A new survey has found that many of the top computer science and engineering programs in U.S. universities give little more than a passing thought to cybersecurity.
Security firm CloudPassage conducted the study and found that the top 10 computer science and engineering programs across the country do not require students to complete a cybersecurity course in order to graduate. The study looked at 121 programs in total.
The University of Michigan, which ranks number 12 in the country based on the U.S. News & World education report from 2015, is the only institution that requires the completion of a security course for graduation.
“I wish I could say these results are shocking, but they’re not,” said Robert Thomas, CloudPassage CEO. There is a skills gaps in cybersecurity, he said, but also an education gap that is worsening this shortage.
“One way to close the gap is through automation, but we also need to train developers, at the very earliest stage of their education, to bake security into all new code,” he explained. “It’s not good enough to tack cybersecurity on as an afterthought anymore.”
Related: Who’s keeping your data safe? With bug bounties, it’s would-be hackers
CloudPassage said it is willing to donate technology to universities to improve education in cybersecurity, calling on security to be a basic requirement for graduating.
The study found several irregularities in how undergraduate programs approach security. Just three universities from Business Insider’s top 50 ranking for computer science programs require students to complete a cybersecurity program: University of Michigan (11th), Brigham Young (48th), and Colorado State University (49th).
The University of Alabama came out looking the best from CloudPassage’s study despite the fact that it does not feature on Business Insider’s or U.S. News & World’s lists. It requires the completion of at least three cybersecurity classes. Rochester Institute of Technology and Tuskegee University offer the most security-based electives with 10 each.
“Our research reinforces what many have been saying: there is an incredible IT security skills gap. But what we’ve revealed is that a major root cause is a lack of education and training at accredited schools,” added Thomas.
Related: CyberVista wants to teach companies how to not suck at cybersecurity
“Our hope is to forge deeper partnerships with these schools when they are ready to expand their curriculum, with the longer term goal to make security awareness and skills ubiquitous across all technology education programs.”
Other recent reports have highlighted how cybersecurity professionals aren’t keeping pace with emerging threats. One study showed companies aren’t spending their security budgets in line with growing threats while ESG Research points out that in 2016, 46% of organizations have a “problematic shortage” of cybersecurity professionals.