All posts by Steve

Professor of Marketing & International Business; Consultant

The Top 20 Cannabis Strains as Rated on Leafly for 4.20

What better way to celebrate 4.20, our first in Massachusetts with legal recreational cannabis, than combining one’s passion for statistics and fast-growing businesses? I wish that I could take full credit for using the statistical software package R to web-scrape the Leafly site ( in order to identify the top 20 cannabis strains for 4.20.17, but that honor goes to one of my statistically adept progeny.  He supplied me with the consumer ratings of the 2,232 cannabis strains listed on the site.

The methodology was simple:  Identify the top 20 strains, according to consumer ratings. To minimize small sample bias, strains with fewer than 100 reviews were eliminated. Doing so reduced the number of strains from 2,232 to 437.  The top 20 strains for this year’s 4.20 celebration are presented below. Overall, Gelato is the top rated strain on Leafly, according to consumers. Of the top 20, 14 are Hybrid, five are Indica and one is Sativa. Thus, a clear consumer preference (70 percent) exists for Hybrid strains.

Strain Name Category Ratings Stars
Gelato Hybrid 357 4.755
Blue Cookies Hybrid 265 4.75
Papa’s OG Indica 113 4.73
Alien Rock Candy Hybrid 135 4.72
Purple Hindu Kush Indica 112 4.72
Superglue Hybrid 141 4.71
Khalifa Kush Hybrid 488 4.68
Orange Cookies Hybrid 135 4.68
Gorilla Glue #4 Hybrid 3,113 4.675
24k Gold Hybrid 110 4.665
Quantum Kush Sativa 185 4.66
Dogwalker OG Hybrid 176 4.66
Sugar Shack Hybrid 101 4.655
Death Bubba Indica 186 4.65
Kimbo Kush Hybrid 120 4.645
Sunset Sherbet Hybrid 644 4.64
Rainbow Hybrid 109 4.64
Blue God Indica 131 4.635
Paris OG Indica 208 4.62
Middlefork Hybrid 119 4.62

Did your top choice make the list?

The strain with the highest number of ratings on the Leafly site is Blue Dream, with 12,171. How amazing is that? Of the ten most rated strains, five are Hybrid, three are Sativa and two are Indica. Once again, Hybrid strains dominate.

Strain Name Category Ratings Stars
Blue Dream Hybrid 12,171 4.395
Sour Diesel Sativa 7,046 4.38
Girl Scout Cookies Hybrid 6,217 4.485
Green Crack Sativa 5,539 4.325
OG Kush Hybrid 4,837 4.355
Granddaddy Purple Indica 3,980 4.42
White Widow Hybrid 3,717 4.355
Jack Herer Sativa 3,611 4.4
Gorilla Glue #4 Hybrid 3,113 4.675
Bubba Kush Indica 3,007 4.305

Enjoy your 420 celebration, preferably with one of the top rated cannabis strains according to your friends at Leafly.


The Case for Business Schools to Focus on the U.S. Cannabis Industry

Like it or not, the U.S. marijuana industry is expected to grow at an annual compound rate of 25 percent over the next 5 years (Forbes, January 3, 2017). Estimates of gross industry sales (medical plus recreational) by 2020 range from $11 billion (Marijuana Business Factbook 2016) to $44 billion (CBS News, March 18, 2016) with the general consensus falling in the $20-25 billion range assuming that no additional states pass medical marijuana and/or legal recreational marijuana laws (a very conservative assumption, at best).

To date, 28 U.S. states plus the District of Columbia (29 total) have legalized Medical Marijuana. The percent of U.S. citizens living in areas with Medical Marijuana is 63.49, as illustrated in the table below. The average number of medical marijuana patients per 1000 people is 8.795 with a minimum of .1 per 1000 (Delaware) and a maximum of 19.8 per 1000 (Colorado) according to

The Medical Marijuana States and Populations (March 2017)

State Population (2017)
Alaska 741,204
Arizona 7,026,629
Arkansas 3,000,942
California 39,849,872
Colorado 5,658,546
Connecticut 3,583,134
Delaware 965,866
Florida 21,002,678
Hawaii 1,454,295
Illinois 12,815,607
Louisiana 4,714,192
Maine 1,327,472
Maryland 6,068,511
Massachusetts 6,873,018
Michigan 9,935,116
Minnesota 5,554,532
Montana 1,052,343
Nevada 2,995,973
New Hampshire 1,335,832
New Jersey 8,996,351
New Mexico 2,084,193
New York 19,889,657
North Dakota 790,701
Ohio 11,646,273
Oregon 4,144,527
Pennsylvania 12,819,975
Rhode Island 1,059,080
Vermont 624,592
Washington 7,384,721
Washington, D.C. 697,012
Total 206,092,844

Legal recreational marijuana is available in eight states plus the District of Columbia, covering 21.46 percent of the U.S. population.

The Legal Recreational Marijuana States and Populations

State Population (2017)
Alaska 741,204
California 39,849,872
Colorado 5,658,546
Maine 1,327,472
Massachusetts 6,873,018
Nevada 2,995,973
Oregon 4,144,527
Washington 7,384,721
Washington, D.C. 697,012
Total 69,672,345

Based on estimates developed by New Frontier Data, as reported in The Cannabist (February 22, 2017), my projections for medical marijuana sales and legal recreational marijuana sales for the 2017 through 2020 period are presented below. These projections are limited by two broad assumptions: 1) no additional states will pass medical or legal recreational laws in this period, and 2) state populations will remain constant for the period 2017-2020.

Medical and Legal Recreational Sales 2017-2020 ($US Billions)

Year Medical Legal Recreational Total ($Billions)
2017 6.11 3.74 9.85
2018 7.95 5.39 13.34
2019 10.35 7.76 18.11
2020 13.46 11.18 24.64

During the period 2017 through 2020, medical marijuana (MMJ) sales will grow from $6.11 billion to $13.46 billion annually. The average total of sales per capita for MMJ, given the assumptions above, will be $65.31 by 2020.

For legal recreational marijuana, sales are expected to grow from $3.74 billion in 2017 to $11.18 billion in 2020 for average sales per capita of $160.74. Total gross industry sales (MMJ plus Recreational) are expected to grow from $9.85 billion in 2017 to $24.64 billion in 2020 equating to $119.56 sales per capita in the combined MMJ and Recreational markets.

Graphically, the two tables below present total sales and percent of total sales trends for 2017 through 2020. Sales will reach categorical equilibrium (50/50) just after 2021.

Finally, estimates of total industry employment by 2020 range from 255,000 (The Cannabist) to 300,000 (High Times). Thus, the average expectation is that 277,500 industry jobs will be created by 2020. Based on my estimate of total industry sales in 2020, this translates into 1 job created per $88,793 in total industry sales.

It is time for business schools to engage and embrace the marijuana industry as an economic catalyst. My colleagues and I are developing an active research agenda to focus on consumer habits and preferences in the nascent legal recreational marijuana industry in Massachusetts, expected to reach combined sales (MMJ and Recreational) of over $1 billion by 2020. Join us as we embrace this opportunity.



Exposing Looming Cyber Vulnerabilities

 Guest Post by Dr. Timothy P. Shea


While the way that companies communicate with their employees seems to be adequate, the content is either not thorough enough or not retained well enough to create long-term behavior change needed to prevent many cyber hacks.  These vulnerabilities pose a major risk to companies today.   The survey is the basis of a new employee cyber readiness diagnostic tool that companies can use to determine their own level of risk.


The question is not whether cyber security is an important, even critical issue in business today. Juniper research, in 2015, declared that the cost of data breaches [will increase] to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015. Perhaps surprisingly, the biggest problem in cybersecurity is outside the walls of IT. Over 50% of the cyber security problem is due to social engineering — people, not machines. Security Intelligence claims as much as 95% is due to human error.

Steve and I, through the University of Massachusetts Dartmouth Business and Innovation Research Center (BIRC), recently completed a survey – the UMass Dartmouth Threat Readiness Survey – to examine the attitudes and opinions of employees concerning their ability to be an effective “human firewall”. In conjunction with AYTM market research, the data set has 1,000 usable respondents, all from the United States, balanced by gender, age, income, ethnicity, education, and location.

Survey Results

The most compelling results of the survey is the difference between perceived company policies regarding overall awareness – as demonstrated through a variety of company communications, training, etc. – and the knowledge needed to implement the required day-to-day cyber-behaviors of company employees.

The “human firewall” is made up of both “knowing” and “doing” – awareness and action.  The survey took a look at both parts of the equation.  One section asked about the type of communication the employee’s company conducted around cyber-security awareness. How well do employees perceive their companies are doing in terms of their company’s cyber security?  The scores are pretty good, around 70% agree, in terms of: making company cyber security policies clear, senior leadership expectations, encouragement to work as a team, easy access to support and guidance and a process for reporting actual or suspected security breaches.

The results follow:

Q1:   How much do you agree/disagree with the following statements in regards to your company’s cyber security? (Percent Strongly Agree or Agree in parentheses).

1.  Your employer has ensured that you have read the company’s                  cyber security policies and has made it clear what is expected of          you (73%)

2.  Your Company’s senior leadership communicates with everyone          about expectations for cyber safety practices (69%)

3.  As an expressed company value, your employer encourages you           and your coworkers to work together as a team to protect                       against cyber security risks (70%)

4.  Your Company encourages you to help and remind other                            workers of cyber safety best practices (69%)

5.  Your company provides easy access to support and guidance                    to cyber safety questions when they arise (70%)

6.  Your Company has a clearly defined process for reporting actual            or suspected security breaches (70%)

While not great, these results are not too bad.  Almost three out of four companies are getting the word out – awareness, or “knowing”.  Employees are aware of the problem and aware that the company is supporting the effort – at least at a high level.

The positive results are supported when looking at the nature of the company communications. Most companies have come a long way from simply posting a memo on the bulletin board near the coffee machine. For example:

  • Two out of three companies (64%) communicate about cyber security at least every quarter.
  • Seventy-four percent communicate by email, which is expected. However, in addition, 73% of companies still take the time and expense to communicate face-to-face – either in a group setting (41%) or individually (31%). Tangible items – such as posters, pens and mugs – are used 21% of the time. Social media is only used 16% of the time.
  • The general trend towards shorter company communications is also supported here. While 39% of the communications take over 30 minutes to read or view, 41% take 14 minutes or less.
  • Finally, the company communications are well done. Sixty-five percent of “company cyber safety communications are memorable, engaging and easy to follow”.

The second part of the equation is how well employees are prepared for specific responses to cyber-threats – that is, “Doing”.  Do employees feel they agree whether they have adequate cyber safety communications on how to handle specific, common, potential security breaches?  This is where the larger gap appears. Employees were asked if they agreed they had enough information to handle challenges such as: password management, detecting and handling suspicious emails, the use of USB sticks at work, giving out sensitive information over the phone, connecting personal devices to the company network, what is Personal Identifiable Information, and cyber security when traveling or working remotely.   The best result, at 64%, means over one-third of the respondents did NOT agree.  On average, only one out of two answered in the positive across these questions – only 50%!

The results follow:

Q2:   Which of the following activities does your company provide cyber safety communications for:

  1. Providing strong requirements on password composition and regular password changing (64%)

2. Understanding what is considered Personal Identifiable                              Information and how to keep it confidential (55%)

3. Protecting sensitive information when traveling or working                     remotely (49%)

4. Connecting personal devices to the company network (46%)

5. Detecting and handling emails that you suspect are false (63%)

6. Giving out sensitive information over the phone (46%)

7. Recognizing warning signs if other workers’ behavior seems                     suspicious (40%)

8. Leaving your computer where sensitive information could be seen       or the computer could be stolen (54%)

9. Using external machines or USB sticks at work (40%)

Again, almost one out of two respondents stated that they do not feel prepared to handle common activities related to cyber-security.  The findings, more specifically the risks identified are eye-opening – but perhaps not surprising.  Getting into the weeds, providing training and regular communications about specific cyber behavior to the point where behavior is impacted across a company is challenging.  There is evidence that a number of companies practice “phishing” simulations but, as the results suggest, there is much more to do.


So, what is next?  How do we win the cyber-security war on the human front?  How do we strengthen the “human firewall”?  Three significant pieces remain.

      1. First, at the organization level, the survey and results will soon be refined into a risk assessment tool, one that can support a company as it both identifies its level of risk and moves through an Employee Cyber Threat Maturity Model.
      2. Secondly, additional data needs to be collected and analyzed to help drill down on the results. For example, there are indications that women employees are better at handling cyber-securities activities on a day-to-day basis.  The data also suggests that the lowest and highest educated employees are more effective in handling cyber-security.  If confirmed, companies can better focus their cyber-security training resources.
      3. Thirdly, at the individual level, more sophisticated means of communication and training are needed to facilitate behavior change, not just awareness. Here, the research team is expanding to include ThreatReady Resources – a company expert in more advanced training techniques that impact behavior and corporate culture.

The stakes are too high.  Risky cyber behavior at work, to be succinct, can cause significant damage to a company.  The UMass Employee Cyber Threat Readiness survey has shone a bright light on the high level of risk around still to be addressed in today’s workforce.  We are now aware – we know the size of the problem.  What is left, for companies as well as each of us, is to be more vigilant in our cyber activates – to “do” the right thing.  Today, we all need to become fully aware of the cyber threat as well as learn how to practice “safe cyber” every day.