University managers ‘don’t take cybersecurity seriously’

Sadie Creese says institutions’ leaders endanger research by not prioritising digital security

December 5, 2013

Source: Getty

Think about encrypting: digital security is a low priority for many academics

The overpromotion of academics who are brilliant in their field but “awful” managers is jeopardising the effectiveness of university cybersecurity policies, a conference has heard.

Sadie Creese, professor of cybersecurity at the University of Oxford, said that cyber-risk was not always taken seriously by all members of universities’ executive boards, meaning that digital security practices were “lagging behind” those employed in industry and government.

Speaking at the Cyber Security in Higher Education conference, held by Universities UK in London on 28 November, Professor Creese said that the “hierarchies and the style of management you find in academia” made it difficult to embed in institutions a culture of awareness regarding cyberthreats.

“We are definitely a sector that suffers, at times, from overpromoting people who are brilliant in their discipline, but who are just awful managers, into what amounts to a management role and then expecting them to deal with some of this stuff,” she said. “They are not equipped to do it.”

She added that the problem in many institutions was that “techies” were regarded as the “custodians” of cybersecurity, meaning that it was not always a high priority among senior management teams.

“In universities’ senior administrative bodies, cyber-risk is not something that everybody engages with in the same way they engage with any other material risk,” she said.

“That’s a problem for many reasons, not least because if you have people worrying about seeing the new risks as they evolve, who are all very similar in the way they think, then you won’t spot the new [developments].”

The key to minimising the negative impact of risks as they materialise, she said, was to “catch them early”.

At the conference, Universities UK released a report that outlines the management steps that universities should take to protect themselves from cyberthreats. According to Cyber Security and Universities: Managing the Risk, research with potential economic value is particularly at risk from targeted attacks.

However, Professor Creese said that it was a challenge for universities to identify exactly the material that was genuinely of interest to cybercriminals.

“For the professor who comes up with an idea, it’s like giving birth to a child. If you ask them, they will always value it highly, so if you are a large organisation, you are left with a huge list of stuff that is going to potentially change the world 10 or 20 years later on. The question is, how do you prioritise? That’s tricky.”

Times Higher Education free 30-day trial

You've reached your article limit

Register to continue

Registration is free and only takes a moment. Once registered you can read a total of 6 articles each month, plus:

  • Sign up for the editor's highlights
  • Receive World University Rankings news first
  • Get job alerts, shortlist jobs and save job searches
  • Participate in reader discussions and post comments

Have your say

Log in or register to post comments

Featured Jobs

Most Commented

United Nations peace keeper

Understanding the unwritten rules of graduate study is vital if you want to get the most from your PhD supervision, say Kevin O'Gorman and Robert MacIntosh

David Parkins Christmas illustration (22 December 2016)

A Dickensian tale, set in today’s university

Eleanor Shakespeare illustration (5 January 2017)

Fixing problems in the academic job market by reducing the number of PhDs would homogenise the sector, argues Tom Cutterham

poi, circus

Kate Riegle van West had to battle to bring her circus life and her academic life together

man with frozen beard, Lake Louise, Canada

Australia also makes gains in list of most attractive English-speaking nations as US slips