Cybersecurity at MIT Sloan

Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity, (IC)³

Cybersecurity at MIT Sloan (CAMS) fills a critical need for leaders and managers of cybersecurity. Our activities are highlighted in our research, in the news, in our newsletters, and at our events.

"We found new ways to solve challenging problems;

Timely and advanced research from (IC)³ has given us critical insights into issues that are existential threats to our industry” − Andrew Stanley, CAMS member and CISO of Mars, Incorporated

Meet Our Members

Boards Are Falling Short On Cybersecurity

Despite boards placing greater emphasis on cyber risk, their ability to mitigate it is improving slowly and marginally. There are three prominent factors driving this problem: 1) there’s a lack of cybersecurity expertise; 2) board-level conversations about AI ignore security; and 3) boards mistake regulatory compliance for security. There are concrete steps boards can take to address each factor. First, rather than increasing the number of directors with cybersecurity expertise, boards should concentrate their cybersecurity responsibilities on selecting and overseeing effective cybersecurity executives. Second, boards must treat AI as both a strategic opportunity as well as a cybersecurity and governance risk. Finally, boards should view cybersecurity less as a compliance-driven regulatory issue and more as a competitive, operational resilience issue, where market incentives and organizational accountability drive stronger security outcomes than government-imposed rules.

Smart Systems, Blind Spots: Rethinking Insurance for the AI Era

Smart Systems, Blind Spots: Rethinking Insurance for the AI Era, written in association with MIT CAMS and Testudo, explores how the rapid deployment of artificial intelligence (AI) has outpaced the insurance market’s ability to address the unique risks it introduces. As organizations integrate generative and non-generative AI into customer interactions, decision-making and core operations, they may inadvertently expose themselves to a class of AI-native liabilities that traditional insurance policies may not fully recognize or respond to.

Read it here

What the UN Treaty on Cybercrime May Mean for You

A new United Nations treaty establishes an international framework for investigating and prosecuting online crimes, such as ransomware attacks and financial fraud, which often involve multiple countries. While it explicitly defines cybercrime and spells out what law enforcement and companies are responsible for in such cases, concerns related to privacy and civil liberties have yet to be addressed. Companies with a global presence should start preparing for enforcement now.

How to prioritize cyber resilience in the healthcare sector

This World Economic Forum article by Sander Zeijlemaker, Research Affiliate in Cybersecurity at MIT Sloan (CAMS) and Managing Director of Disem Institute, and Michael Siegel, Principal Research Scientist and Director of MIT CAMS, examines the growing cyber risk exposure facing healthcare leaders.

The healthcare sector is becoming an increasingly targeted by adversaries. Consolidation and digital transformation reinforce this situation.
Balancing investment among patient care, digital innovation and cyber resilience in the healthcare sector is challenging and often counterintuitive.
Strategic digital twin technology, as an example of a management flight simulator, addresses the call for new tools to foster executive awareness and thought leadership.

The Hidden Cyber Risks of Well-Intentioned Regulations

CAMS Founder, Stuart Madnick and Daniel Gozman explore how new laws designed to improve online safety can unintentionally weaken encryption and increase vulnerabilities. Their research highlights:

The conflict between scanning requirements and data protection.
Risks of false positives, reputational damage, and rising cybersecurity costs.
The potential for government overreach and erosion of privacy.
Why robust encryption strategies should be treated as a core security advantage.

Read it here

Data breaches have become a fact of modern life. How concerned should Americans be?

NPR’s Ailsa Chang talks with MIT professor Stuart Madnick about the frequency of data breaches, and what people should do if their personal information is compromised in one.

Cyber risk in the boardroom: Why judgment matters more than numbers

Cybersecurity resilience depends on leadership judgment, supply chain awareness and strong governance to handle black swan cyber risks beyond what quant models predict.

Forbes India article By Ranjan Pal

Why Join Cybersecurity at MIT Sloan?

Benefit from usable research! Cybersecurity at MIT Sloan (CAMS), formerly (IC)³, is focusing MIT’s uniquely qualified interdisciplinary faculty and researchers on the fundamental principles of cyberspace, cybercrime, & cybersecurity applied to critical infrastructure. Cybersecurity at MIT Sloan is a confidential academic forum in which leaders and managers can benefit from the experiences of CSO/CISOs across multiple sectors.

Join Us