Smith School Hosts Eighth Annual Cybersecurity Forum
The University of Maryland's Robert H. Smith School of Business in partnership
with the School of Public Policy hosted the Eighth Annual Forum on Financial Information
Systems and Cybersecurity: A Public Policy Perspective on January 18, 2012. The
forum brought together nearly 100 leading experts from around the world to discuss
The forum, which is managed by Larry Gordon, Ernst & Young Alumni Professor of
Managerial Accounting, Martin Loeb, professor of accounting and information assurance
and Deloitte & Touche LLP Faculty Fellow, and William Lucyshyn, director of research
and senior research scholar at the University of Maryland School of Public Policy,
encourages the kind of rich interchange of ideas that can only occur when people
from many academic backgrounds and industries gather.
Gordon said that the diversity of attendees to this conference reflects the wide-ranging
implications of cybersecurity. The industry breakdown of the audience was about
one-third economists, one-third engineers/computer scientists and one-third faculty.
The day-long forum encouraged active discussion around many issues surrounding
all aspects of cybersecurity, from insurance and incentives to natural disasters
and systemic risk.
Allan Friedman, from the Brookings Institution, spoke about a relatively new
concept: cyber insurance. “Cyber risks can be mitigated with investing in technology
and specialty staff or by transferring the risk (i.e. purchasing cyber insurance).
But, the concept is relatively new and firms have had difficulty understanding both
the risks and the basics of such policies.” Companies also balk at carrying cyber
insurance due to cost, and/or because the decision is made by IT professionals (although
third-party risk assessors are becoming more prominent in this process), who favor
investing in technology safeguards.
John Olcott, from Good Harbor Consulting, discussed SEC disclosure guidance on
cybersecurity risks and incidents. He outlined three types of cyber attacks: (1)
custodial information, (2) operational disruption and (3) intellectual property/trade
secrets. He said that most businesses focus on preventing the first two, but the
last one has the most financial impact. He said that in 2009, President Obama stated
that cyber criminals stole intellectual property from businesses worth up to $1
The forum concluded with the annual “Ira Shapiro Lecture,” which is named in
honor of the 1958 Smith School accounting alumnus, who was national director of
tax services for Coopers & Lybrand (now part of PricewaterhouseCoopers). This year’s
lecture was extra special because members of Mr. Shapiro’s family were in attendance.
His son, Stephen, who teaches as an adjunct at UMD, made some remarks and said he
was glad his family has been involved at “a place that can change people’s lives
and make a difference.”
The lecture was given by Ed Gibson, a former FBI agent who currently works at
PwC as head of their forensic services group. He specializes in gathering intelligence
to detect, mitigate, and prevent corporate IT and security risks. Gibson gave a
riveting talk on Internet mafia and the culture of “yes.” He compared social media
to easy espionage, saying that we allow things to take place online that we would
never allow in real life. (Posting where we are every hour of the day on Twitter
and Facebook? Giving random mobile phone apps global positioning access? Organized
crimes’ dream comes true.)
His talk had the audience on the edge of their seats, leaving many wondering
if they were putting their security in jeopardy because of risky or careless online
behavior. He suggested that all attendees go home and update the security patches
on their computers, install software updates and secure their wireless networks.
These kinds of simple security steps are easy to take, but many people are just
too busy to do the recommended updates.
For a complete list of topics covered, you can
view the conference
The Smith School’s cybersecurity research is part of a wider university focus
on cybersecurity issues, highlighted by the recent launch of the Maryland Cybersecurity
Center. The center brings together experts from engineering and computer science
with colleagues from across campus in fields such as economics, social sciences
and public policy to help establish broad-based cybersecurity initiatives.
Greg Muraski & Alissa Arford, Office of Marketing Communications