E-Business Curricula and Cybercrime: A Continuing Error of Omission?

The growth of e-business has been accompanied by even faster increases in losses from security breaches, legal problems, and cybercrime. These unnecessary costs inhibit the growth and efficiency of e-business worldwide. Professional education in e-business can help address these problems by providing students with coursework aimed at them. The present study extends research begun in 2007 on course coverage of law, security, and ethics in e-business master’s programs. Data were collected from university web sites in 2010 on 104 e-business master’s curricula worldwide and compared with 2007 data. Results suggest no significant coverage changes and a majority of program curricula still lack courses in law, security, or ethics. Coverage of these topics did not apparently increase from 2007 to 2010 despite the rapid acceleration of cybercrime during the same period. However the change in coverage of topics related to cybercrime varied by region of the world in which e-business degree programs are based.


Introduction
The financial impact of cybercrime on e-business and business in general has escalated dramatically in recent years, apparently the fastest growing type of crime (1,2). Businesses all over the world are disrupted, lose sensitive information, and experience productivity declines as a result of cybercrime (3).Results of the 2010/2011 Computer Crime and Security Survey indicate that 67 percent of respondents experienced malware infection (2). According to the Internet Crime Complaint Center 2012 report (4), losses from Internet crime are up 8.3 percent over the previous year. Despite the cost and pervasiveness of cybercrime, a survey of over 9,300 business and technology executives in 128 countries found that businesses' use of key technology safeguards are on the decline and fewer than half have security awareness training programs for employees (5). Zhao and Zhao (6) identified various security vulnerabilities on up to one-third of Fortune 500 corporations' retail e-commerce. It is therefore not surprising that 40 percent of e-commerce customers sampled in a recent study expressed concerns about the security of web sites (7).This may reduce online shopping (8).
The 2011 Cyber Security Watch Survey report (9) concluded that employees need greater skills to address such problems. The Comprehensive National Cyber security Initiative(10) of the U.S. government has been expanded by President Obama to include a major goal to increase education focused on security (Initiative 8).In a review of legal harmonization on cybercrime, Clough (11) argued that education and technological solutions are as important as legal regulation in addressing the challenges of cybercrime. The paper's next section reviews the literature on the extent to which topics aimed at addressing cybercrime have been covered by educational programs intended to prepare professionals for e-business.

Literature Review
Law (12), security (13), and ethics (14) are necessary foundations for effective e-business. These factors can help to promote trust among e-consumers and prevent cybercrime. The Economist Intelligence Unit report in 2009 [15] recognized the importance of law by adding a legal component to estimate countries' e-readiness. Blythe (16) tracked the development and spread of electronic signature law around the world to promote security of Internet transactions. Abyad (17) contended that trust is more critical in e-commerce than in traditional shopping because it involves more uncertainty and risk. E-business security measures can help to build consumer trust (17,18,19). Shahibi and Fakeh (13) reported that technology concerns such as virus protection during online transaction and safe online payment were viewed by consumers as important determinants of e-commerce providers' security.
Ethics in e-business can take the form of privacy policies and clearly stated return policies (17). Maury and Kleiner (20) pointed out the need to build ethical values into e-business to improve consumer confidence.Bruce and Edgington (21) reported that ethics education in MBA programs can influence students' beliefs and behavior.Harris et al. (22) argued that "instruction in ethics should be a core component of the curriculum" (p. 187) and include a particular focus on cybercrime. Together, these studies suggest that ethics education may be basic to achieving the goals of improved security practices, legal compliance, and customer trust. Moreover, coursework in the areas of law, security, and ethics may serve to create an awareness of the dimensions of the cybercrime problem as well as prevent it. Fusilier and Penrod (23) reported that education programs for e-business professionals do not appear to provide sufficient preparation for preventing e-business legal and security problems even though evidence indicates that law, security, and ethics are necessary for enabling e-business.

Law, Security, and Ethics in e-business Education
Cybercrime is not viewed with the same ethical certainty as other types of crime such as robbery or assault (24).Incorporating cyber ethics into curricula for youth is increasingly seen as a means for prevention (24).McCrohan, Engel, and Harvey (25) demonstrated that it is possible to change security behaviors of Internet users through training. In spite of this, evidence suggests that e-business degree programs in higher education include: (a) ethics courses in fewer than five percent of curricula (26,27), (b) law and/or security courses in zero to 50 percent of curricula (28,29,30,31), and (c) e-business security courses in only 54 percent of the graduate and undergraduate e-business programs (32).A contrary finding was reported by Mechitov, Moshkovich, and Olson (33) that 70 percent of the masters of science in electronic commerce programs sampled had security and law course(s). However that result was based on a sample of only 10 programs.In a study of 163 e-business master's programs, Fusilier and Penrod (23) found law, security, and ethics courses offered in 47, 33, and 10 percent of e-business master's programs respectively. Two studies took a different approach to assessing curriculum content by coding e-business course syllabi (34,35). Results suggested that fewer than half of the syllabi included topics on legal issues, ethics, or privacy. Slightly over half of the syllabi included security as a topic. No previous studies were found that reported the existence of courses on prevention of cybercrime.

Purpose of the Study
It seems that the increase in cybercrime in recent years would necessitate more courses in e-business curricula to address the problem. Previous literature indicates a baseline underrepresentation of courses in e-business curricula focused on addressing cybercrime.Has this changed in recent years?The present study explored the responsiveness of universities to the wave of cybercrime. A repeated measures analysis was conducted to explore the extent of law, security, and ethics courses in master's degree e-business programs worldwide from 2007 to 2010. The purpose is to investigate whether cybercrime education has improved during this period as cybercrime has dramatically increased. Only e-business programs were studied which provides a focused test of curricular efforts regarding factors related to cybercrime. This type of program seems likely to include cybercrime prevention coursework because cybercrime is a serious threat to online business and the consumer trust so critical for e-business to thrive.

e-business Programs
The list of e-business master's programs used in the Fusilier and Penrod (23) study was obtained. The list included e-business master's programs that existed in 2007.The web sites of the schools offering the programs were checked in 2010 to determine whether each program was still being offered at that time. It is not unusual for e-business programs to be revised or canceled (36). Fifty-nine of the 163programs included in the earlier study were no longer listed on the web sites of the schools that had offered them in 2007. This suggested that 59 programs had been canceled. The present study therefore focused on the remaining 104 programs that had been analyzed by Fusilier and Penrod (23) in 2007 and were still operational in 2010. The list of courses comprising the curriculum of each program was accessed on the web site of the school offering it. Web sites in languages other than English were either translated by the authors or by an Internet translation site.

Course Categories
The online title and description for every course in the 104 e-business curricula were examined to determine whether the course appeared to cover the topic of (1) business law, (2) e-business law, (3) ethics, or (4) security. Each of these topics served as a category for courses. A course was included in a category if its title and description indicated that it mainly covered the topic of the category. For example, if a course mainly covered business law, it would be assigned to the business law category. Courses that did not cover any of the four topics of interest to the present study were not included in the categories. For example, a general finance course would not fit with any of the categories because its main focus was not on any of the four topics of interest.
After assigning courses to categories, the total numbers of courses in each of the four categories could be tabulated for all of the 104 e-business program curricula. The specific procedure used for placing courses into categories was: 1.Business Law: This category was for course titles and descriptions that indicated coverage of the topic of general business law. Examples of titles of courses that were included in this category were: "Survey of Business Law" and "Legal Environment of Business."In a few cases, legal issues and ethics were included in the same course (four incidents). Descriptions of these combination courses indicated a predominant emphasis on legal topics. They were therefore coded as business law or e-business law, whichever was most appropriate. No courses were counted in more than one coding category.
2.e-business Law: Courses were assigned to this category if their title and description indicated that they covered law in the context of e-business. Examples of such course titles included "Cyber law" and "e-business Intellectual Property." 3.Ethics:Courses with titles that concerned ethics were coded into this category. "Business Ethics and Society" and "Applied Ethics" were examples of course titles that were included in the category for ethics.
4.Security: The security category was for courses that covered topics such as security, cryptography, encryption technology, risk analysis, firewall technology, intrusion detection system, handling computer viruses, etc. Two example course titles are: "Electronic Payment and Security" and "Computer Security for e-commerce." The procedure of using course titles as a measure of topic coverage is consistent with previous research (23,28,32,30,37). Courses in the present sample were also designated as being required or elective in thee-business curriculum of which they were a part.

Results
Of the 104 e-business masters programs analyzed in the present study, forty-six were based in North America (Canada [5], USA [40], and Mexico [1]), 23 in Australia/New Zealand [21 and 2, respectively], 27 in Europe, and 8 in Asia. Table 1 shows the current findings on representation of law (business or e-business), security, and ethics courses in the master's e-business curricula as well as the previous results of Fusilier and Penrod (23).For each of the three categories, fewer than half of the programs included even one course, required or elective. The 2010 data suggest that 61 percent of the programs did not include a single business law course while 64 percent did not offer a course dedicated to security. Nearly 90 percent of the programs did not include a course clearly focused on ethics.

Interactions
Interaction terms were computed to explore changes in course offerings across the years by world region. Results of this analysis could address the question of whether the findings differ according to where the programs are located. Programs based in North America were compared to those based in the rest of the world. This approach was used because there were more programs based in North America than on any other continent. Dividing the sample this way allowed more equal sized groups to be formed. Statistically significant interaction terms were detected for required courses in business law, e-business law, and security. Each is explained below.
Results for required business law courses are displayed in Table 2 and graphed in Figure 2 A different result can be seen for required e-business law courses in Table 3

Discussion
Previous research has documented low representation of law, security, and ethics coursework in e-business education from the beginning of the past decade (e.g., 30,31).The present study's data do not indicate improvements in this low-representation pattern: changes in the percentages of programs including law, security, or ethics courses from 2007 to 2010 are not significant. If instruction in these topics is strongly related to awareness, prevention, and remedies for cybercrime, then their absence from university e-business programs might help to explain the growth of cybercrime with the spread of e-business.
The present data suggest that e-business programs in North America have increased their e-business law and security course offerings from 2007 to 2010 however this increase is not enough: the average number of courses per program is still less than 1.0.The decrease in business law courses in the sample's North American programs might be explained by a decision to focus more courses specifically on e-business law. The business law course requirement may have been shifted to e-business law, accounting for the increase in the latter area.
There is a clear need for cyber-security education. The present study found that 63.5 percent of the programs in the 2010 sample included no security course at all, either required or elective. This corroborates the Kim et al. (32) conclusion of a general deficiency in security coursework. The apparent lack of security coverage in degree programs may strongly contribute to the widespread security problems in e-business today. Liu and Mackie (38) provide details for teaching security for e-commerce.
Ethics coursework also appears needed. Evidence suggests that requiring an ethics course in an MBA curriculum contributes to students' views of effective coverage of ethics in the program (21). However 88.5 percent of the programs reviewed in the present study offered no courses obviously devoted to ethics.
E-business has tremendous potential for positive economic impact and appears more recession resistant than retail sales in general. Despite the global economic downturn, e-commerce is currently surging with a more than 15.2 percent increase over last year's sales (39).It has shown consistent rapid global growth and improved delivery of goods and services while potentially reducing the impact of doing business on the natural environment (40). However, World cybercrime can undermine these benefits. Technology changes rapidly and teaching students to have an orientation toward security, ethics, and legal issues will allow them to stay in touch with developments regarding cybercrime. Such instruction may also help e-business professionals to build ethical organizational cultures that can curtail internal criminal activity. It is incumbent on universities to include coursework on this issue. Academic studies recommending revision of curricula, however, do not seem to be enough. More than ten years of research findings and recommendations appear to have had no significant impact on e-business curricula regarding law, security, and ethics coursework.
Fusilier and Penrod (23) used regulatory focus theory to explain the relative neglect of courses in business curricula that focus on loss prevention, such as law, security, and ethics. These authors argued that business schools tend to emphasize coursework that promotes students' ability to attain gains, such as higher revenue or market share. Coursework focused on gains, such as marketing, were found to be more prevalent in business school curricula than the prevention-focused courses of law, security, and ethics. However, ongoing economic uncertainty may impose pressures on business schools to provide more balanced coverage between activities that address attainment of gain and prevention of loss.
University characteristics may also be partially to blame. Financial pressures and bureaucratic, unresponsive organizational structures may result in curricula that do not address the needs of society and students. Armour (41) contended that e-business programs are being designed more to attract enrollment rather than to effectively equip students to cope with the demands of an e-business career. This is consistent with Gumport's (42) observation that many universities are abdicating their roles as social institutions and instead taking on a profit orientation through increased enrollments. Unfortunately, such a role shift might result in neglect of universities' social and educational responsibilities. Universities must address cybercrime as leading social institutions regardless of economic imperatives. Activities consistent with this goal should include instruction in areas that bear on the issue.

Limitations of the Study and Directions for Future Research
The present study did not address the connection of university instruction in law, security, and ethics to actual behaviors directed at preventing and managing cybercrime. Future research could relate curriculum coverage of these topics to graduates' behaviors directed at addressing cybercrime. Another potential shortcoming concerns the extent to which course coding is based solely on course titles and descriptions represent course content. Studies could investigate course content in a variety of course titles to determine the extent to which law, ethics, and security might be infused into other academic subjects. King et al. (34) and Rezaee et al. (35) have already developed coding procedures for e-commerce syllabi, and these procedures could be applied in studies of course content. Additionally, degree programs in related areas, such as computer science, might be studied to see if topics related to cybercrime are meaningfully covered in such curricula. If so, e-business degree programs could use these practices as a guide for improvement.

Conclusion
Tracking more than 100 e-business programs over a recent three-year period found no discernible university education changes in response to the growing incidence and seriousness of cybercrime. Accordingly, the present findings strongly suggest including more law, security, and ethics courses in e-business master's programs. Generally, it appears that curricula should be more responsive to stakeholder needs and the events that can impact e-business. Educational initiatives to address cybercrime can add to the other management and prevention approaches currently being implemented such as legal remedies that extend across national borders. Although governmental and administrative limitations often constrain master's programs on the numbers of courses they can include, having even one course in each area would be an improvement for a majority of the programs. Offering courses dedicated to each topic could assure coverage of these vital subjects and also streamline program assessment.