The Case for Business Schools to Focus on the U.S. Cannabis Industry

Like it or not, the U.S. marijuana industry is expected to grow at an annual compound rate of 25 percent over the next 5 years (Forbes, January 3, 2017). Estimates of gross industry sales (medical plus recreational) by 2020 range from $11 billion (Marijuana Business Factbook 2016) to $44 billion (CBS News, March 18, 2016) with the general consensus falling in the $20-25 billion range assuming that no additional states pass medical marijuana and/or legal recreational marijuana laws (a very conservative assumption, at best).

To date, 28 U.S. states plus the District of Columbia (29 total) have legalized Medical Marijuana. The percent of U.S. citizens living in areas with Medical Marijuana is 63.49, as illustrated in the table below. The average number of medical marijuana patients per 1000 people is 8.795 with a minimum of .1 per 1000 (Delaware) and a maximum of 19.8 per 1000 (Colorado) according to

The Medical Marijuana States and Populations (March 2017)

State Population (2017)
Alaska 741,204
Arizona 7,026,629
Arkansas 3,000,942
California 39,849,872
Colorado 5,658,546
Connecticut 3,583,134
Delaware 965,866
Florida 21,002,678
Hawaii 1,454,295
Illinois 12,815,607
Louisiana 4,714,192
Maine 1,327,472
Maryland 6,068,511
Massachusetts 6,873,018
Michigan 9,935,116
Minnesota 5,554,532
Montana 1,052,343
Nevada 2,995,973
New Hampshire 1,335,832
New Jersey 8,996,351
New Mexico 2,084,193
New York 19,889,657
North Dakota 790,701
Ohio 11,646,273
Oregon 4,144,527
Pennsylvania 12,819,975
Rhode Island 1,059,080
Vermont 624,592
Washington 7,384,721
Washington, D.C. 697,012
Total 206,092,844

Legal recreational marijuana is available in eight states plus the District of Columbia, covering 21.46 percent of the U.S. population.

The Legal Recreational Marijuana States and Populations

State Population (2017)
Alaska 741,204
California 39,849,872
Colorado 5,658,546
Maine 1,327,472
Massachusetts 6,873,018
Nevada 2,995,973
Oregon 4,144,527
Washington 7,384,721
Washington, D.C. 697,012
Total 69,672,345

Based on estimates developed by New Frontier Data, as reported in The Cannabist (February 22, 2017), my projections for medical marijuana sales and legal recreational marijuana sales for the 2017 through 2020 period are presented below. These projections are limited by two broad assumptions: 1) no additional states will pass medical or legal recreational laws in this period, and 2) state populations will remain constant for the period 2017-2020.

Medical and Legal Recreational Sales 2017-2020 ($US Billions)

Year Medical Legal Recreational Total ($Billions)
2017 6.11 3.74 9.85
2018 7.95 5.39 13.34
2019 10.35 7.76 18.11
2020 13.46 11.18 24.64

During the period 2017 through 2020, medical marijuana (MMJ) sales will grow from $6.11 billion to $13.46 billion annually. The average total of sales per capita for MMJ, given the assumptions above, will be $65.31 by 2020.

For legal recreational marijuana, sales are expected to grow from $3.74 billion in 2017 to $11.18 billion in 2020 for average sales per capita of $160.74. Total gross industry sales (MMJ plus Recreational) are expected to grow from $9.85 billion in 2017 to $24.64 billion in 2020 equating to $119.56 sales per capita in the combined MMJ and Recreational markets.

Graphically, the two tables below present total sales and percent of total sales trends for 2017 through 2020. Sales will reach categorical equilibrium (50/50) just after 2021.

Finally, estimates of total industry employment by 2020 range from 255,000 (The Cannabist) to 300,000 (High Times). Thus, the average expectation is that 277,500 industry jobs will be created by 2020. Based on my estimate of total industry sales in 2020, this translates into 1 job created per $88,793 in total industry sales.

It is time for business schools to engage and embrace the marijuana industry as an economic catalyst. My colleagues and I are developing an active research agenda to focus on consumer habits and preferences in the nascent legal recreational marijuana industry in Massachusetts, expected to reach combined sales (MMJ and Recreational) of over $1 billion by 2020. Join us as we embrace this opportunity.



Exposing Looming Cyber Vulnerabilities

 Guest Post by Dr. Timothy P. Shea


While the way that companies communicate with their employees seems to be adequate, the content is either not thorough enough or not retained well enough to create long-term behavior change needed to prevent many cyber hacks.  These vulnerabilities pose a major risk to companies today.   The survey is the basis of a new employee cyber readiness diagnostic tool that companies can use to determine their own level of risk.


The question is not whether cyber security is an important, even critical issue in business today. Juniper research, in 2015, declared that the cost of data breaches [will increase] to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015. Perhaps surprisingly, the biggest problem in cybersecurity is outside the walls of IT. Over 50% of the cyber security problem is due to social engineering — people, not machines. Security Intelligence claims as much as 95% is due to human error.

Steve and I, through the University of Massachusetts Dartmouth Business and Innovation Research Center (BIRC), recently completed a survey – the UMass Dartmouth Threat Readiness Survey – to examine the attitudes and opinions of employees concerning their ability to be an effective “human firewall”. In conjunction with AYTM market research, the data set has 1,000 usable respondents, all from the United States, balanced by gender, age, income, ethnicity, education, and location.

Survey Results

The most compelling results of the survey is the difference between perceived company policies regarding overall awareness – as demonstrated through a variety of company communications, training, etc. – and the knowledge needed to implement the required day-to-day cyber-behaviors of company employees.

The “human firewall” is made up of both “knowing” and “doing” – awareness and action.  The survey took a look at both parts of the equation.  One section asked about the type of communication the employee’s company conducted around cyber-security awareness. How well do employees perceive their companies are doing in terms of their company’s cyber security?  The scores are pretty good, around 70% agree, in terms of: making company cyber security policies clear, senior leadership expectations, encouragement to work as a team, easy access to support and guidance and a process for reporting actual or suspected security breaches.

The results follow:

Q1:   How much do you agree/disagree with the following statements in regards to your company’s cyber security? (Percent Strongly Agree or Agree in parentheses).

1.  Your employer has ensured that you have read the company’s                  cyber security policies and has made it clear what is expected of          you (73%)

2.  Your Company’s senior leadership communicates with everyone          about expectations for cyber safety practices (69%)

3.  As an expressed company value, your employer encourages you           and your coworkers to work together as a team to protect                       against cyber security risks (70%)

4.  Your Company encourages you to help and remind other                            workers of cyber safety best practices (69%)

5.  Your company provides easy access to support and guidance                    to cyber safety questions when they arise (70%)

6.  Your Company has a clearly defined process for reporting actual            or suspected security breaches (70%)

While not great, these results are not too bad.  Almost three out of four companies are getting the word out – awareness, or “knowing”.  Employees are aware of the problem and aware that the company is supporting the effort – at least at a high level.

The positive results are supported when looking at the nature of the company communications. Most companies have come a long way from simply posting a memo on the bulletin board near the coffee machine. For example:

  • Two out of three companies (64%) communicate about cyber security at least every quarter.
  • Seventy-four percent communicate by email, which is expected. However, in addition, 73% of companies still take the time and expense to communicate face-to-face – either in a group setting (41%) or individually (31%). Tangible items – such as posters, pens and mugs – are used 21% of the time. Social media is only used 16% of the time.
  • The general trend towards shorter company communications is also supported here. While 39% of the communications take over 30 minutes to read or view, 41% take 14 minutes or less.
  • Finally, the company communications are well done. Sixty-five percent of “company cyber safety communications are memorable, engaging and easy to follow”.

The second part of the equation is how well employees are prepared for specific responses to cyber-threats – that is, “Doing”.  Do employees feel they agree whether they have adequate cyber safety communications on how to handle specific, common, potential security breaches?  This is where the larger gap appears. Employees were asked if they agreed they had enough information to handle challenges such as: password management, detecting and handling suspicious emails, the use of USB sticks at work, giving out sensitive information over the phone, connecting personal devices to the company network, what is Personal Identifiable Information, and cyber security when traveling or working remotely.   The best result, at 64%, means over one-third of the respondents did NOT agree.  On average, only one out of two answered in the positive across these questions – only 50%!

The results follow:

Q2:   Which of the following activities does your company provide cyber safety communications for:

  1. Providing strong requirements on password composition and regular password changing (64%)

2. Understanding what is considered Personal Identifiable                              Information and how to keep it confidential (55%)

3. Protecting sensitive information when traveling or working                     remotely (49%)

4. Connecting personal devices to the company network (46%)

5. Detecting and handling emails that you suspect are false (63%)

6. Giving out sensitive information over the phone (46%)

7. Recognizing warning signs if other workers’ behavior seems                     suspicious (40%)

8. Leaving your computer where sensitive information could be seen       or the computer could be stolen (54%)

9. Using external machines or USB sticks at work (40%)

Again, almost one out of two respondents stated that they do not feel prepared to handle common activities related to cyber-security.  The findings, more specifically the risks identified are eye-opening – but perhaps not surprising.  Getting into the weeds, providing training and regular communications about specific cyber behavior to the point where behavior is impacted across a company is challenging.  There is evidence that a number of companies practice “phishing” simulations but, as the results suggest, there is much more to do.


So, what is next?  How do we win the cyber-security war on the human front?  How do we strengthen the “human firewall”?  Three significant pieces remain.

      1. First, at the organization level, the survey and results will soon be refined into a risk assessment tool, one that can support a company as it both identifies its level of risk and moves through an Employee Cyber Threat Maturity Model.
      2. Secondly, additional data needs to be collected and analyzed to help drill down on the results. For example, there are indications that women employees are better at handling cyber-securities activities on a day-to-day basis.  The data also suggests that the lowest and highest educated employees are more effective in handling cyber-security.  If confirmed, companies can better focus their cyber-security training resources.
      3. Thirdly, at the individual level, more sophisticated means of communication and training are needed to facilitate behavior change, not just awareness. Here, the research team is expanding to include ThreatReady Resources – a company expert in more advanced training techniques that impact behavior and corporate culture.

The stakes are too high.  Risky cyber behavior at work, to be succinct, can cause significant damage to a company.  The UMass Employee Cyber Threat Readiness survey has shone a bright light on the high level of risk around still to be addressed in today’s workforce.  We are now aware – we know the size of the problem.  What is left, for companies as well as each of us, is to be more vigilant in our cyber activates – to “do” the right thing.  Today, we all need to become fully aware of the cyber threat as well as learn how to practice “safe cyber” every day.


Social Media Growth 2006 to 2012

Social_Media_Landscape_2012For the past two years, I’ve investigated the growth of Social Media. Consistent with those efforts, no clear or easy answer exists when investigating the growth of social media sites over the past six years. No reliable or audited data exists for social media sites. Therefore, the numbers presented in the table below represent an estimate of total registered users for each of the sites investigated. The numbers are not assumed to be accurate, valid or reliable – they are as presented: estimates based on the best available public information. Data was collected for five social media sites and two blog hosting sites: Facebook, Twitter, Google+, LinkedIn, Pinterest, and Tumblr. Estimates for the latter two represent the number of blogs hosted on the sites (not the number of unique bloggers, a much lower number). No data for self-hosted websites or blogs using is presented. Data reported are from 31 December 2012.

Social Media CAGR 2006 to 2012

As in the previous two posts on Social Media Growth, the Compound Annual Growth Rate (GAGR) is calculated for each using the free Investopedia Compound Annual Growth Rate calculator available on their website.

When examining the charts individually, the growth patterns look similar.  Globally, the total number of people using social media continues to increase. Facebook, with 1 billion registered users, accounts for 11.15 percent of the global population and would be the world’s third largest country.  The average CAGR for the seven social media sites is 900.05 percent ranging from 71 percent to 4,900 percent.  Again, multiple factors contribute to this exceptional growth rate as compared to the data reported previously, including the inclusion of Google+ and Pinterest in this year’s investigation.

Facebook 2006 to 2012

Twitter 2006 to 2012

Google+ 2006 to 2012

LinkedIn 2006 to 2012

Pinterest 2006 to 2012

Wordpress 2006 to 2012

Tumblr 2006 to 2012

When charted together, the domination of Facebook’s growth and share of voice in the social media world remains apparent. The growth of Google+ is impressive as is the growth of Pinterest (the fastest growth to 10 million users in the history of social media). And those proclaiming the death of blogging may be hard pressed to defend their positions given the growth of both and Tumblr.

Social Media Growth 2006 to 2012

The final chart, one of my favorites, presents social media share of voice. The inner ring contains the data from 2006 and the outer ring presents the data from 2012.

Share of Voice 2006 to 2012

It is clear that in terms of diffusion of innovation, social media still remains in the growth stage. Equally as clear, but not reported above, is that more people globally are accessing social media using mobile devices.  For instance, over 604 million users (60 percent of total users) access Facebook regularly via mobile devices. For marketers, the implications are the same as they were last year: get social and become mobile or risk losing share of voice in the social/mobile marketing era.


All Things Marketing

This site is protected by WP-CopyRightPro