December 6, 2022
How hiring more women IT experts could improve cybersecurity risk management
Despite the contributions women have made to the information and technology field, they continue to be underrepresented. Ada Lovelace, for example, was the world's first computer programmer. Grace Murray Hopper developed the first compiler. And Hedy Lamarr co-invented the modern spread-spectrum communication technology, which is found in Bluetooth, Wi-Fi and GPS technology.
Today, the leading figures in the IT field are all men. Although 39 percent of the board members of Silicon Valley's biggest tech companies are women, all the chairpersons and CEOs are men: Arthur D. Levinson and Tim Cook for Apple, Satya Nadella for Microsoft, Jeff Bezos and Andrew Jassy for Amazon, Mark Zuckerberg for Meta, and John L. Hennessy and Sundar Pichai for Google.
But progress is being made. A study from Osler, a business law firm, found that 23 percent of S&P/TSX 60 company boards seats were held by women. This is an increase from data we—as accounting researchers—collected on Toronto Stock Exchange companies between 2014 and 2018 that found the following: 11.7 percent of companies had one woman on the board of directors, 27.7 percent had two women, and 56.3 percent had at least three women.
But when it came to the number of women IT experts on boards, the number was even lower. Only 22 out of 683 board members in 2018 were women IT experts. Although this number had doubled since 2014, it remained very low. It's important to increase the number of women working in IT—not just for equality reasons, but because women improve key organizational outcomes.
Cybersecurity is key for success
Our recent research on the impact of board gender diversity on how corporations respond to cyber risk shows that, when women are present on boards of directors, cyber risk management improves. Proper cyber risk management is key to the success of tech companies.
Cybersecurity involves taking appropriate actions and making ethical decisions to mitigate cyber risks. In particular, it addresses the financial and technical risk caused by digital acceleration—the increased rate of digital transformation caused by the pandemic.
Because of digital acceleration, organizations are more vulnerable to unethical uses of technology. Facebook and Google's history of inappropriate and unethical uses or suppression of information has shined a spotlight on the importance of an ethical approach to cybersecurity. The most high-profile example of this occurred when Facebook sold data to companies that were trying to influence the 2016 U.S. presidential election.
Organizations should construct cybersecurity based on ethical principles concerning privacy, data collection, deposit and use, artificial intelligence and algorithms development and profiling.
One way to approach cybersecurity is through a board of directors. Boards represent stakeholder interests, monitor firm management and troubleshoot any problems that arise between the shareholders that own publicly listed firms and the firm's management. They also have a duty to ensure their companies adopt appropriate and effective cybersecurity measures.
Women improve cybersecurity
Our study found a positive association between the level of cybersecurity disclosure and board gender diversity. In other words, the presence of women IT experts on boards resulted in improved cyber risk management—board monitoring, management supervision and corporate governance in particular.
Women brought new perspectives to the decision-making process and added a greater variety of skills and capabilities, which in turn, improved boards' decision-making.
Women are more informative, meaning they tended to value communication and disclosures more than men did, and collaborated better with stakeholders. Women also had lower risk tolerance, enhanced ethical practices and engaged less in fraudulent practices.
These specific skills, combined with their IT expertise, meant women improved the cybersecurity risk monitoring of their companies. Ultimately, having more women IT experts on boards could result in a more integrative cybersecurity approach that brings technological, business and ethical perspectives together.
Suggestions for improving equality
To close the gender gap, there must be a concerted effort to provide girls and women with IT-related education and skills. Firms should develop programs to promote the presence of women with IT skills and fund scholarships and grants for women.
Women should be encouraged to choose IT-related education and careers. At the earliest stage, schools should motivate tech-related curiosity and interest in children. While there are universities that offer graduate programs, diplomas and certificates in cybersecurity, more should be created. NGOs can also be a part of the solution by embracing and championing women IT experts.
Another way to close the gender gap is to promote more women to executive positions. As of 2020, the Canada Business Corporations Act requires public companies to provide information on policies and practices related to diversity on boards and within senior management. More young women should be promoted to IT leadership positions to feed the pool of potential candidates for the board.
Updating the skills of existing board members should also be a priority. Ethics and cybersecurity should be a training priority for all board members. As such, updating ethics and cybersecurity skills of all board members is a step towards improving the skills of women on boards.