“Cybersecurity is more than just an IT issue — it impacts every level of an organization,” Rosenbach said. “Cybersecurity is about risk management and who better to address risk management holistically than the organization’s leaders? Leaders need to be aware of the threats and challenges facing their organization, in order to effectively allocate resources to mitigating cyberattacks.”

The problem is that few business leaders have the background and training required to even ask the essential questions about their organizations’ cybersecurity preparedness, let alone answer them. This is why HarvardX, one of Harvard University’s online learning programs, has developed a course designed to give corporate leaders this essential education. Through the program, working professionals learn how to assess their organizations’ security vulnerabilities, how to build an incident response plan, and, in general, how to articulate the importance of cyber risk management. Learning these skills will give them the knowledge they need to protect the data of their organizations and their customers.

Democratizing cybersecurity

While leadership is key to making cybersecurity an organizational priority, that can’t happen without organizational buy-in.

One way to understand today’s corporate cybersecurity environment is that, with the rise of remote work, cloud technology, and the bring-your-own-device movement, companies have more security vulnerabilities than ever. Every employee, server, and connected device is a potential weak point. This is particularly true with email, which remains a real threat for companies across industries. In a recent poll of 1,300 IT security decision makers, 56 percent said that phishing attacks were the top security threat they faced.

This is why, to truly protect their digital infrastructure, companies must invest in cybersecurity training programs that give employees the skills and knowledge they need to defend themselves against hackers. The best of these efforts are more elaborate than formal classroom training programs. To educate employees about how to spot phishing emails, for example, many companies run internal mock phishing tests, which mimic the methods and style of phishing emails. The results of these tests are then shared with the organizations, along with detailed explanations of the specific features of the fake phishing email that tricked unwitting employees.

The evolving nature of cybersecurity underscores the importance of keeping leadership — both today’s and tomorrow’s — educated about threats and where they will come from. This is why the last module of Harvard’s cybersecurity course focuses on some of the emerging threats and challenges, such as artificial intelligence, big data, and quantum computing. Rosenbach said that these topics will only become more prominent components of the course in the future.

“Threat actors are getting smarter and more sophisticated in their attacks. The technology is always changing too, so the good guys need to adapt how we look for breaches and prevent them from happening,” he said.

Visit the course page

to learn more about “Cybersecurity: Managing Risk in the Information Age.”

📬 Sign up for the Daily Brief

Our free, fast, and fun briefing on the global economy, delivered every weekday morning.