Skip to main content

Women currently only make up 11% of cyber security professionals worldwide. How can we begin to bridge this gap?

Mehtap Numanoglu Tasiopoulos, Chief Risk Officer at Brown Brothers Harriman (Luxembourg) S.C.A.

Mehtap is the Chief Risk Officer for Brown Brothers Harriman (BBH) Luxembourg, London and Zurich; a member of the Executive Committee of these entities and chair of Luxembourg Risk Committee. She is also the Co-Chair of the ALFI Digital/Fintech Forum Cybersecurity Committee and has other industry related responsibilities as well. She started her career in audit, moved to risk management, and worked in various global organisations including HSBC, Credit Agricole, Barclays and Lloyds Banking Group, in different countries around the world. Mehtap gives lectures and regularly speaks at conferences regarding risk management and governance related topics. In 2019, Mehtap was selected by FinTech Global as one of the ten women leaders helping to define the future of cyber security and who are playing a critical role in ensuring the security of the global financial services industry.


Drawing on all dimensions of diversity to deliver the best solutions…

Having worked for many organisations in several different countries, Mehtap finds great pleasure and is proud to say that BBH Luxembourg was one of the first organisations in the industry to have female executives and C-levels on the Executive Committee and Board in Luxembourg. According to Mehtap, it is key to be able to draw on all dimensions of diversity, including gender, race, culture, education and life experience to ensure delivery of the best solutions.

“It was flattering that some time ago I initiated an informal CRO forum among the CROs of the Northern American banks in Luxembourg and was (and still am!) the only female CRO in this forum. While the percentage of women in senior risk roles globally leaves much to be desired, BBH is one of the exceptions; both our current BBH Group CRO and the former group CRO are women. Having female senior executives as role models is very important and promotes diversity across the entire spectrum. We believe that this is an evolution and a journey, and as leaders at BBH we take diversity matters to heart and encourage all to do so.”

While systems and technology are critical components, we need to show empathy and work together to mitigate cyber threats to our business as well as to protect ourselves.

In today’s world, cyber-attacks are a major threat to individuals and organizations across all industries and in every country, and cyber risk vectors continue to multiply in the current pandemic environment.

“Cyber risk is a personal, business and firmwide risk, which was historically considered the responsibility of IT departments to mitigate and manage. To be successful today, everyone has a role to play in mitigating this risk. It is a topic that requires continuous training, communication, and collaboration across all organizations, industries and countries. One wrong click can cause a massive outage and reputational damage that is difficult, if not impossible to repair. That is why EVERYONE has to be a cyber risk manager and ensure that they receive proper training—and remain vigilant—so they can identify and escalate cyber threats, , and take the appropriate actions in a timely manner."

Mehtap emphasizes that senior management has to understand the dynamic nature and complexities of cyber risk and commit the appropriate resources and governance oversight structure to mitigate it. She emphases that the importance of effective cyber risk management will continue to increase with the current evolution, velocity, and digitalization of new technologies.

“Cyber security measures are more critical than ever in today’s business ecosystem. One of the key questions to answer is ‘Are your information technology, cybersecurity, and risk professionals working together as a championship team to mitigate the cyber threats and protect business value?’ A true partnership between the CRO, CIO, and CISO and all other members of a team is the optimal approach. No one group within a company can manage the number and types of internal and external threats, the complex technological landscape, and the many actions needed to address vulnerabilities associated with people and technology…and it is often the people who are the weakest link!
In practice, subject matter experts across a firm and in the three lines of defence should work collaboratively and ensure transparency and a healthy exchange of perspectives. CROs should act as cyber risk management ambassadors to promote the importance of cyber risk management at all levels and at all risk related forums that they attend.
Additionally, risk managers must also act as “translators” or facilitators of discussions between board/senior management and the technical departments as well as between business functions, the CIO, and CISO. The CRO can assist the CIO and CISO to ensure that management reporting contains the right information, at the right level of detail, and is presented at the right forums."

Transparency and trust are crucial to act and to find solutions together

Mehtap is taking part in a number of important cyber initiatives in Luxembourg and across Europe. In her opinion, one of the most important considerations in relation to cyber related matters is the cooperation and collaboration among different organisations.

“Transparency and trust are crucial if we are going to act and identify solutions together. Working together, collaborating with subject matter experts, learning from other organisations are all keys to success. If one industry participant goes down due to a click or cyber attack, it can have a significant impact on many others due to the interlinkages and connected nature of our businesses globally.”

What can be further improved, according to Mehtap, is enhancing joint efforts across and among different initiatives and industry players ”to break out of the silos.” Luxembourg is a critical financial centre for the fund industry globally, and we need to work together to help each other develop and implement best in class cyber risk management programs.

As the co-chair of the ALFI Cybersecurity Committee, she highlights a number of initiatives on cyber-related matters where, in the past, we were able to bring different stakeholders with different backgrounds--including regulatory, cyber risk management, outsourcing risk management and cloud technology--to the table.

Cybersecurity takes on even more importance in a Covid-19 world where many of us are working remotely…

Mehtap believes that the importance and the focus on cybersecurity will continue to increase in our increasingly digital world. The subject became more important with the outbreak of Covid-19, as so many have been working remotely. Apart from work, we do more and more online whether it is visiting online galleries, listening to concerts, or attending conferences. She referenced an ad, which caught her attention, that promoted travel books with the motto “travel from home!”

In this ever-evolving digital age, the advent of digitalisation and Artificial Intelligence can both increase cyber risks and also be utilized as tools to identify, control, and manage these risks. In Mehtap’s opinion, the more connected we are, the more potential cyber vectors there will be. Who would have imagined that a refrigerator or coffee maker could provide an entry point for cyber criminals at home or in our workplace?

Cyber professionals are considered “the good guys fighting the cybercrime”

Cyber professionals are considered “the good guys fighting cybercrime” and there is an ethical component to this role as well. Mehtap believes that we need to do a better job of increasing our own awareness and collaboration to be a truly effective cybersecurity workforce. In addition to experts with technical skills, we also need individuals with varied backgrounds such as communications, risk management, legal, regulatory compliance, process development, and more.

Encouragement for women to embrace a career in Cyber Risk Management should start early…

According to Mehtap, building the required skillsets to combat cyber risks should be encouraged early.

“Young women should be encouraged and empowered at all levels--in schools and universities—to get involved and develop cyber risk management tools. I think an unconscious bias still exists and the percentage of girls choosing to study computer sciences is still too low. This area of study should be encouraged so that there is a better pool of candidates at the recruitment level. Once recruited, diversity needs to be actively promoted by management at all levels.”

Mehtap believes that we need to encourage and support diversity in all professional areas and this support should not be limited to gender but be extended to race, abilities, cultures, education, personality, backgrounds, and life experiences.

The views and opinions expressed are for informational purposes only.