Why we need more women in cyber-security

27 Oct 2022 12:49 PM

Speech given by Ofcom Chief Executive Dame Melanie Dawes at our Women in Cyber event at London's County Hall, Wednesday 26 October 2022.

This famous hall was once the home of the London County Council. And at its first election in 1889, two women – Lady Margaret Sandhurst and Jane Cobden – took advantage of a loophole in wording, stood for election and became councillors.

But legal challenges prevented them from taking their seats. Their supporters would form the Women’s Local Government Society, whose campaigning led to the 1907 Qualification of Women Act.

Women who took Council seats after that helped bring about important changes such as better streets, parks and council housing, as well as pioneering education and welfare work.

So it feels fitting that we’re in the rooms where these women worked to tackle the issues of their age. We’re here to talk about how we promote and develop women to address the challenges of our age – one of which for me, is cyber-security.

I’d like to talk to you about the work Ofcom is doing to make our networks resilient. And why we need the right people and skills onboard – people like you – to help us make sure that the UK’s networks are safe and secure.

Ofcom’s cyber role

Now as many of you will know, the Telecoms Security Act came in last year, giving Ofcom new powers and duties to oversee telecoms security.

Our new duties came into force at the start of this month. This means we’re responsible for making sure telecoms providers comply with new rules to boost the security and resilience of our communications networks against cyber-attacks.

This is important because as the human value of networks – and the services that rely on them – increases, they become a more attractive target to attackers. So as technology evolves, we must ensure our networks remain secure, and prevent disruptions which might also affect other sectors.

Recent incidents reinforce that need. Major suppliers such as SolarWinds and Syniverse have been compromised. New software vulnerabilities are emerging, such as log4j. We have seen ransomware demands, and targeted attacks sponsored by hostile states.

Companies are investing in safer, more resilient connections, capable of withstanding a changing range of threats.

Our job is now to oversee this and ensure providers have appropriate measures in place. We will work with them to ensure they improve their security, and monitor their compliance against the new security framework.

As the value of our telecoms networks increases, they become a more attractive target to attackers. Our networks and services must remain secure in a world where technologies are developing at a rapid pace. As we head towards a 5G and Gigabit future, now is the time to make these investments so that new networks are designed with security in mind, rather than having to be retrofitted in. If we get this right, everybody benefits.

Cyber-security is an ongoing journey. As the nature of the threats we face continues to evolve, so our industry will need to stay alive to those risks and protect against them.

This is a busy time for us at Ofcom. We continue our work with the UK’s TV, radio, telecoms and postal sectors to make sure they're doing the best for all of us.

In the last year, we’ve also begun regulating video sites and apps like TikTok and Snapchat. And we’re preparing to oversee social media and search engines under the Online Safety Bill, with the task of ensuring they do a better job of keeping their users safe.

There’s lots to do as our sectors continue to converge, the boundaries are blurring between traditional and digital. For most of us, it’s just how we live our lives – and the work we’re doing is right at the heart of it.

With our new duties now in place, we’re continuing to build our capability and skills in this area. We’re actively recruiting more specialists to join our team in London, and our new tech hub in Manchester, to help us carry out this vital role.

We need the right skills for this crucial work that underpins how people live, learn and work in the UK today.

The diversity problem

At Ofcom, we see a clear business case for embedding gender diversity across our organisation and promoting gender equality. Our decisions affect all members of the UK public.

Diversity and inclusion are not ‘nice to haves’. This is an essential part of doing business. And as the regulator, we have a duty to lead the sectors we regulate.

But we understand from experience that building a diverse workforce isn’t always easy – especially in technological fields such as cyber.

Women make up 51% of the population; but just 36% of the cyber-security workforce in the UK.

You don’t need to be a skilled mathematician – and there are many in this room – to know what this means. Not enough women have the right opportunities or incentives to develop a career in this sector and lend their talents to it.

This isn’t about trying to hire more women simply to hit a quota in an annual report. I fundamentally believe that outstanding work comes from a diverse workforce.

And the data backs this up.

In 2019, McKinsey found that companies with more women executives consistently outperform their competitors. The greater the representation, the higher the likelihood of outperformance.

"This isn’t about trying to hire more women simply to hit a quota in an annual report. I fundamentally believe that outstanding work comes from a diverse workforce"

According to Forbes, diverse teams make better business decisions. The same research showed firms with a higher proportion of women on their boards tend to invest more in innovation and be more innovative themselves.

But the cyber-security profession is traditionally a very male profession, with disproportionately male senior leadership.

If a crucial industry such as cyber-security cannot draw on the widest talents, it will be less effective at tackling the risks we face. And that puts us all at risk. Because our society faces an ever-expanding variety of cyber threats.

These threats are coming from all over the world. From people, organisations and even countries. They have vast and varied backgrounds and experiences.

So it makes sense that the people anticipating these attacks, and planning our responses, bring different perspectives, ideas and experiences to the table.

I’m delighted to see this view is becoming the norm in tech.

Speaking to the BBC during his first visit to the UK since before the pandemic, Apple CEO Tim Cook recently said:

“I think the essence of technology and its effect on humanity depends upon women being at the table. Technology's a great thing that will accomplish many things, but unless you have diverse views at the table that are working on it, you don't wind up with great solutions.”

That’s a powerful statement.

But I think we can go further.

Yes, we need women at the table. But what we desperately need is a diverse range of women. Let’s work together to bring our vast range of experiences to the problems we face.

Apple has learnt, from past mistakes, that this is essential. The company famously launched its healthcare app without a period tracker, leading to criticisms of its male-heavy development team.

During the same interview, Tim Cook also said there were "no good excuses" for the tech sector not to employ more women.

We also need to get past this idea that cyber-security is just about technical skills. Skills that, stereotypically, are seen as more male. This does a complex and varied sector a disservice. At its heart, cyber-security is about protecting people. It needs creativity, innovation, flexibility, good communication and problem-solving.

How to make progress

So how do we make sure there are more women in the room, both in cyber-security, and in technology more widely?

Well this is something we are working hard on at Ofcom.

And I feel so proud that our culture is one where women not only feel supported but also know they are vital to our success.

We have set ambitious workforce goals to increase the diversity of our workforce. We have yearly goals to keep us on track.

Senior representation matters. Young women need role models, and we need to see women reaching those levels. So I’m delighted that 45% of our senior roles are now held by women – and we want to go further.

For three consecutive years we have been recognised as a Times Top 50 Employer for Women for driving gender equality, an inclusive culture and supporting all women at work.

We have fantastic people policies that support women as they progress their careers: things like enhanced maternity pay, flexible working and a returners programme for women coming back to work following a break.

We still have further to go in making recruitment and career progression fair, and providing opportunity for everyone regardless of their background. We’re working hard on this.

In conclusion

So to summarise, we need a workforce that draws from different sections of society and parts of the country.

It’s crucial that the cyber-security profession does the same.

This is a chance to help address one of the major global challenges of the 21st century. And what’s great to see is the commitment here to make that happen.

As we listen to the speakers this afternoon, let’s think about the women in these rooms who came before us. Their commitment to change for good, but also their commitment to bring other women on the journey with them. Our collective, diverse voices bring such power.

I hope you enjoy this afternoon.

Thank you.