

The key to minimising the negative impact of risks as they materialise, she said, was to “catch them early”.

At the conference, Universities UK released a report that outlines the management steps that universities should take to protect themselves from cyberthreats. According to Cyber Security and Universities: Managing the Risk, research with potential economic value is particularly at risk from targeted attacks.

However, Professor Creese said that it was a challenge for universities to identify exactly the material that was genuinely of interest to cybercriminals.

“For the professor who comes up with an idea, it’s like giving birth to a child. If you ask them, they will always value it highly, so if you are a large organisation, you are left with a huge list of stuff that is going to potentially change the world 10 or 20 years later on. The question is, how do you prioritise? That’s tricky.”

chris.parr@tsleducation.com

Times Higher Education free 30-day trial

You've reached your article limit

Register to continue

Registration is free and only takes a moment. Once registered you can read a total of 6 articles each month, plus:

  • Sign up for the editor's highlights
  • Receive World University Rankings news first
  • Get job alerts, shortlist jobs and save job searches
  • Participate in reader discussions and post comments
Register

Have your say

Log in or register to post comments

Featured Jobs

International Student Support Assistant YORK ST JOHN UNIVERSITY
Senior Lecturer: Architecture (Cultural Content) NORWICH UNIVERSITY OF THE ARTS
Head of Department of Physics ZHEJIANG UNIVERSITY
Research Assistant LONDON SCHOOL OF ECONOMICS & POLITICAL SCIENCE LSE

Most Commented

question marks PhD study

Selecting the right doctorate is crucial for success. Robert MacIntosh and Kevin O'Gorman share top 10 tips on how to pick a PhD

India, UK, flag

Sir Keith Burnett reflects on what he learned about international students while in India with the UK prime minister

Pencil lying on open diary

Requesting a log of daily activity means that trust between the institution and the scholar has broken down, says Toby Miller

Application for graduate job
Universities producing the most employable graduates have been ranked by companies around the world in the Global University Employability Ranking 2016
Construction workers erecting barriers

Directly linking non-EU recruitment to award levels in teaching assessment has also been under consideration, sources suggest