Uncategorized

Shoaib Yousuf

Investments in cybersecurity startups have declined due to global economic stress, rather than any industry-specific issues. Uncertainty surrounding where and when to invest in the current economic conditions has caused investors to be cautious. In 2021, the number of unicorns (startups valued at over $1 billion) in the cybersecurity sector has dropped to six, compared to 36 in previous years. This decline in investments serves as evidence of the overall decrease in cybersecurity startup funding.

However, despite the current dip, the cybersecurity industry still holds immense potential and is expected to bounce back once the right challenges are addressed. Historical success stories of cybersecurity businesses, known as unicorns, highlight the profitability and viability of the industry. Startups that focus on tackling the right challenges can attract capital and thrive in the cybersecurity sector. Thus, maintaining a positive sentiment toward the industry’s potential to overcome the current decline in investments is crucial.

Looking ahead, the market outlook for cybersecurity remains promising and is anticipated to improve in the next few years. While the global economic stress has caused investors to pull back on startup investments, there is optimism based on both the historical performance of the industry and its potential for future growth. Therefore, despite the temporary setback, a positive sentiment can be maintained for the future of the cybersecurity market.

Artificial intelligence (AI) is impacting all industries and offering new growth and innovation opportunities. Industries, startups, and companies that embrace and understand the potential of AI are well-positioned to become leaders in their respective fields. This positive sentiment toward AI stems from its ability to revolutionize how challenges are perceived and addressed across various industries.

Furthermore, infusing AI into cybersecurity products is considered crucial for scalability, operational efficiency, and unlocking new insights. The availability of AI tools to cybercriminals makes it imperative for cybersecurity products to adopt AI to effectively counter emerging threats. By incorporating AI into cybersecurity, businesses can enhance their capabilities to detect and respond to threats, ensuring a more robust security infrastructure.

In the domain of AI, there are AI-centric products, fully driven by AI like Google’s JetGPTs, and AI-infused products, which involve integrating AI into existing technology offerings. Tech leaders such as Oracle, Salesforce, and Microsoft have already begun infusing AI into their products. This highlights the availability of different types of AI-driven or AI-enhanced products within the market.

Challenges such as scalability, cost, and investment persist for startups in the tech industry. However, the advent of GPU as a service over the cloud is expected to make tech scalability more affordable for startups. This development can potentially mitigate the barriers that tech scalability currently poses for startups, leading to increased opportunities in the tech industry.

Regarding investments in the tech industry, there is a positive sentiment for startups as hyperscalers increasingly invest in tech. Hyperscalers, such as Amazon, Google, and Microsoft, provide cloud services and have substantial investments in hardware, software, and infrastructure. This investment influx, combined with the affordability of GPU as a service over the cloud, indicates a growing opportunity for tech startups to secure funding and support for their ventures.

In the realm of cybersecurity, public-private partnerships hold promise, but their effectiveness relies on various factors. Factors such as economic conditions, market size, maturity of a particular country, fragmentation, and demand for cybersecurity services impact the efficacy of these partnerships. Moreover, countries that lag in cybersecurity capacity may require a central role from the government to address gaps and stimulate growth. This neutral sentiment underscores the need to consider multiple factors for successful public-private partnerships in the realm of cybersecurity.

Supporters of government involvement and proponents of public-private partnerships assert that they can facilitate growth and innovation in cybersecurity. Governments can play an essential role in bringing together the private sector, stimulating research and development activities, and incentivizing beneficial initiatives. Public-private partnerships, in turn, can support startups and foster innovative ideas in cybersecurity. By aiding in technology transfers and reducing the high costs associated with patenting, such partnerships provide crucial support for startups in the cybersecurity domain. This positive sentiment highlights the potential benefits of government involvement and public-private collaboration in driving growth in the cybersecurity sector.

In conclusion, investments in cybersecurity startups have faced a decline due to global economic stress, rather than any inherent flaws within the industry. Nevertheless, the cybersecurity industry holds significant potential and is expected to rebound once the right challenges are addressed. The market outlook for cybersecurity remains promising, and the industry is projected to improve in the coming years. The impact of AI is being felt across various industries, and its integration into cybersecurity products is crucial for enhanced security measures. Investments in the tech sector, particularly for startups, are expected to increase, aided by the support of hyperscalers and affordability of scalable technology solutions. Public-private partnerships are deemed effective in cybersecurity, depending on economic conditions and national dynamics. Government involvement in fostering such partnerships can stimulate growth and support startups in the cybersecurity field. Overall, these observations and insights highlight the various factors and dynamics that shape the cybersecurity and tech industries, and offer a comprehensive understanding of their present situation and future potential.

Moderator – Nisha Pillai

Cybersecurity startups are recognized for their crucial role in driving innovation and addressing emerging threats in the sector. These early-stage startups leverage capital from investors to expand their technological offerings and global reach. Their agility and fresh thinking enable them to find gaps and opportunities in the industry. However, they face challenges such as competition from larger firms and a drop in investments. The impact of Artificial Intelligence (AI) on cybersecurity startups is seen as crucial, with the potential to enhance the quality of cybersecurity products and services, but also posing new cybersecurity challenges. Government support is necessary to help these startups thrive, and specific schemes aimed at assisting them in developing saleable products and establishing a strong company structure are in place. Overall, cybersecurity startups play a significant role in addressing the evolving landscape of threats and innovation in the sector.

Kenneth Pentimonti

The analysis highlights the significance of investing in cybersecurity startups for both the economy and societal security. These startups play a crucial role in driving innovation in the cybersecurity space, as large companies and governments are unable to meet all the demands. The continuous evolution of cyber threats requires new technologies that can adapt to these changes, hence startups are well-positioned to provide innovative solutions.

One important aspect for cybersecurity startups is their ability to differentiate themselves in a crowded market. Since many startups appear to be offering similar services, it is crucial for them to clearly understand and communicate their unique offerings. Differentiation can often be achieved from a technological standpoint, where startups can showcase their advanced capabilities and features.

Understanding the market and clearly defining it is another key factor for success in the cybersecurity sector. As cybersecurity spans across various areas such as networks, data, cloud, and communication channels, companies need to define the size and scale of their target market. This market knowledge allows them to effectively tailor their products and services to meet the specific needs of their customers.

Capital investment in cybersecurity startups is necessary for their growth and expansion. However, investment capital is expensive, and companies need to have a clear plan on how they intend to use it. Ideally, the capital should be used for additional capabilities development and sales/marketing efforts to increase the reach and impact of their products.

Investing in cybersecurity startups presents a great opportunity, but careful assessment is required. The cybersecurity sector is growing rapidly, attracting many new entrants. Therefore, investors need to carefully evaluate these startups and their unique offerings to differentiate them from others in the market. Having a clear understanding of how the investment capital will be utilized is also crucial for ensuring a successful investment.

Artificial Intelligence (AI) holds tremendous potential in the cybersecurity space. AI can be infused in products to make them faster, easier to use, and more effective. It can also help sort through large volumes of data quickly, which is invaluable in identifying threats and external attacks on networks. However, it is essential to prioritize the security of AI models and the data feeding into them to avoid potential vulnerabilities and breaches.

The cybersecurity sector has experienced significant growth in recent years, with the emergence of several successful companies. This growth is expected to continue as the demand for robust cybersecurity solutions remains high. Unicorn companies, those with valuations over $1 billion, are becoming increasingly common in the sector, highlighting its potential for economic growth and job creation.

Public-private partnerships have been instrumental in driving technological innovation, particularly in the realm of cybersecurity. Success stories from various countries, such as the US, UK, and France, demonstrate how collaborations between government and industry have led to the development and adoption of innovative technologies. These partnerships provide support, funding, and mentorship to early-stage companies, helping them secure funding and refine their products.

In conclusion, investment in cybersecurity startups is crucial for both economic growth and societal security. Startups bring valuable innovation to the constantly evolving cybersecurity space, and their differentiation and understanding of the market are essential for success. Investment capital should be used strategically, and careful assessment of startups is necessary to make successful investments. AI presents significant opportunities but requires a focus on security. The cybersecurity sector has experienced impressive growth, and public-private partnerships have played a key role in driving innovation. Supporting early-stage companies through mentorship and funding can help them overcome initial challenges and contribute to industry growth.

Peter Sund

The analysis highlights the potential and necessity of cyber security startups and the use of AI. Despite the dominance of large corporations in the industry, there is still room for startups to thrive due to their agility and innovative thinking. Startups are more agile and can identify gaps and opportunities missed by larger companies.

Prominent figure Peter Sund believes in the importance of startups in the cyber security sector. He recognizes their agility and innovation, emphasizing their role in identifying untapped potential and addressing emerging challenges.

Regarding AI, there is a lot of hype surrounding its applications, but it has yet to fully permeate all aspects of society. However, AI systems have the potential to manage companies and increase productivity.

There are concerns about the misuse of AI, as there is a history of technologies being misused. However, this also presents an opportunity for cyber security startups to provide solutions and counter malicious actors.

AI will likely be needed to counter bad AI in the cyber security field, highlighting the importance of investing in cyber security startups to develop and deploy AI solutions.

Government support is important for smaller companies, especially when they are engaged in innovative ventures. Smaller companies often struggle with running their businesses and acquiring funding. Government programs can help them thrive and contribute to economic growth.

However, caution is advised to ensure that government intervention does not stifle competition. Maintaining healthy levels of competition is essential for fostering innovation.

For countries with smaller internal markets, such as Finland, the focus should be on international trade. By expanding their trade networks and engaging in global partnerships, these countries can spur growth and innovation.

In conclusion, the analysis underlines the relevance and potential of cyber security startups in an industry dominated by large corporations. It highlights the importance of their agility and innovative thinking. The analysis also emphasizes the promise of AI in managing companies and increasing productivity, while acknowledging the risks of its misuse. Government support for smaller companies is recommended, as long as it does not compromise competition. Lastly, international trade is seen as crucial for countries with smaller internal markets to achieve growth and sustainable development.

Juliette WilCox CMG

Investing in and supporting cyber security startups is crucial for the resilience and growth of the industry. The UK government recognizes the value of nurturing a successful ecosystem of cyber startups and the critical role they play in government, business, and society. These startups often drive innovation and come up with unique solutions due to their freedom to think and act differently.

However, small companies, including cyber startups, face challenges in business planning and effectively communicating their strategies. They may lack clarity in their business plans and struggle to articulate their value proposition to stakeholders. Additionally, finding the first customer can be a significant hurdle for small companies, as they often lack an existing customer base.

To stay competitive, small companies must have a well-defined plan for scaling and continuous innovation. While they may have innovative products, the risk of competitors copying their ideas or technology is ever-present. Therefore, small companies must continually evolve and innovate to maintain a competitive edge.

It’s worth noting that some small companies may start with the hope of being acquired by larger entities. This acquisition strategy allows them to benefit from the resources and expertise of a larger organization.

Juliette, a supporter of small companies’ growth, emphasizes the importance of aiding these companies in understanding their business lifecycle. This support includes helping them export their products, expanding their market reach.

One common challenge for startups, including cyber startups, is effectively marketing their innovative ideas and technology. While many startups have good ideas and technology, they often lack the knowledge and expertise in marketing and sales. Support systems in the UK, such as the National Cyber Security Centre (NCSC), Cyber Runway program, and clusters program, provide assistance and guidance to startups in marketing their products.

Startups should be willing to enter into support ecosystems that provide the necessary resources and mentorship for business development. Recognizing the logical business development process is crucial for startups to navigate the challenges they may face in their growth journey.

While attracting venture capital funding is often seen as an achievement for startups, it shouldn’t be their end goal. Startups should focus on developing viable products and building a sustainable business model.

In the realm of cyber security, specific schemes and programs in the UK support startups in developing viable products and business strategies. The UK’s NCSC offers various programs that help cyber security startups grow into viable companies. These programs provide opportunities for startups to connect with UK and overseas partners, mentors, and access financing options. For example, the “cyber runway” scheme supports companies at all stages of development, providing access to markets, mentorship, and business planning assistance.

The government plays a crucial role in supporting and connecting cyber security startups with industry partners. By doing so, the government ensures the development and growth of these startups, enabling them to effectively tackle future cyber security challenges.

In conclusion, investment and support for cyber security startups are fundamental for the resilience and growth of the industry. The UK government actively fosters an environment conducive to the success of cyber startups. Additionally, small companies, including cyber startups, face challenges in business planning, customer acquisition, scaling, and market competition. Government intervention and support, as well as the willingness of startups to enter into support ecosystems, are crucial for their growth and success. With the right support and guidance, startups can develop viable products, establish a strong market presence, and contribute to the overall growth of the cyber security industry.

Moderator – Nisha Pillai:
Investment in Cyber Sector Startups, Kenneth Pentimonti, Principal and European Manager, Paladin Capital Group, Juliette Wilcox, CMG, Cyber Security Ambassador, Department for International Trade, UK, Peter Sund, Chief Executive Officer, Finnish Information Security Cluster, FISC, Nisha Pillai, Moderator, International Moderator, Former BBC Presenter, Shoaib Youssef, Managing Director and Partner, Boston Consulting Group. Excellencies, ladies and gentlemen, good afternoon and welcome to Sparring Investment in Cyber Sector Startups, that’s quite a mouthful really, Cyber Sector Startups and you’re going to hear those words, Cyber Sector Startups, over and over again in the next half hour or so because we’re going to talk about why it’s so important to create a thriving ecosystem of cyber security startups and also big firms but it’s not enough to have big ones. Why is that? That’s what we’re going to be discussing. What can small startups do to make themselves more attractive to investors? And more important of all, what can governments do to support small cyber startups? Let me introduce you to our eminent guests. We have at the far end with us someone who knows all about cyber security investment because that’s what his business does, Ken Pentimonti, Principal and European Manager of the Paladin Capital Group, welcome Ken. Sitting next to him is Shoaib Yusuf, Managing Director and Partner of the Boston Consulting Group based in Dubai, he’s just flown in. We are delighted to welcome Her Excellency Juliette Wilcox-CMG who is the Cyber Security Ambassador for the UK government, welcome Juliette. And finally from Finland, Peter Sund, CEO of the Finnish Information Security Cluster. So shall we get stuck right in? Your Excellency Juliette Wilcox, I’d like to ask you for the British government’s perspective first off on the importance of a flourishing ecosystem of small and innovative cyber security startups.

Juliette WilCox CMG:
Thank you, well it’s a real pleasure to be here and talking about the ecosystem is absolutely at the heart of the UK government’s cyber strategy and that reflects I think the importance we attach to building a really strong and resilient cyber security industry to support businesses, to support societies, to support the government. But it has to start somewhere and quite often when you’re thinking about innovation, about new ideas, about taking risks, about thinking things differently, then some of these are things that flourish out of very sort of small groups of thinkers, possibly connected to academic institutions, people who have come up with a good idea and are just trying to put it together and not necessarily bound by a grand strategy for a large company or indeed the sort of directive finance that sometimes comes with that. So you can get some of the incredible innovation that comes out of small startup companies thinking this through. But of course and as I’m sure we’ll explore today, it’s not as straightforward as that but frequently it’s where the spark, the innovation and the mad idea comes from in the first place. And for the UK, making sure that that access to that innovation and that innovation is allowed to flourish is absolutely at the heart of our sense of what the ecosystem needs to be supported by.

Moderator – Nisha Pillai:
Thank you very much for getting us going. Ken Pantamonti, well Paladin this is what you do, security investments, cyber securities, you have one fund devoted just to cyber security investments. So what are the key benefits for investors and the broader cyber security ecosystem from investing in early stage small startups?

Kenneth Pentimonti:
Well thanks Nisha, it’s a pleasure to be here and yeah I think there are multiple benefits to invest in early stage startups in the cyber space. Obviously first it’s we believe a fantastic place to invest just from a pure returns perspective. We think that the cyber security sector is a huge and growing area for all of the reasons that we’ve been discussing over the last couple of days. It’s a space, a sector that’s critical for national security, for corporate security, for the betterment of our society. And so it’s a sector where the technologies that we invest in those early stage companies are critical. And as an investor that makes for a fantastic area to invest early. Those companies use our capital to then hopefully grow and expand both their technology as well as their footprint globally and creates hopefully for us some very attractive returns. That’s from an investor standpoint. From a greater societal and cyber security ecosystem standpoint, early stage startups are critical. They’re really the engine for innovation in the whole space. Large companies, governments can’t and won’t do everything that’s needed to innovate and to create next generation technologies. Cyber security is very dynamic. It’s continually changing and it needs new technologies that adapt to those changes and address the issues. And startups are a key to doing that.

Moderator – Nisha Pillai:
So we’ve just heard from Ken Plantamonte and also from Juliet Wilcox how important it is to have those early stage small companies because they are the engines for innovation. But yet I wonder how easy is it for them to survive? What is the space for them? And I’d like to put that question to you, Peter Sund, if I may. I’ve been puzzling about this. Of course, cyber threats are increasing and therefore there’s a room and a demand for innovation. But at the same time, is there space for startups? Or is it being dominated by the really big, the behemoths, the giants?

Peter Sund:
Well, indeed, the dominance is rather evident also for the big players. That is certainly true. But it’s also necessary because cyber security in terms of looking at the sort of customer base and organizations who essentially virtually everyone needs cyber security products and services, so a lot of it is like mass commodities, one could say. But on the other hand, like we just heard, the fact is that the innovation part and sort of finding the gaps, what exists in the market, that is quite often done actually by the smaller actors and startups because they are much more agile and there is always some kind of new thinking involved there that something is missing, that there is a gap, there is an opportunity, and hence the kind of, I would even say, the agility that comes along with startups. It’s kind of in the DNA of being small.

Moderator – Nisha Pillai:
Indeed, indeed. So they’re both of the same thing, really. The small companies are finding those gaps, finding the opportunities and coming up with the creative thinking. And so I’m sorry to be a slightly pessimistic voice here, but Shoaib Yusuf, may I ask you, why is it that investments in startups this year, cyber security startups in particular, I mean, has plummeted? And is that something we should be worried about then?

Shoaib Yousuf:
Thank you, Nisha, for such a kind of important question which is on the top of pretty much every entrepreneur. They have been like trying to kind of understand, is this the right time to kind of launch their startups? But before I answer this question, I would like to take this opportunity to also thank GCF Institute for uniting the brightest minds in the cyber security industry to discuss such important topics. Now look, when it comes to kind of like the timing of the startup, it is not only cyber security which is actually in the challenging time. We have a global economical stress, and because of that, many of the investors are very reluctant in terms of where to invest, and is this the right time to invest? So I don’t think so that cyber security as a topic, as an industry, is at the risk of that. So it will come back. Now, if I look at the history, we had 36 unicorns in cyber security as compared to six in 2021. So I’m fully optimistic that cyber security industry is there and gonna thrive, and there is a huge potential, and I will see that it will come back. So I would not be too worried that it is 23 because of the investors are not investing in cyber security, which should be discouraging for our entrepreneurs. I think there are opportunities if your startup is tackling the right set of challenges, there are opportunities to get the capital. So I think the market is looking quite promising, and I’m sure that in the coming months, and hopefully by 24, 25, we will see much better outlook.

Moderator – Nisha Pillai:
Okay, thank you very much, Shoaib. Juliette Wilcox, so you and your team, your department works closely with cyber security providers, big and small. From your perspective, what do you see as the particular challenges that face small companies?

Juliette WilCox CMG:
So I think my particular team is obviously looking to help companies to export their products, but that’s quite a tricky thing for very small companies. The first thing at that stage is they’re often not completely clear what their business plan is, so they know they’ve got a great product. They may have a lot of technical brain power behind it, but they haven’t necessarily developed either the business plan or the ability to communicate that. So there’s a thing about having the right people and employing the right people to support your growth at the right time. The second thing is finding your pathway to a customer, and when you’re very small and you’re a startup, you don’t have customers. So who’s your first one, and who is the customer that is your reference customer that you can talk to and talk about to others as well, and particularly if you’re trying to sell into government, you need to have probably sold into government before another government will buy from you, because that’s that sense of, I don’t know if it works, and I’m not sure who I can see who is a bit like me as a potential buyer. And then I think the third thing is how do you have a plan to scale and to know what you’re going to do next? You might have a product that is innovative, but as soon as other people see that, there’ll be a rush to copy. So what is your next plan, and how can you make sure that you can quickly scale up to the size that your potential customers need? So that understanding of that sort of business life ahead of you, and that’s something that I think people need to think about perhaps earlier than they do. There are ways of helping them. And the other alternative, of course, is some of them start up in the hope of being bought by somebody bigger. So again, are you really clear about where you want to take the culture and the journey of your startup, what your future looks like, who your customers are likely to be, and how you’re going to explain yourself to them in order to make sure that they can understand your product and then fit it into their cupboard of cybersecurity products?

Moderator – Nisha Pillai:
So it sounds to me like you’re saying that many startups have very good ideas, they’ve developed the technology, but they don’t necessarily know how to market it, how to turn it into something that is a viable business and bring in revenues.

Juliette WilCox CMG:
I think that’s right, and that’s where I think they can get support. And certainly in the UK, we provide quite a bit of support through various schemes run by the NCSC or through our Cyber Runway program or through our clusters program. So you can get mentoring advice, and it’s being willing to step into that ecosystem of support and making sure that you don’t necessarily think you know it all because you are the masters of the technology, but recognize there is actually a sensible business development process to go through, even if you’re attracting a great deal of venture capital money potentially, that’s not the end of it for you. You have to think that through logically. Excellent.

Moderator – Nisha Pillai:
So let’s get an investment perspective on this now. Ken Pentamonte, how can cybersecurity startups make themselves more attractive to investors?

Kenneth Pentimonti:
That’s a great question, and it’s one that we deal with every day, looking at dozens of companies every week. What I would say, first off, cybersecurity is, while a very, very attractive space and one where we believe is a huge and growing area to invest, it has attracted lots of companies. And as a result, many of these companies often become very difficult to differentiate between. They look on the surface like they’re doing very similar things for businesses. So I think one of the first things right off is for startups to understand and very clearly communicate what they’re doing different. How they differentiate, usually, and ideally, it’s from a technology standpoint, and there’s a barrier to entry that they’ve developed. And so to understand that, understand their competitive landscape, and to be able to communicate that differentiation clearly, I think is one very, very important piece. Also to be very clear as to what specific part of the market that they’re trying to go after. Cybersecurity is a very broad space. Securing digital infrastructure can be across a number of areas, networks and data, and across cloud, across different communication channels. So very important for the company to understand its market, be able to define that size and the scale of that market, and do that in a way that’s concise and clear. And then I would say, lastly, the companies have to have a very clear knowledge of what they want to use the capital for. Our capital is expensive. We expect very good things from the companies that take our money, and what they have to do is understand what specifically are they going to do with the money, and how are they going to generate a return for that money. And that’s usually in terms of developing additional capabilities with the technology, as well as further building out their sales marketing efforts and growing globally. And so I think those are the key things that we look for when we look to put capital to work.

Moderator – Nisha Pillai:
Indeed. And capital is even more expensive right now, and that might indeed be why the investment in startups has been on the lower side this year. Thank you very much, Ken. So we’ve been hearing about AI, haven’t we? And the threats, cyber threats, posed by the burgeoning AI field right through the last couple of days. But what will the impact of AI have on cybersecurity startups themselves? That’s what I’d like to ask and get different perspectives from both Peter Sund and Shoaib Yusuf. So can I start with you, if you don’t mind, Peter? How will the continued growth, the AI everywhere world that we’re in now, affect cyber startups? Will they require even more?

Peter Sund:
capital? Well, thank you for a great question. Firstly, I am not convinced yet that AI is everywhere. I think AI is very high on the hype curve. That’s where it’s the biggest, I think. But of course, machine learning and automation and other things have existed in the industrial environment for a very long time. It just seems that the sort of public awareness and public access to certain type of AI systems is now creating this, a little bit of this hype. They are excellent. That, of course, is also a fact. So I think one aspect is clearly so that for smaller actors, these sort of general large language model-based AI systems and others, they can really help actually in the sort of general management issues of companies. They can increase productivity and so on and so on. But then the other side is, of course, the responsible use of AI. And as we know, there is very difficult to find technologies that would have not been misused. So it’s quite certain that AI will be misused as well. And it is already being misused. That is certainly true. And that’s also an opportunity for cyber security startups, isn’t it? Yeah, that is an opportunity. And maybe if I sort of take the other side of this, is that it’s highly likely that there will be a necessity for AI to sort of counter the bad AI. So it’s AI against AI, most likely in the cyber security field, in, let’s say, at least in midterm, I would say. Maybe not short-term yet,

Moderator – Nisha Pillai:
but midterm. Excellent, thank you. And Shoaib Yusuf, what’s your view on this? What’s the impact of the increasing penetration of AI into our lives going to be on the startup sector, cyber security startups? Thank you so much,

Shoaib Yousuf:
Nisha, for a fantastic question. Just building on of my fellow panelists, Peter, I have a slightly different view. I personally believe that AI is indeed everywhere. It is impacting pretty much all sort of industries. It is impacting how we actually look at things, how we actually perceive things. The sooner or better we identify that it also comes with a lot of opportunities for us, I will see those kind of industries, startups, and companies as the leaders. And the companies who are not able to kind of embrace AI and fully understand the opportunities it brings to the particular industry, I personally feel they will be more likely laggards. However, I see AI into two kind of categories. One is AI-centric products and AI-infused products. So AI-centric products are the perfect example of JetGPTs barred by Google. These are AI products. In these kind of things, which has given a phenomenal growth and a broader understanding of the potential of AI, what AI can do. However, AI- infused products, if you look at all kind of products out there, especially coming from the tech leaders, from Oracle to Salesforce to kind of Microsoft, everyone have started to infuse AI into their products. I personally believe this is not a choice. It’s must. All of our cybersecurity products eventually has to infuse AI to ensure that we fully unlock the potential of a lot of capabilities. If we won’t do it, we will be repeating the same mistakes because the AI tool as a tool is already available to all the bad guys out there. We need to infuse AI into our products. It will give us a scalability. It will give us operational efficiency. It will unlock the potential for us to generate new kind of insights, which we are not capable of fully able to deliver on.

Moderator – Nisha Pillai:
And is that a challenge or an opportunity for startups? It’s not clear to me listening.

Shoaib Yousuf:
It’s absolutely an opportunity. It’s absolutely an opportunity. However, the challenge is the scalability and the cost and the investment which is required. But if you look at 20 years ago, the cost of tech was quite high. And eventually, in the coming years, we will see with the hyperscalers investing where you see a lot of tech investments going on. Eventually, the GPU as a service over the cloud will become quite affordable for all the startup ecosystem to fully embrace and start innovating their products over that.

Moderator – Nisha Pillai:
I see you nodding your head there, Ken Pentamonte.

Kenneth Pentimonti:
Yeah, I would very much agree. I think there’s a huge opportunity that AI provides. I kind of look at three different opportunities within cybersecurity. One is just what was mentioned, leveraging AI to make the products, the services better, infusing that within many of our companies have already started a path toward leveraging AI in their products to make them faster, to make them easier to use, to make them more effective. Fantastic opportunity. Secondly, is leveraging AI to enhance what are very complex, huge data sets within the industry, especially as looking at threats and various different external attacks on networks. There’s a huge amount of data that needs to be sorted through and figured out in very quick time. AI is an incredible tool to better do that. I think lastly, AI itself. So the AI-based models, large organizations, governments are going to continue to use AI for various different purposes, non-cyber related purposes. But those AI models and the data that goes into those AI models needs to be secure. So that’s going to open up a whole new realm of cybersecurity technologies that secure those models and secure that data.

Moderator – Nisha Pillai:
A whole new specific application for it. So clearly there is national interest in having a burgeoning cybersecurity ecosystem of small and large companies. What role does government play then in supporting the smaller companies that may not really have got going yet and not standing on their feet independently? I’d like to start with a government perspective and ask the UK cybersecurity ambassador, what have you seen to be the most effective ways in supporting and directing and targeting support to small startups?

Juliette WilCox CMG:
Thank you. Well, we do have actually at least two direct and specific schemes that are pointed at helping startups work out what their ideas are, how they develop into something that’s a saleable product, how do they get mentored into creating a company that works, where do they find their potential customers, how do they face the idea of growing their financial capacity. And so we do that through, I mean, our NCSC actually specifically backs a program for startups. It gathers together people who, startups that are interested in solving very specific problems that governments have identified and then it will help them to grow into viable companies that can then become the sort of vehicle through which we solve some of our future problems. And that allows them to have those opportunities to meet in the UK and overseas partners, mentors and access to finance. We also do a scheme which we call a sort of cyber runway which is actually taking companies at all stages, which is so startups are absolutely there but there may be companies who are developing in other ways. Again, it provides them those opportunities to find access to markets they may be unsure of, how to get there, of mentorship and of managing money and developing business plans. But we know that without that it’s quite difficult. People are swimming around, not really being quite sure how to connect the dots. So being very, very specific about what your country is looking at in terms of its problem sets and then where you can intervene as a government to help with partners and they’re all with our industry partners that do this. It isn’t government that delivers this. That allows you to then have that network that’s built into the programme and allows them to sort of expand and find opportunities to develop and sometimes to fail. It helps them also to explore areas where they’re not going to be successful, places where they don’t think they want to develop, where they’re not good enough and need to employ different kinds of people in their company. So testing that through a sort of safe space of mentoring, I think, is incredibly important. It’s as useful as anything. Thank you, Juliette.

Moderator – Nisha Pillai:
So Piisatoin, you run the Finnish information security cluster. How do you see the role of government in supporting the smaller companies? Well, definitely.

Peter Sund:
For instance, those kinds of programmes and approaches that were just mentioned, as for example for UK, but there is also kind of the other side that sort of government instruments and support not leading to a situation where the government picks out the winners, the winning horses, so to say, that we have to be also careful on that because the market has to sort of live on the competition and so on. But the fact is that the smaller actors, they do need support because, especially when we talk about really novel sort of innovations and novel approaches, quite often these sort of key persons in these companies, they are not business specialists. They don’t have the networks, they don’t know exactly how to run businesses, they don’t know how to acquire funding and how to test and validate early enough of their sort of portfolio or the innovative idea, and hence we need all these multitude of supporting actors. That absolutely is correct in the sense, but I think more over, I think, for example, for Finland as our internal market is smaller than many others, quite often we wish to focus on the sort of international trade side. Indeed, it’s a necessity, isn’t it?

Moderator – Nisha Pillai:
Thank you, Peter. Shoab, over there, hello. I want to ask you about public-private partnerships at this point of the discussion. What’s the record like? Have they been effective? Have they delivered?

Shoaib Yousuf:
Nisha, this is a fantastic question and I think it all depends on quite a few variables that how you view public-private partnership. It depends on the economics and the national kind of, you know, how big is the market, what is the maturity of a particular country, how fragmented, how much kind of cybersecurity players are already there, how much is the demand. So there are quite a few variables which play a role in terms of public and private partnership. I personally believe that the countries who are quite behind in terms of their cybersecurity capacity to deliver on their supply needs, the government has to play a pivotal role in orchestrating the industry. They have to kind of play a role in bringing the private sector together. They have to kind of stimulate public-private partnership because doing that, it allows a lot of simulation in R&D. It allows a lot of incentivized, you know, programs for the private sector to look at cybersecurity differently. And most importantly, it also allows entrepreneurships to kind of like, you know, not only launch their startups and bring their innovative ideas forward, but it also have the government who is providing the support, much needed support for the technology transfers, for patenting, and many of these things are quite expensive. And public-private partnership plays a pivotal role in terms of stimulating that growth. So my short answer, Nisha, is it depends on the maturity of the country. It depends on what is this, you know, phase and what is the vision that countries see. Is the country really sees cybersecurity as one of their strategic priority? And if they see a lot of demand, government has to play a role and public-private partnership is the way to go.

Moderator – Nisha Pillai:
Thank you very much, Shoaib. So shall we end on a positive note, Excellencies, Ladies and Gentlemen? I’d like to ask Ken Pentamonte, can you share some positive examples of some success stories in this field with us?

Kenneth Pentimonti:
Yeah, sure. I think there are a whole bunch of great success stories. It was mentioned how many unicorns there are now in the cybersecurity sector. It’s great to see that the sector has really grown over the last handful of years and I think will continue to be a significant sector within the broader tech investing sector. I think there’s some really interesting ones. We talked about public- private partnerships. There’s an entity called In-Q-Tel in the United States that’s done a really good job of identifying innovative technologies that are now being used in the U.S. government. Juliet mentioned a number of programs that the U.K. government is sponsoring that have been fantastic. We’ve invested in a few of those companies coming out of those programs. Very, very helpful to get those companies up and going. We’re involved in a program in France called the Campus Cyber that’s a public-private partnership between the French government and various corporate sponsors. We’re involved in that. We’re a mentor and we get involved early stage, earlier than we would typically invest in companies, but we try to help them scale and get to a stage where they would be ready for our capital and in fact we’re in process of hopefully making an investment in the first company coming out of that program. So lots of great success stories. I think there’s huge opportunity for governments and corporate organizations to get together to help facilitate. It is very difficult for very early stage companies to get that initial funding, prove their products, and then be attractive to venture capitalists at a

Moderator – Nisha Pillai:
little bit later stage. On that note, we shall draw our conversation to a close. I’ve learned a huge amount from our discussion. Some of the struggles that small startups face, the ways in which government can help and why it’s so important, and what the national economic and defense payoff and benefits are for us all. Shall we join our hands to say thank you to our eminent speakers, Ken Pantuonti, Shoaib Yusuf, Her Excellency Juliet Wilcox, and Peter Thurmond. Thank you for joining us.

Will Ripley

**Will Ripley**, a renowned speaker and expert in cyber psychology, is scheduled to participate in a highly anticipated discussion on the subject. One of the main objectives of Ripley’s participation is to understand the unique aspects of cyber psychology and how people’s interaction with digital devices affects it.

Ripley points out the negative consequences of excessive phone use and highlights the addictive nature of smartphones, particularly due to the release of dopamine. He personally spends around six to eight hours on his phone, which exemplifies the pervasive influence of digital devices in our lives. To mitigate these issues, Ripley advocates for reducing screen time as a means to improve both mental and physical health.

Another significant aspect of the discussion revolves around the concept of online anonymity. Ripley questions the practicality of achieving absolute online anonymity as he argues that a fake profile could ultimately be traced back to the user’s IP address. He also highlights the use of virtual private networks (VPNs) in the context of online anonymity, further emphasizing the challenges in maintaining complete anonymity in the digital realm.

Furthermore, Ripley acknowledges the broad definition of cybercrime. He believes that minor actions could potentially fall under this definition, and he questions the subjective nature of the term. This perspective highlights the need for a more nuanced understanding and approach to defining and addressing cybercrime.

Digital piracy and its impact on societal norms and values are also discussed by Ripley. He points out that many individuals unknowingly commit digital piracy by downloading and sharing multimedia content without proper payment. This prevalent behavior is seen as a significant concern that needs to be adequately addressed.

Ripley also brings attention to the middle ground in online behavior, where concepts such as freedom of speech and anonymity reside. He argues that this gray area needs careful consideration as it is often the source of disagreements and controversies. Finding the balance between allowing freedom of expression and regulating harmful content is a complex challenge in the digital age.

Artificial intelligence (AI) is another topic of interest in the discussion. Ripley suggests that the potential risks associated with AI are being considered, as evidenced by the UK hosting an AI summit. However, he also notes the difficulty in achieving consensus on global regulation due to geopolitical tensions and conflicting national interests.

The burden of monitoring and regulating online content is placed on social media companies, which Ripley questions the fairness of. He argues that these companies are not only expected to act as providers of platforms but also as virtual policemen and traffic cops. The responsibility placed on these companies raises concerns about the regulation of online content and the potential for censorship.

The discussion also addresses the importance of online safety technologies, or safety tech, in protecting individuals’ well-being in the digital world. Cybersecurity is recognized as a means to protect data, systems, networks, and devices, but the focus on human online safety is often overlooked. Ripley points out the growing sectors of safety tech in the UK, Europe, and the US, highlighting the increasing recognition of the significance of protecting individuals online.

In conclusion, the discussion involving Will Ripley highlights various pressing issues related to cyber psychology, excessive phone use, online anonymity, cybercrime, digital piracy, online behavior, AI risks, social media content regulation, and the importance of online safety technologies. Ripley’s insights shed light on the complexities involved in navigating the digital landscape and the need for a balanced and well-regulated approach to ensure a safer and more ethical online environment.

Prof. Mary Aiken

The analysis explores various arguments and stances on the topic of cyber psychology and online behavior. Professor Mary Aiken sees cyber psychology as the future and believes it is crucial in understanding the impact of technology on human behavior. Despite her conviction, she encounters skepticism from those who dismiss cyber psychology as ‘cyber hocus-pocus’. This highlights the challenges faced in introducing a relatively new field of study to the academic community.

The study of cyber psychology delves into various aspects of online behavior. One such aspect is the time loss effect, where engaging in online activities can result in an unintended loss of time. For example, checking emails for a few minutes can quickly turn into hours spent online. This phenomenon raises concerns about productivity and time management in the digital age.

Another significant area of study within cyber psychology is the concept of online disinhibition, which refers to the tendency for individuals to exhibit different behaviors online compared to in-person interactions. The perceived anonymity and sense of detachment in online environments can lead to a loss of inhibitions, allowing people to engage in actions they may not typically do in the offline world.

Related to online disinhibition is the issue of online anonymity. Unlike in the real world, the internet allows individuals to remain anonymous, which can lead to more extreme behavioral changes. While some argue that online anonymity offers freedom of expression, others note the potential for negative consequences such as cybercrime and cyberbullying.

The influence of online platforms on individual behavior is also explored. People tend to conceptualize themselves differently in online spaces, where they seek validation through likes, comments, and engagement. This can lead to significant changes in behavior as individuals adapt to the online environment. Professor Aiken strongly believes in the significant influence of online platforms on individual behavior, emphasizing the need to understand and manage this impact.

Attention retention in the online world is another crucial aspect discussed in the analysis. Devices and online platforms are designed to capture users’ attention, creating an attention economy that rewards systems for captivating users for longer durations. This has implications for mental health and well-being, as individuals may become addicted to online engagement and struggle to disconnect from the digital world.

The analysis also highlights the socio-political aspects of cyberspace, focusing on the need for regulations and responsible behavior. Anonymity on the internet is questioned, with some arguing that it should not be considered a fundamental right but rather a privilege that comes with responsibility. The potential for harm in cyberspace, including cybercrimes like cyberbullying, harassment, and money laundering, prompts discussions on how to protect vulnerable individuals, particularly children, and establish regulations to hold social media companies accountable for the content on their platforms.

In conclusion, the analysis presents a multifaceted exploration of cyber psychology and online behavior. It acknowledges both the potential benefits and risks associated with increasing reliance on technology and online platforms. A better understanding of cyber psychology can help mitigate the negative consequences of online behavior and ensure a safer, more ethical digital landscape. However, it is clear that further research, regulations, and education are needed to address the complexities and challenges posed by cyberspace.

Audience

The analysis explores various topics, beginning with the effects of violent video games on behavior. One speaker takes an inquiring stance, seeking to understand the factors that influence the behavior of individuals exposed to violent video games. This suggests a neutral sentiment towards the topic. The speaker mentions engaging with the professor’s material on YouTube and recognizing the interconnectedness of the real world and cyberspace. The main argument is to gain a comprehensive understanding of how violent video games impact behavior.

The analysis also discusses the global regulation of AI, the digital economy, and social media markets. Ongoing initiatives to globalize regulation are mentioned, indicating a neutral sentiment. However, another speaker takes a positive stance, emphasizing the importance and benefits of globalizing regulation in these areas. Unfortunately, there are no supporting facts provided for this argument. Nonetheless, the main point is to advocate for globalized regulation to ensure fair and effective governance in AI, the digital economy, and social media.

In addition, the creation of a safer internet is addressed. A scientist speaker is actively working towards this goal, with a positive sentiment. However, specific details or evidence regarding the scientist’s methods or initiatives are not mentioned. Nevertheless, the argument is clear: advocating for a safer online environment.

The analysis also explores using data from online trolls for research, with a neutral sentiment. A speaker mentions the abundance of data provided by trolling and their utilization of it for research. However, specific details about the research or the insights derived from the data are not provided.

Lastly, a speaker holds a strong and confident stance against online trolls, encouraging their ongoing activity as it provides valuable data. This suggests a positive sentiment towards the speaker’s approach, considering the benefits derived from gathering troll data. The related topics discussed include internet safety and online abuse, aligning with SDG 5 for Gender Equality and SDG 16 for Peace, Justice, and Strong Institutions.

Overall, the analysis covers a wide range of topics and perspectives. It provides insights into the impacts of violent video games, the importance of globalized regulation, efforts towards creating a safer internet, and utilizing data from online trolls for research purposes. However, some arguments lack specific supporting evidence, limiting the depth of analysis in certain areas.

Will Ripley:
Capital Technology University. I’m actually… Ooh, hang on. Got a round of applause. That’s impressive. She hasn’t said a word and she’s got a round of applause. I’m fascinated by this. Really fascinated, because I’ve done many discussions, but I’ve never done one on cyber psychology. And as you were saying to me earlier, cyber psychology used to be known as cyber hocus-pocus.

Prof. Mary Aiken:
Well, I first came across the internet and technology back in the 90s and in the form of a chatbot and I was captivated and I had just qualified in psychology and I thought, wow, this is going to change everything. So when I went rushing back to my professors of psychology, they said cyber hocus-pocus. But I actually thought this was the future of the internet and I went back and re-qualified, did a Masters of Science in Cyber Psychology, did a PhD in Forensic Cyber Psychology, which is the study of criminal, deviant and abnormal behaviour online and I’m kept pretty busy.

Will Ripley:
We’re going to get into much more detail on that. The panel is all about anonymity and we’ll get to it. But I think we have to set the parameters. And by the way, we’ll also take questions. So any of you who’ve got any questions, we’ll also take questions. Well, the professor will take questions. What is different about cyber psychology? What is it that happens online that is different? Or when we integrate with digital equipment, if you will. I’m trying to be as neutral as possible.

Prof. Mary Aiken:
Cyber psychology is the study of the impact of technology on human behaviour. And effectively, you know, this conference, the theme is all about cyberspace. So when you go on your phone, when you go online, what you’re doing is entering a powerful psychological environment. I mean, did you ever stop for five minutes before a taxi came to check your emails? And half an hour has gone just like that. So there’s a time loss effect. There’s infinity in terms of search. You see behaviours like online disinhibition taking place online. And then, of course, the theme of this talk, you have the potential to be anonymous online, which you don’t have in the real world.

Will Ripley:
Okay, so at what point does our behaviour change? What is the catalyst for the change?

Prof. Mary Aiken:
I think the catalyst for change is the moment that you enter into that environment. You know, the moment that you take a photo and you post it on TikTok or LinkedIn or Meta or wherever, and you begin to sort of conceptualise yourself in this environment where you want likes and you want comments and you’re in cyberspace and you’re thinking about your persona in that environment.

Will Ripley:
I’ve just read the book about how to break up with your phone, which is an incredible read about… Quick question. How many hours a day do you think you spend on your phone? How many? Five? Seven? Eight? Any increase on eight? Yes, sir. How many? You. I… If I’m not working actually a lot on air and I’m having to use my phone for my earpiece, it’s about six to eight. That’s horrific. But it’s this idea of the whole phone is designed to capture us for the dopamine effect. The app is designed for reward and these sort of things. So that in itself shows the significance of psychology.

Prof. Mary Aiken:
Absolutely. I mean, these devices are designed to capture our attention. But more than that, when you go online and you’re on social media, you also have what’s called the attention economy. So the more that a content can pull you in, get your attention, people are monetizing that attention and profiting from your attention.

Will Ripley:
This brings us to the idea of how our behavior changes. The disinhibition… I can’t say the word. Disinhibition.

Prof. Mary Aiken:
Disinhibition.

Will Ripley:
In other words, no one can tell what I’m up to. By the way, who’s got a phone in here? Who’s got a phone? Could you just hold it up for me so I can make sure you have got a phone? I want everybody to hold their phone up. Sir, you’ve got a phone. Hold it up. There we go. Now, I want you to take your phone, and I want you to do a swipe from the top right down. And then I want you to put it into airplane mode. All right? I would like everybody in airplane mode while we continue talking. This behavioral change. Describe it.

Prof. Mary Aiken:
So, as I say, you have effects. Online disinhibition dictates that people will do things online that they would not do in the real world. So, you’re more disinhibited. As I say, just likely your behavior changes and mutates. Now, that’s just pure disinhibition when you’re a known entity online. But then you’ve got a much bigger step when people become anonymous. And that’s where behavior can really change. So, anonymity is often confused or conflated with privacy. Anonymity is where you have no details, where you’re an unknown entity. Privacy is where you’re known, but you’ve got the right to control your data. So, anonymity is a superhuman power of invisibility, like a superhero. And that power comes with incredible responsibility to use it properly. So, how would you be anonymous? You could create a fake profile under a different name. That’s a form of anonymity. You can use a VPN. That’s a form of anonymity. And at an extreme level, you can also use Tor to go to the darker parts of the Internet. And that’s anonymity.

Will Ripley:
This has been around pretty much since the Internet began. I want to show you. I’m only going to show one side. Have a look at this slide, which became… If you could bring it up, there we go. This was one of the most… You’ll be well familiar with this. On the Internet, nobody knows you’re a dog. That was back in the 80s, 90s. And it was, if you like, the first manifestation of anonymity.

Prof. Mary Aiken:
And I would paraphrase that and say, on the Internet now, nobody knows if you’re a person or not. Not just a dog, because we’ve got so many bots. Yeah, I think that the debate about anonymity is people say, Well, I have a right to be anonymous online. And the point about anonymity is it is a 20-year-old invention of the Internet. It is not a human right. It is an invention. And therefore, it needs to be questioned. Of course, anonymity can allow you to express yourself in a way that you couldn’t in a real-world context. It can allow you to explore areas that you might not do if you were a known entity. It can allow freedom of expression where you might be oppressed or in an oppressed minority. But if the cost of that is rampant cyberbullying, harassment, sextortion, cybercrime, cyberfraud, then the cost is too great for the Internet.

Will Ripley:
Okay, but when you say anonymity, and it’s not a philosophical question, it’s a practical one. Is it possible to be anonymous? If I create a fake profile, it will eventually work its way back to my IP address. If I use a VPN, I mean, is there such a thing as true or absolute anonymity online?

Prof. Mary Aiken:
Yes, if you use something like Tor, the Onion Router.

Will Ripley:
So let’s assume that that’s really for a very small…

Prof. Mary Aiken:
Anybody can use it.

Will Ripley:
Right, but for the people in this room who will just create a fake Gmail or a fake this, that or the other, they’re creating an anonymity as a front piece, in a sense, aren’t they? As a mask.

Prof. Mary Aiken:
Yes.

Will Ripley:
How risky is that, do you think, in terms of the…

Prof. Mary Aiken:
Well, it’s not risky for an adult to decide, I want a fake profile. That’s something that you’re free to do as an adult. Where the risk sets in, in two ways, is one, when you see children and young people creating these fake profiles, because then it removes a sense of responsibility, and they can really get themselves into trouble. So we’ve just finished a very large European study of 8,000 young people aged 16 to 19, and we found that the vast majority of those young people had up to five different profiles on one platform.

Will Ripley:
Really?

Prof. Mary Aiken:
Yeah. So what they were doing is they had their profile that their family can see, then they have another profile for their friends, then they have another profile for a smaller group. So they’re managing all these personas in cyberspace, which is sort of exhausting. But in addition to that, especially if it’s a young child, parents may have no visibility of what they’re doing. So it’s the duty of the parent to protect the child in the real world. It’s also the duty of the parent to protect children in cyberspace. And what we’ve seen in the UK, we’ve seen the introduction of the Online Safety Act, which is for the first time a very broad measure that’s going to seek to protect children in cyber context, among other things. And one of the things they’re going to crack down on is the multiplicity of fake profiles, particularly when these profiles are used to harass people, are used for hate speech, are used to extort from people. So they’re going to look for serial offenders and shut it down.

Will Ripley:
There is an argument that will say that the younger generation who have been born and brought up with this are better at managing it. Now, I’m not talking in terms of the nefarious or the dangerous, but I’m just talking about this idea of having multiple personalities online. I might find it difficult to cope with five profiles, but somebody who is 16 and knows no different will just be part of their meat and veg.

Prof. Mary Aiken:
It doesn’t mean it’s good developmentally, because the point is that when you’re young, one of the things that you have to learn, and this is what we all went through growing up, is that there are consequences for your actions. And a young person who creates a fake profile, who maybe engages in harassing somebody or bullying somebody, or worse, extorting from another person, they may not, at 13 or 14 or 15, be fully aware of the consequences of that behavior. And therefore, it’s our duty as a society to protect them from getting into trouble. Let me take it a step further in terms of cybercrime. So you can have pathways into behavior. You can start with cyberbullying, you can amplify to harassment, and then you can get engaged in true criminal behavior. And harassment and cyberbullying is illegal in some jurisdictions. But let’s talk about things like hate speech, which is a crime, or cyberfraud, which is a crime, or identity theft, which is a crime. There’s a very thin line between the acceleration of these behaviors.

Will Ripley:
Are you suggesting the slippery slope argument?

Prof. Mary Aiken:
I’m not suggesting, I’m saying that the scientific evidence in the studies, the most recent study that I’ve been involved in, which is an EU study, 8,000 young people, we found a significant correlation between covert, undercover profiles that young people were using, and engagement in cybercrime. And in fact, of the sample of the 8,000 16 to 19-year-olds in all of Europe and the UK that we looked at, almost 50% admitted to engaging in a cybercrime. Hold that. How many people in this room will admit now to engaging in a cybercrime of one sort or another? That is entrapment. You don’t have to put up your hands.

Will Ripley:
How many people? Well, I’ll put my hand up. How many other people will admit to have engaged in some form of cybercrime? Yeah, yeah, yeah. Because you know where I’m going with this. Because the definition of cybercrime could be taken really quite low-content. And this is the slippery slope argument. It starts where?

Prof. Mary Aiken:
Well, things like digital piracy.

Will Ripley:
So now how many people have shared a piece of music or a video or downloaded something without paying for it? You’re all criminals. But the point, this is a valid issue, isn’t it?

Prof. Mary Aiken:
Okay, so the point is that if you have a generation that have grown up stealing music, stealing videos, stealing software, then the moral compass between that and then suddenly getting access to somebody’s credit card that they could use quickly just to buy something that they need, that’s a very thin line. And the point is that there’s also a perception that it’s a victimless crime. Well, the record companies can afford it, the movie companies can afford it, the bank will pay for the credit card. And the problem with that is, is you begin to see this societal shift. And while 50% engaged in a cybercrime, and you could say digital piracy is a big number, I think it was one in three, actual very serious crimes like hacking, like sextortion, cyberfraud, that was one in eight. They’re big numbers. One in 11 in our study admitted to engaging in money mulling, which is money laundering. Now, the point about it is, how cognizant or how aware would a young person be that they were laundering money? Imagine they click on an ad on the internet, and the ad says, would you like a part-time job in a logistics company? Fantastic. So, you answer the ad, and they ask you for your bank detail. So, you give them your bank details. And then they send you $1,000, and they say, all you’ve got to do is take $800 and send it to four different accounts, and we’ll send you the numbers, and you keep $200. And if you do that, the next time, $10,000 will come.

Will Ripley:
Does that happen?

Prof. Mary Aiken:
All the time. This is money laundering.

Will Ripley:
Why is it always people writing to me asking me to give them money, and never actually? Really?

Prof. Mary Aiken:
But the point is, that’s a crime. And the cyber criminals will use a young person, use their bank account, do a couple of test runs, and then put a large amount of money through. The young person then splits up the money, and the next thing, knock on the door, it’s the police, you get arrested for money laundering. This is a huge problem.

Will Ripley:
The ability to deal with it, because starting, as you like, with the digital piracy and all of that, what you’re saying, which is particularly fascinating, is that this is a shift in norms. This is a shift in values. You might not go to the grocery shop and steal sweets, but eventually, you’re moving into…

Prof. Mary Aiken:
So, we’ve interviewed young people in research, and we’ve said, would you walk into a record shop in a shopping center? Would you walk up to the shelf, and would you steal a CD, put it in your bag, and walk out? And they say, no, absolutely not. But will they do it online? Yes. And that’s the difference. But ultimately, there is a symbiotic relationship between cyberspace, what happens online, and the real world. What happens in cyberspace impacts on the real world. What happens in the real world impacts on cyberspace. So the point is, if we want young people to grow up and participate as good citizens in a collective society, our children are growing up online. They are learning things that are not culturally appropriate, that are not acceptable in civilized society, and that are detrimental to the social good.

Will Ripley:
The problem with your view, as some would suggest, respectfully, is we can all agree at this end, sex trafficking, sex torture, bullying, that’s wrong. And we can all agree that a bit of this, that, and the other is fine. It’s the bit in the middle, it’s the gray bit, where somebody says, and never mind so much with children, but just with anybody online, no, hang on, it’s freedom of speech. If I want to be anonymous, it’s my right, or at least I’m entitled to be. If I want to do this and say that, it’s my right.

Prof. Mary Aiken:
Okay. So I would love to be anonymous when I’m traveling. I would love when I go to an airport not to produce a passport. I would love not to have a photograph taken. I’d love not to give my fingerprints every time I’m moving around the world. But I don’t get the right to be anonymous when I’m traveling. Why? Because it’s for our collective security. Now transpose that argument to cyberspace, when you are a known entity, anonymous beginning with N as opposed to anonymous beginning with A, then that’s what helps to create a robust, thriving, equitable, fair, civil society.

Will Ripley:
So how do you force non-anonymity?

Prof. Mary Aiken:
I think that what we have to do is question the fundamentals of the internet. And you know, the point is that I have these debates, I debated against the American Civil Liberties Union. They don’t agree with me, of course. And the point is that we have created this fantastic invention, this superhighway for connectivity, where we can learn, where we can play, where we connect, but we are ruining it for ourselves because negative, toxic, hateful behavior is getting out of control. And cybercrime is getting out of control. The latest figures for cybercrime estimates it at a cost of 8 trillion to economies. If cybercrime was a country, it would have the third largest GDP in the world.

Will Ripley:
We’re actually heading in the wrong direction in a sense, because let’s take Bitcoin, which is the whole premise is anonymity. The whole idea is that the transaction can’t be traced.

Prof. Mary Aiken:
And it’s the go-to currency for criminals. So the point is, we adopt each new emerging technology with the collective wisdom of lemmings leaping off a cliff. Just because it is new does not mean it is good. And technology will only mean progress when we can mitigate its harmful effects. And that’s what’s missing. It’s this cyber utopian view. AI is fantastic. HGPT is fantastic. And nobody is thinking about the downside. Nobody is thinking about what happens when this goes wrong. It’s like a form of cognition.

Will Ripley:
Well, we are with AI, to be fair. I mean, the UK has an AI summit.

Prof. Mary Aiken:
It’s a bit late.

Will Ripley:
And you suggest we can’t put the genie back in the bottle on this?

Prof. Mary Aiken:
No, not when it comes to AI. And with AI, then there’s a question about regulation of AI or not. But the whole point is that you have to achieve balance. There has to be some form of oversight. Just the same way as we have in the real world.

Will Ripley:
But we’re destined to get this completely wrong, bearing in mind each country wants to do their own thing. The geopolitical tensions mean that you’re not going to get everybody on the same page.

Prof. Mary Aiken:
I think that’s why it’s so important to talk about cyberspace. Because we have other shared spaces. So back in the day, when people were exploring the world, you had the oceans. That was a shared space. And we came up with rules and regulations for good practice. Then we invented planes. And then we had the shared space for air travel. And we came up with regulations for that. Then we have outer space. And we have governance there. And that’s why this conference is so important. Because it’s one of the… I travel worldwide. I speak at many conferences. And it’s one of the few conferences that puts an explicit focus on cyberspace. So my suggestion is, where could we start? We could start on the things that we agree with. We don’t want cybercrime. There’s no argument in favor of cybercrime. We don’t want child sexual abuse material on the internet. There’s no counterargument for that. So let’s start where we can agree in this shared space. And then let’s work back.

Will Ripley:
Let’s take a question. We’ve got a few minutes. Questions, anybody? For the good professor. We have… I don’t know whether we have microphones. But if you stand, sir, and show us… No speeches. Just questions, please.

Audience:
It’s good to see you, Margaret. I often see you on YouTube. So it’s really good to see you face to face. I have a question regarding, as you say, the real world and the cyberspace is connected to each other. It impacts the real world and the cyberspace. So my question is that, how can we understand the factors that influence the behavior of those who are exposed to violent video games? Right. So just give us the… How can we… How can you… You know, we can understand and do something that, you know, impact the behavior.

Prof. Mary Aiken:
Well, that’s the joy of the discipline of cyber psychology is cyber psychology can help to navigate our behavior in cyberspace, provide insights, provide explanatory value, and provide direction.

Will Ripley:
Give me an example of where you’ve actually found that to be the case. You’ve either said to a gaming company or to somebody, you’ve actually said, my research says, do this or don’t do this.

Prof. Mary Aiken:
At a policy level, for example, I worked closely with the government on the Online Safety Act. And that would be a really good example of everybody coming together and for the first time creating this spectrum of harm, cyber bullying, harassment, extortion, mis- and disinformation, very important. And then lots of debate and lots of processes to create legislation to address.

Will Ripley:
And then when you talk about misinformation and disinformation, you’re talking in many cases about state actors when it takes on a whole different area of complexity.

Prof. Mary Aiken:
Absolutely. But we’re collectively subjected to it.

Will Ripley:
Right.

Prof. Mary Aiken:
So you have state actors, but this is mediated by the social media companies who decide to…

Will Ripley:
Is that fair on the social media companies who find themselves in the position of not only being the providers, but having to be the policemen and the traffic cop?

Prof. Mary Aiken:
Those who profit in this space should be accountable in this space. And the thing about the UK legislation, it’s going to force a duty of care on the social media companies and force compliance and will fine them. And more importantly than fines, because they can afford to pay the fines, they will look at prosecuting senior executives who fail to comply.

Will Ripley:
I’ve got a question, but I want to see if anybody else has a question because this is fascinating. Anybody out there? In which case, I will… Oh, yes, ma’am. You’re going to have to shout. Yes. Yeah. Thank you for your… Sorry, I can’t speak up. Hello? Can you hear me? Yes, we can. Yeah. Okay.

Audience:
Thanks for your significant contribution in this very important aspect. Actually, from the exposure you have working with global organisations, and we know that all these laws and regulations coming for AI, to regulate AI, regulate also the digital markets, social media markets, the digital economy, the digital economy, the digital markets, social media, like DMA and AI laws. Is there any initiative being worked regarding globalising the whole thing, like creating something that will be an alliance or something?

Will Ripley:
Right. Excellent question. Is there any come together in all of this? Exactly. Is there any globalised move to this that’s actually doing any good besides just inviting people to make presentations?

Prof. Mary Aiken:
Do you mean specific to this forum in general?

Will Ripley:
No, no, no. I mean in the world. What are you seeing by way of collaborative effort at the global level that impresses you?

Prof. Mary Aiken:
At the global level, I’m seeing a real interest in online safety. So here, this is a cybersecurity conference. So I’ll just explain. Cybersecurity protects your data, your systems, your networks, and your devices. Cybersecurity does not protect what it is to be human online, as an employee, as an operator, or as a user. I’m seeing this growing movement in terms of online safety technologies, or what we call safety tech. These sectors are growing worldwide. We have one in the UK. We have the beginning of it in Europe. We have one in the US. And my belief is that this new sector is attracting investment and provides technology solutions to technology-facilitated harmful and criminal behavior. These behaviors have the characteristics of big data, volume, velocity, variety. And therefore, we need machine solutions.

Will Ripley:
Right. But as we come to the end, you must be very popular in some circles and deeply unpopular in others because of the work that you do. Those who are wanting a better internet, those who are wanting a safer environment must love you. Those either nefarious or these supposed freedom lovers that isn’t true freedom must be very much against you. Yeah.

Audience:
But I’m a scientist, and I’m well able to take care of myself. And you know, I get trolled online. If I speak in something like this, I get trolled. And do you know what I say? I’m a cyber behavioral scientist. When you troll me, you give me data and lots of it. So keep coming.

Will Ripley:
Ladies and gentlemen, she’s inviting you to troll her. Professor, that was fascinating. Thank you. Really fascinating. Thank you very much. Okay. Thank you.

Richard Watson

AI development has rapidly advanced, leading to a faster and more accessible IT landscape. This development has made IT more accessible to individuals and organizations alike. However, this rapid progress has also raised concerns regarding the associated threats that come with AI technology.

One of the primary concerns is the potential for AI to enhance the authenticity of malware and enable the creation of deepfakes. Malicious actors can leverage AI-powered techniques to create sophisticated and realistic cyber threats, which can pose significant risks to individuals and businesses. Deepfakes, in particular, have the potential to undermine trust and integrity by manipulating and fabricating audio and video content.

Businesses are increasingly incorporating AI into their operations, but many struggle to effectively govern and monitor its use. This poses a challenge, as the gap between the utilization of AI and the capabilities of IT and cybersecurity to manage it can result in vulnerabilities and risks. Data poisoning is a specific concern, as it can have adverse effects on critical business processes by deliberately targeting and manipulating datasets used in AI models.

The governance and risk management frameworks need to be updated to effectively handle the complexities of AI in business settings. Organizations must address the unique challenges posed by AI in terms of privacy, accountability, and ethics. Furthermore, the integrity of the data used to train AI models is crucial. AI models are only as good as the data they are trained on, and any biases or errors in the data can produce flawed and unreliable results.

Establishing trust in AI models is also vital. Many individuals have concerns about the use of AI and are hesitant to trust companies that heavily rely on this technology. The ability to explain AI decisions, protect data privacy, and mitigate bias are essential to building this trust.

Furthermore, there are concerns about surrendering control to AI technology due to its immense knowledge and fast assimilation of new information. People worry about the potential misuse of AI in areas such as warfare and crime. Policy measures, such as President Biden’s executive order, have been introduced to address these risks and manage the responsible use of AI.

The field of AI and cybersecurity faces a significant talent gap. The demand for skilled professionals in these areas far exceeds the available supply. This talent gap presents a challenge in effectively addressing the complex cybersecurity threats posed by AI.

To tackle these challenges, organizations should create clear strategies and collaborate globally. Learning from global forums and collaborations can help shape effective strategies to address the risks and enhance cybersecurity practices. Organizations must take proactive steps and not wait for perfect conditions or complete knowledge to act. Waiting can result in missed opportunities to protect against the risks associated with AI.

Integration of AI is necessary to combat the increasing volume of phishing attacks. Phishing attacks have seen a substantial increase, and AI can play a crucial role in detecting and preventing these attacks. However, operating models must be transformed to ensure effective integration of AI, ending with human involvement for a thorough and closed-loop activity.

AI and generative AI have the potential to frustrate criminals and increase the cost of their activities. By utilizing AI technology, criminal activities can become more challenging and costly to execute. For example, applying AI and generative AI can disrupt the metrics and cost-effectiveness of certain criminal operations, such as call centre scams.

In conclusion, while AI development has brought significant advancements and accessibility to IT, there are numerous challenges and risks associated with its use. These challenges include the authenticity of cyber threats, governance and monitoring issues, data integrity, trust-building, talent gaps, control concerns, and the potential misuse of AI. Organizations must address these challenges, develop effective strategies, collaborate globally, and integrate AI into their operations to ensure cybersecurity and responsible use of AI technology.

Dr. Yazeed Alabdulkarim

The analysis highlights the escalating threat of cyber attacks and the challenges faced by cybersecurity defenses. This is supported by the fact that 94% of companies have experienced a cyber attack, and experts predict an exponential growth in the rate of cyber attacks by 2023. Cybercrimes are adopting Software-as-a-Service (SaaS) models and leveraging automation technology to scale their attacks. The availability of Malware as a Service in the cybercrime economy further strengthens their ability to carry out attacks at a larger volume and faster pace.

Generative AI is identified as a potential contributor to the intensification of the cyber attack situation. It is suggested that Generative AI could be used to create self-adaptive malwares and assemble knowledge useful for physical attacks. This raises concerns about the future impact of Generative AI on cybersecurity.

There are differing stances on the regulation of Generative AI. Some argue for limitations on its use, citing the belief that the rise of cyber attacks is due to the use of Generative AI. On the other hand, there are proponents of utilizing Generative AI for defense and combating its nefarious uses. They believe that considering threat actors and designing based on the attack surface can help leverage Generative AI for defensive purposes.

Disinformation is identified as a significant issue associated with Generative AI. The ability of Generative AI to generate realistic fake content raises concerns about the spread of disinformation and its potential consequences.

On a positive note, Generative AI can be used to analyze and respond to security alerts. It is suggested that employing Generative AI in this way can help speed up defensive measures to match the increasing speed of cyber attacks. Furthermore, it is argued that limiting the use of AI technology in cybersecurity would be counterproductive. Instead, AI can play a crucial role in fully analyzing security alerts and addressing the two-speed race in cybersecurity.

The analysis also highlights the incorporation of AI elements in emerging technologies. It is predicted that upcoming technologies will incorporate AI components, indicating the widespread influence of AI. However, there are concerns that fundamental threats associated with AI will also be present in these emerging technologies.

Understanding how AI models operate is emphasized as an important aspect in the field. The ability to explain AI models is crucial for addressing concerns and building trust in AI technology.

Watermarking on AI output is proposed as a potential solution to distinguish real content from fake. It is suggested that both AI companies and authorities should establish watermarking systems to ensure the reliability and authenticity of AI-generated content.

In conclusion, the analysis reveals the growing threat of cyber attacks and the need for stronger cybersecurity defenses. The impact of Generative AI on this situation is a subject of concern, with its potential to intensify attacks and contribute to the spread of disinformation. The regulation and use of Generative AI are topics of debate, with arguments made for limitations as well as for leveraging it in defense and combating nefarious activities. The incorporation of AI elements in emerging technologies raises both opportunities and concerns, while the understanding of AI models and the need for explainable AI should not be overlooked. Finally, watermarking on AI output has the potential to differentiate real content from fake and enhance reliability.

Dr. Victoria Baines

Data poisoning and technology evolution have emerged as significant concerns in the field of cybersecurity. Data poisoning refers to the deliberate manipulation of training data to generate outputs that deviate from the intended results. This form of attack can be insidious, as it slowly corrupts the learning process of machine learning models. Furthermore, influence operations have been conducted to spread discord and misinformation.

The rapid evolution of technology, particularly in artificial intelligence (AI), has created new opportunities for cybercriminals to exploit. AI has led to the replacement of humans with non-human agents in various domains, causing disruptions and potential threats. People have found ways to make bots go bad, and large language models have been repurposed for writing malware. This highlights the need for vigilance in harnessing technological advancements, as they can be exploited for malicious purposes.

The emergence of AI has also resulted in an evolution of cyber threats. Malware implementation has seen new methods and techniques, such as gaming AI models. The ecosystem of cybercriminals may undergo changes due to AI advancements, necessitating proactive measures to counter these evolving threats.

However, not all is bleak in the world of cybersecurity. AI and automation can play a vital role in alleviating the scale and stress issues faced by human operators. The current volume of alerts and red flags in cybersecurity is overwhelming for human teams. A 2019 survey revealed that 70% of cybersecurity executives experience moderate to high stress levels. AI can assist in scaling responses and relieving human operators from burnout, enabling them to focus on tasks they are proficient in, such as threat hunting.

It is worth noting that public perception of AI is often shaped by dystopian depictions in popular culture. The portrayal of AI in science fiction and dystopian narratives tends to create a negative perception. Interestingly, people are more inclined to show positivity towards “chatbots” rather than “Artificial Intelligence”. This demonstrates the influence of popular culture in shaping public opinion and highlights the need for accurate and balanced representation of AI in media.

In conclusion, data poisoning and technology evolution present significant challenges in the field of cybersecurity. The deliberate manipulation of training data and the exploitation of rapid technological advancements pose threats to the integrity and security of systems. However, AI and automation offer promising solutions to address scalability and stress-related issues, allowing human operators to focus on their core competencies. Moreover, it is important to educate the public about AI beyond dystopian depictions to foster a more balanced understanding of its potential and limitations.

Alexandra Topalian

A panel discussion was recently held to examine the cyber threats and opportunities presented by generative AI in the context of cybersecurity. The panel consisted of Richard Watson, a Global Cyber Security Leader at EY, Professor Victoria Baines, an Independent Cyber Security Researcher, Kevin Brown, the Chief Operating Officer at NCC Group, PLC, and Dr. Yazid Al Abdelkarim, the Chief Scientist of Emerging Technologies at CITE. Throughout the discussion, the participants highlighted the potential risks associated with the use of artificial intelligence (AI), specifically generative AI, in the cyber world.

One of the key points discussed during the panel was the emergence of new cyber threats arising from AI. Richard Watson, an EY consultant, stressed the importance of identifying these risks and provided examples of how generative AI can be employed to produce various types of content such as visuals, text, and audio. The panelists also acknowledged the potential danger of data poisoning in relation to generative AI.

Professor Baines echoed Watson’s concerns about data poisoning, emphasising its significance in her research. She also delved into the evolving nature of cyber crimes as new technologies, like generative AI, continue to advance. The panelists then proceeded to explore how cyber criminals can exploit generative AI to develop more sophisticated and elusive cyber threats. They highlighted the potential convergence of generative AI with social engineering tactics, such as phishing, and how this combination could amplify the effectiveness of manipulative attacks.

Dr. Yazid Al Abdelkarim shed light on the scale of cybersecurity attacks and the impact of generative AI. He stressed the need for regulation and shared insights on how SAIT advises organizations on staying ahead of cyber threats. The panelists discussed the challenges, including a talent gap, associated with implementing effective strategies for early detection and management of cyber threats. Kevin Brown shared real-life incidents to illustrate how organizations tackle these challenges.

The threat of deepfakes, where AI-generated content is used to manipulate or fabricate media, was another topic explored during the panel. The participants discussed strategies for addressing this type of threat, with a focus on early detection. They also touched on the ethical boundaries of retaliating against cyber attackers based on psychological profiling, highlighting the importance of complying with the law.

Regarding opportunities, the panelists agreed that generative AI offers benefits in the field of data protection and cybersecurity. Professor Baines emphasized the potential positive aspects of generative AI, highlighting opportunities for enhanced cybersecurity and protection of sensitive information.

In conclusion, the panelists acknowledged the lasting impact of generative AI on the landscape of emerging technologies and its growing influence on cybersecurity. They recognized the advantages and challenges brought about by generative AI in the field. The discussion underscored the need for effective regulations, risk management approaches, and cybersecurity strategies to address the evolving cyber threats posed by generative AI.

Kevin Brown

Generative AI, a powerful technology with various applications, is now being used for criminal activities, leading to concerns about its negative impacts on cybersecurity and criminal behavior. One key concern is that generative AI is lowering the barrier for criminals to exploit it. This means that criminals can easily leverage generative AI for illicit activities, making it more challenging for law enforcement agencies and organizations to prevent and mitigate cybercrime.

Another major concern is that criminals have an advantage over organizations when it comes to adopting new AI technologies. Criminals can quickly launch and utilize new AI technologies without having to consider the regulatory and legal aspects that organizations are bound by. This first-mover advantage allows criminals to stay one step ahead and exploit AI technologies for their nefarious activities.

The emergence of technologies like deepfakes has also brought in a new wave of potential cyber threats. Deepfakes, which are manipulated or fabricated videos or images, have become more accessible and can be utilized in harmful ways. This poses a significant risk to individuals and organizations, as deepfakes can be used for social engineering attacks and to manipulate public opinion or spread misinformation.

Moreover, the use of large language models in artificial intelligence has raised concerns about data poisoning. Large language models can be manipulated and poisoned, leading to a range of malicious motivations. This poses a threat to the integrity and reliability of AI systems, as attackers can exploit vulnerabilities in the data used to train these models.

Additionally, generative AI has the potential to amplify the effectiveness of phishing and manipulative attacks. By using generative AI, criminals can increase the volume and quality of phishing attempts. This allows them to create phishing messages that are highly professional, relevant, and tailored to the targeted individual or business. As a result, generative AI professionalizes phishing, making it more difficult for individuals and organizations to detect and protect themselves against such attacks.

In conclusion, the increased use of generative AI for criminal activities has raised significant concerns about cybersecurity and criminal behavior. The technology has lowered the barrier for criminals to exploit it, giving them an advantage over organizations in adopting new AI technologies. Furthermore, the accessibility of technologies like deepfakes and the potential for data poisoning in large language models have added to the complexity of the cybersecurity landscape. Additionally, generative AI has the potential to amplify the effectiveness of phishing and manipulative attacks, making it harder to detect and defend against such cyber threats. It is crucial for policymakers, law enforcement agencies, and organizations to address these concerns and develop strategies to mitigate the negative impacts of generative AI on cybersecurity.

Alexandra Topalian:
Cyber Threats of Generative AI Richard Watson, Global Cyber Security Leader, EY Yazid Al Abdelkarim, Chief Scientist, Emerging Technologies, CITE Professor Victoria Baines, Independent Cyber Security Researcher Kevin Brown, Chief Operating Officer, NCC Group, PLC Alexandra Topalian, Moderator, International Moderator Good afternoon everyone and welcome to this panel discussion. It is a very hot topic. It is Unmasking Cyber Threats of Generative AI. As we launch into a new era of technology, producing different types of content, generative AI is visual, it is text, it is audio. And so we are here today to discuss the threats, but also the opportunities of generative AI on cyber security. So Richard, let’s start with you since you are the closest to me. As you assist your EY clients in identifying the cyber risks that they face, what are some of the new cyber threats that are created by artificial intelligence?

Richard Watson:
Thanks Alex. AI is moving so quickly. It’s rapid development and it’s kind of democratized IT to some extent. And so a lot has been made around the threats that are things around the velocity of AI, and particularly when the technology gets into the hands of adversaries, how authentic malware can become and deep fakes and so on. But one of the risks we’ve really been focused on at EY is just how quickly it moves from an organizational perspective. We’ve long known about this phenomenon of shadow IT. Well, AI almost puts shadow IT on steroids. And so what we’re actually seeing is the business is using AI every day, but the organization is struggling to keep up with how to monitor that. You’re getting a gap between business use of AI and how IT and cyber security can manage and monitor that. And as a result, you get all sorts of threats around things like data poisoning, around the hijacking of AI, and obviously the privacy risks and so on that create. But really the challenge for organizations is how do you update your governance and your risk management to deal with the business’s use of AI and some of the risks that creates for the organization.

Alexandra Topalian:
And what are some of these risks, if you can give like some more detailed examples?

Richard Watson:
Yeah, well, I mean, so data poisoning being the first one. Obviously, AI models are only as good as the data used to train them. And increasingly as business processes around things like next best action in a call center or how to respond in the case of cyber security defense to certain threats. If prompts are deliberately targeted to kind of poison the data, it can create adverse business reactions. So, you know, cyber security is about confidentiality, integrity, availability of data. You know, really this issue is around managing the integrity of data and then the consequential actions on business processes, which increasingly we’re going to become reliant on as organizations automate their business processes with AI.

Alexandra Topalian:
Professor Baines, I saw you nodding. Do you also feel in your research, have you noticed that data is being poisoned?

Dr. Victoria Baines:
It’s certainly something that we are alerted to. I mean, data poisoning can be quite a slow burn attack in the sense of if you’re seeding skewed data, it might take a bit of time to come out in adverse outcomes. But if we think about influence operations over the last few years, some of those have been targeted, say by nation states or state sponsored groups, not necessarily to get an immediate outcome to vote for a particular candidate or political party, but to sow discord in a community. So that general sense of there being an adverse outcome for a particular group in society that has almost an indirect effect, just kind of disruption as much as anything. I mean, for me, artificial intelligence and the threats attached to generative AI, it’s also about just thinking in terms of what happens when we replace humans with non-human agents in a business. And there are a number of constants, I would say, when I do my futures work, and it’s based on a certain amount of time in law enforcement surrounded by badness. That is that over thousands of years, we know that there will always be people who want to harm other people and other people’s assets. And we know that technology is evolving at such an incredibly rapid rate. So those people will make use of the technology available to them. So yes, we’ve seen people trying to make bots go bad. And we’ve seen large language models like ChatGPT implementing safeguards so that you can’t write malware with ChatGPT, for instance. But interestingly, what we’ve seen spring out of that is people gaming that, repurposing large language models, selling them on the dark web, on kind of dark forums, precisely so that you can write malware. So I think it’s worth kind of broadening out and thinking, rather than it just being how this will affect my business right now, how it will change the cyber criminal ecosystem as well.

Alexandra Topalian:
And as new technologies emerge, do you find that the nature of the crimes is changing in your research?

Dr. Victoria Baines:
Yeah, I mean, this is what makes my job so exciting. It changes daily, hourly, particularly with advances in large language models. I think they have outstripped our expectations, haven’t they? Generally speaking, it’s always my default to say, well, most of the time it’s just old wine in new bottles. It’s just a different kind of attack vector for the cyber crime that we’ve already seen. But I do think data poisoning there is the exception. It’s a new kind of threat to skew that training data so that it produces something other than we’re intending in our use. That’s a new one for me.

Alexandra Topalian:
Right. Thank you. Mr. Brown, what are some of the ways in which generative AI can be exploited by cyber criminals to develop more sophisticated and evasive cyber threats? First of all, good afternoon, everybody. I think some of the bits have been pulled out already.

Kevin Brown:
What generative AI has introduced is a far low barrier of entry into criminal activity. Before, perhaps, you had to have the technical background, the tooling, and the motivation. And now we’re seeing generative AI being used for a far wider range. So whilst we talk about sophistication, I think it’s the ease of access that I’m certainly starting to see more about. I think we also talk about what’s emerging, what is hidden. It’s something that is directly in front of all of us, and that’s a first-mover advantage. Now, in a commercial world, if you’re looking to launch a new product, you’re always trying to get the edge of your competitor. And that’s no different where criminals, they don’t have the risk profile that organizations have. They don’t have to be looking at the explainability of the artificial intelligence. They don’t have to be looking at the legalities, the regulatory. It’s a case of we’ve developed something, let’s launch it. So unfortunately, from sitting on the good side of the fence, we’re always going to be slightly behind the curve from that perspective. Some of the other areas just to highlight, and perhaps we can go back to this. Obviously, social engineering is one that comes to the forefront, as well as the professionalization of deepfakes. We’ve talked about deepfakes for many years, but again, it’s now become far more accessible. And then clearly, we’re into the LLMs, the large language models, and how that can be manipulated, poisoned. And we’ve got used to and accustomed to being a financial motivation. In fact, what we’re seeing through data poisoning is there’s a far wider range of motivations. Some of them may be short-term, but given the amount of elections and political change that’s going on around the world, there’s certainly going to be some slow-burn ones that are already happening.

Alexandra Topalian:
And the potential convergence of generative AI with social engineering tactics, how is this fusion, how could it amplify the effectiveness of phishing and other manipulative attacks?

Kevin Brown:
First of all, I think it’s a massive impact. Certainly through our threat intelligence team at NCC Group, we’ve seen over 1,000% increase already. And I have to say it with a bit of a smile on my face, because all of the phishing training, the phishing awareness programs that we’ve rolled out to all of our colleagues is we’re teaching them to spot the obvious. And with previous phishing attempts, you would look for spelling mistakes, you’d look for grammatic errors. Well, actually, what generative AI has done is just professionalize that. So not only have you now got this increased throughput and volume, all of the training that we’ve educated our colleagues on is almost, you’re putting that to one side because you’re now confronted by emails which have got a lot more relevance, a lot more professionalism. And with generative AI as well, it’s enabling a lot more targeting of spear phishing so that you can really start to add context to the phishing emails. You can talk about the industry. You can really give relevance to the business without too much work. So I think it’s a real game changer for certainly what we’ve seen.

Alexandra Topalian:
Thank you, Mr. Brown. Dr. Yazid, welcome. What is the impact of generative AI related to the scale of cybersecurity attacks?

Dr. Yazeed Alabdulkarim:
So, assalamu alaikum. Good afternoon, everybody. So to understand the scale of generative AI, first we have to consider the current state. So if we look at the current state in 2023, basically adversaries are accelerating and defenders are not able to keep up. It’s basically a two-speed race. So to add to that, basically a research study shows that 94% of companies have experienced a cyber attack in one way or the other. So what’s happening is that just as technology transferring to SaaS, for example, software as a service offering, the cyber crime world is doing the same. So SaaS is becoming in the cyber crime economy as well. And for example, we could see a malware as a service offered in the cyber crime. And to add to this, the automation of the technology is making the threat actors able to accelerate the speed and the volume of attacks and the back as well. With generative AI, it’s expected that the situation will be more difficult because now the attackers will be able to have more means to automate and to generate more intelligent attacks. For example, you could have an adversary creating a self-adaptive malware. And that malware will be able to circumvent and to be undetected by the detection systems. As well as another threat of the generative AI is the assembly of knowledge. So basically with generative AI, you could assemble knowledge that can be utilized for physical attacks. Instead of usually when we have physical attacks, it’s limited to state violent actors. But now even non-state violent actors will be able to acquire that knowledge to launch a similar attack. And if we consider these risks as well, the surveys show that about 85% of security officers believe that the rise of cyber security attacks that we have seen in 2023 is because of the use of generative AI.

Alexandra Topalian:
Thank you, doctor. And as an advisor for SAIT, what can we do in regards to the regulations that are being implemented?

Dr. Yazeed Alabdulkarim:
Yeah, regulations are basically a controversial topic because many believe that it’s challenging to enforce the constraints. And it’s basically wishful thinking. But if we see the initiatives, there is the initiatives by the UN nation. It’s forming a high-level advisory body for AI. Similarly, we have seen the recent U.S. executive order about the safe and secure and trustworthy use and development of AI. But when you consider regulations, there are basically two approaches. One approach is to have regulations to limit the use of generative AI to prevent it to get in the hands of bad actors. However, this approach will end up basically hurting the openness of the technology as well as preventing it for the good users. So I believe the best way to combat generative AI threats is basically by using it for defense and to basically outperform adversaries. So if you do that, you’ll be aligning with the second objective of regulations. Instead of limiting the technology, we should utilize it and use it for defense. For example, and we should design it based on the attack surface. For example, if we consider one of the main issues of generative AI is disinformation. So we should realize that threat actor and then try to come up with defense mechanisms to basically mitigate the risks related to that as well.

Alexandra Topalian:
And how would you go about outperforming?

Dr. Yazeed Alabdulkarim:
Basically, one example, if we see one of the main challenges related to cybersecurity is responding to alerts. A recent research study shows that only 48% of security alerts are investigated. So one way is to use generative AI to basically fully analyze these security alerts and to basically also not only analyzing and potentially responding to them. And that way you will be able to address the two-speed race that I mentioned. So as the adversary are speeding up, we should do the same. We should utilize that technology and not limit it. And then there are many use cases that can be addressed, as I mentioned, with the security alerts.

Alexandra Topalian:
Okay. Thank you, doctor. Well, generative AI is here to stay, correct? Richard, how would you best advise your… Your customers and how they should deal with their risk management approach. Yeah, I think

Richard Watson:
Dr. Yazeed used a key word there, which is trust and I think Establishing trust in AI models is going to be key I think the World Economic Forum has done some of the most recent studies in this space and they found that four out of ten Adults admitted that AI powered products Worry them and that 50% of come 50% of adults, you know Wouldn’t trust companies who use AI as much as they trust companies that don’t and so it’s really incumbent on Organizations to repeat that they would trust companies 50% of adults Would not trust companies who use AI as much as they trust companies who don’t don’t use AI In other words, there’s a huge amount of suspicion There’s a lot of trust AI so I mean one of the things we’ve done at UI to help combat this is The notion of a confidence index So we’ve got our data scientists and our cyber security professionals together to create essentially a framework and an algorithm For you know, how do you determine if a piece of AI is trustworthy or not? So it looks at things like explain ability data privacy Bias and so on so about seven or eight different variables to essentially give a trust score to a process that is using AI and In and if you look at some of the proposed regulation like the European Union AI Act, you know That seems to be the way that regulation is going to go as well It’s gonna be a risk based approach based on some profiling of AI That determines how much testing you need to do and how much disclosure you need to do so I think Providing some metric that Helps create this trust. I think will be really key for organizations and then secondly will need to update their Risk management processes because it’s a case of the business who’s using AI for business purposes Organizational Responsibility, you know audits and so on and then the operational functions that are actually using The AI and maintaining the models coming together to manage this. It’s a bit like the Issue we had where privacy data governance and cyber security, you know had to come together to to manage data You know, we’ve got that again, but with slightly different Stakeholders and axes to worry about

Alexandra Topalian:
and then with this issue of trust. There is also a very negative connotation .That’s come with artificial intelligence Why do you think that is?

Richard Watson:
Yeah, I mean, I think people are just staggered as as Victoria said around, you know, how quickly and how comprehensive You know this technology is it’s it’s become I mean AI is obviously been around for sort of 10-15 years But the generative AI aspect which sort of burst onto the stage in November when Microsoft Acquired open AI, I think it’s shocked people into just how Lucid this technology is and just how much it knows and how quickly it can assimilate new information and people just aren’t ready to surrender that level of control To technology and are worried about it And again, if you look at you know, President Biden’s executive order that came out on Monday You know pretty much the second bullet is about managing the risk of AI use for biological Warfare weapons creation, you know, so all of these big nasty problems are sort of Immediately associated with AI and I think that worries people

Alexandra Topalian:
or having a plane flown without a pilot. But professor Baines suggests that there can be Opportunities right when it comes to cybersecurity and data protection. Tell us a little bit about how you perceive that

Dr. Victoria Baines:
You know your both of your points about the rhetoric of this when you use that term AI Artificial intelligence we immediately think of popular culture. We immediately think of science fiction I’m you can count on one hand the positive blue sky Representations of AI and science fiction. It’s all very dystopian, isn’t it? And we’re kind of inculcated with that sense that it’s all gonna go horribly wrong But if you were to say to people, how do you feel about chatbots? They’d probably be a lot more positive and they’re interacting with them as if they’re dealing with a customer service agent Even though they know that might not be a person on the end of the chat message in terms of opportunities Actually, I’d quite like to pick up on you know What you were talking about in terms of the scale of the problem and about all of those alerts that go Unmanaged because I do a certain amount of research on Burnouts in cyber security and as we all know there aren’t enough people working in incident response There aren’t enough people working in security operations and in 2019 Nominate ran a survey of UK and u.s. C suites cyber security executives and 70% of them said they were suffering from moderate to high stress And I think you know We all recognize that you were talking about the the alerts that go unnoticed or the alerts that don’t get worked Where we are at the moment is with the scale of the red flags that we already have are Too much for incident response teams for security operations centers If what we’re saying is that the scale is going to increase exponentially We absolutely need an automated response a certain amount of automated defense and incident response Not just because it makes sense for the increasing scale But because that’s how we make best use of the humans that we have on our teams. It’s how we keep them from Quitting their jobs and going to work into something else It’s how we preserve their mental health and well-being and dare I say it as someone who has worked these cues in the past It’s how you you know, you give humans tasks that they are good at the threat hunting that sense of what doesn’t feel or smell quite right which so far Machine learning and AI is not particularly good at

Alexandra Topalian:
Hmm interesting, we definitely do have a talent gap there Kevin how would you best advise your organizations on the strategies that they could adopt to detect early detection and Management of cyber threats.

Richard Watson:
There’s a couple of things just to just to pick up on what Richard and Vicki have said as well The first thing is may seem the obvious but to do something I’ve met a number of clients that are almost in this state of paralysis where AI has been around for years Generative AI comes along and they don’t actually know what to do and I think if we look across the globe and I think this is why GCF as a forum is is is perfect for being able to have these open discussions because it just reinforces that people are not alone So my first bit of advice is actually to have a clear strategy. It can be a really basic strategy But it gives you a purpose as to how you’re going to approach the topic. It doesn’t have to be about sophistication coming back to His Excellency the Minister of Education yesterday who I thought was particularly refreshing I really like the point where he was talking about if we’re waiting for the All of the the boxes to be ticked on the clipboard. We’ve missed it We’ve got to go with a risk based approach and that’s where I think with Organizations and certainly how I advise them is to have a strategy based upon what you know but I think the one that is is most pressing as Vicki just mentioned is the skills gap AI the advances of AI has been amazing in the last few years Has it closed the gap two sessions ago on the stage? We were talking about a gap of five million that says to me. We’re not using it So it’s really about understanding the strategy Leveraging colleagues from across the globe forums such as this to help you form your strategy, but most importantly do something and

Alexandra Topalian:
How how do your clients deal with that skills gap? Are they give us some real-life examples?

Richard Watson:
It’s I take a great example fishing. Yes, so I’ve mentioned an increase of a thousand percent Comes back to perhaps what Richard mentioned as well as trust you speak to clients who are trying to run a sock The volume of phishing attacks has gone through the roof. They’ve got AI but but their operating model is still the same The the methodology that has been approached is to take the AI But ultimately it still raises a ticket and ends with a human. So as opposed to saying well What is the closed-loop activity? Where is it? Actually, I’m quite happy to take a little bit of risk fishing emails is one that should just be a closed-loop activity There doesn’t need to be a necessarily human in there. So I work with a lot of clients to transform operating models Because it’s around people process and technology and that has to be the starting point

Alexandra Topalian:
And I just want to pick up on a point you mentioned about the deep fakes What strategies do you recommend for those sort of threats?

Richard Watson:
Again, it naturally depends what industry what sector you’re in it comes back to then the basics of social engineering and recognizing that You’ve got to have additional controls in place It comes back to what I guess from a security industry perspective has been spoken around for years is to defense in depth So if you’ve got someone on to one of your call center agents, it can’t just be that’s the only line of defense in terms Of verification is it is it really mr. Brown on the other end of the phone? You’re gonna have to have other verification methods as well But but what I will say and and and and yes it as well had a great point is we we have to put AI And generative AI to match it because it’s gonna frustrate the criminals and the moment you start to frustrate the moment you slow down Actually, we’re now raising the barrier of entry We’re raising the risk profile and actually the cost for criminals to commit the crime Is now going through the roof and that’s the position that we need to get to so do you mean retaliation? No, not even retaliation it’s actually slowing down their process because criminals yes, they’re criminals, but they’ve still got investment cases They’ve got business cases. You look at some of the call center scams They’ve got metrics around how many calls they’ve got a they’ve got to make how many people do they aim to hook a day? And the moment you start to put AI and generative AI on the other end of that call You’ve just blown their metrics and their business case and all of a sudden the cost of being able to be involved in this criminal Activity that’s just Multiplied by X times.

Alexandra Topalian:
Okay, because we did have a cyber psychologist here yesterday. That was discussing the concept of fighting back and You know retaliating based on the profiling that you do Of the cyber attacker and that’s well, that’s something that you know there’s a fine line with breaking the rules and Breaking the law. All right Dr. Yazi’s my last question to you as we’re running out of time What would be the impact of generate AI on the spectrum of emerging technologies?

Dr. Yazeed Alabdulkarim:
basically as you see all the Upcoming emerging technologies will have the IEI components on them So, what does that mean that all the fundamentals threats that are coming from AI will be present in these Emerging technologies so we have we have we need to have the urge to address them at least or at least evaluate the as I mentioned the attack surface of the Generative AI and try to address the fundamentally so that when the emerging ticks coming up when it’s Related to generate AI we at least have we don’t have a we are not starting from zero we have at least an edge there and for example, one of the initiatives that is coming up is that explain explainable AI and that’s very crucial because we need to one of ways of Addressing the concerns is exactly knowing how it or how the basically the model operates to explain the outcomes that are coming Unfortunately, we’re not there yet. So basically that’s why you are when you have a model you have these Hallucinations coming up because it’s a it’s kind it’s a basically a black box. So we that explainable AI should help to to hopefully address the These concerns as well and just to add one point of regarding the deep fix as as my colleague has mentioned We have seen that recently most of the AI dirty AI companies have voluntarily Proposed to put watermarking on their basically output So you’ll be able to know whether it’s coming from the model or not. I don’t believe this will be sufficient What’s I believe what’s more important as I and it’s back to the defense point that I mentioned that authorities should have their own watermarking and that will give the Ability to know exactly that is coming from a reliable source. Otherwise, it’s basically a misinformation or something that is basically deep fake

Alexandra Topalian:
Right. Well, thank you very much panelists for being with us today. It’s definitely something that’s not going to be going away anytime soon But I do see a lot of benefits to generative AI as well as the downfalls Ladies and gentlemen, please put your hands together For this emerging shadows panel and generative AI. Thank you

Moderator – Jane Witherspoon

During a discussion on the barriers inhibiting women from pursuing careers in cybersecurity, Jane Witherspoon highlighted the importance of addressing these obstacles. Jane firmly believes in achieving equal gender representation in the field, as this is crucial for promoting diversity and ensuring that all perspectives are included in the development of cybersecurity strategies. Seeking insights on how to encourage more women to enter the industry, Jane turned to Tania, who shared her own experiences and insights.

Tania, while recounting her journey in overcoming barriers, shed light on a few key factors. She emphasized the need for role models in the cybersecurity field who can inspire and guide aspiring female professionals. Such role models play a crucial role in empowering and encouraging women to pursue careers in this male-dominated industry. Additionally, Tania highlighted the presence of misconceptions surrounding cybersecurity roles, which hinder women from considering it as a viable career option. Addressing these misconceptions through education and awareness can help break down barriers and attract more women to the cybersecurity field.

The discussion between Jane Witherspoon and Tania showed a positive sentiment towards the goal of achieving equal gender representation in cybersecurity. By openly discussing the barriers and seeking solutions, they demonstrated an active commitment to creating a supportive and inclusive environment for women in the field. The insights and experiences shared by Tania revealed valuable lessons that can be used to develop strategies to encourage more women to pursue careers in cybersecurity.

Overall, the conversation between Jane Witherspoon and Tania highlights the importance of addressing the existing barriers inhibiting women from entering the cybersecurity field. By promoting equal gender representation and providing role models, as well as dispelling misconceptions, we can encourage more women to pursue careers in this critical industry. Taking these steps will not only bridge the gender gap but also help create a more diverse and inclusive cybersecurity workforce for the future.

H.E. Dr. Margarete Schramböck

The analysis of the provided information reveals several important points that highlight the importance of gender diversity and inclusion in the field of cybersecurity. Firstly, it is crucial to promote and include women in cybersecurity, as demonstrated by the success stories from Aramco Digital’s security operations team, where approximately 50% of the team consists of women. Additionally, in Saudi Arabia, 58% of engineers are women, indicating a positive trend towards gender equality in this field.

The presence of authentic company cultures and the availability of female role models are identified as key factors in attracting more women to cybersecurity. The success of Vision 2030 in Saudi Arabia is cited as an example of how companies and organizations can demonstrate authenticity and effectively encourage women’s participation in this field.

There is a recognized lack of female role models, particularly in middle management positions, which further limits the progression of women in cybersecurity. This observation is supported by the personal experience of a female CEO who highlights the existing gap in this area.

Demographics play a significant role in shaping the opportunities for digital transformation and cybersecurity. Saudi Arabia, with its young population, presents an exciting potential for change in these areas. The presence of many young people eager to be part of the transformation, particularly in the digital sphere, highlights the importance of tapping into this demographic advantage.

Furthermore, there is a notable disparity between investment in technology and the digital sector in Saudi Arabia compared to Europe. The analysis underscores that Saudi Arabia has more prominent investments in tech initiatives, such as ‘Sabrani,’ than Europe, reflecting a greater emphasis on the digital sector in the kingdom.

The evolution of digital jobs and the shift towards white-collar work has significantly contributed to including more women in the workforce, particularly in countries like Saudi Arabia where many women are engaged in engineering roles. This evolution is viewed as an opportunity to leverage the unique skillset that women bring to tech teams and digital jobs, further promoting gender diversity and equality.

The analysis also highlights the economic slowdown and challenging age structure that Europe currently faces, compared to Saudi Arabia’s growth rate of 8% on average. This divergence emphasizes the different economic and demographic circumstances between the two regions, reaffirming the need for caution in Europe’s role in the global technological landscape while acknowledging Saudi Arabia’s potential to play an important role in the future.

The COVID-19 pandemic has brought about a shift in work models, making it easier to balance family life with job responsibilities. This newfound flexibility and adaptability in remote working arrangements have highlighted different ways of working, providing evidence that alternative working models are feasible.

The integration of women into companies should start right from the hiring process, addressing women more directly and removing barriers to their inclusion. This observation is drawn from the experience of a former CEO who recognizes the importance of taking proactive steps to ensure gender equality throughout the acquisition and hiring phases.

Support from various communities is crucial in fostering growth and success in all areas, including cybersecurity. The example of Dr. Margarete Schramböck, who started her career by selling telephone systems and reached out to mentors within the tech community, underscores the significance of community support and mentorship.

Advocacy for mixed teams and collaboration is also deemed essential in promoting gender equality and reducing inequalities. The belief in doing things together rather than separately, demonstrated by an individual’s personal experience of being often the only woman in the room early in her career, showcases the importance of fostering diverse and collaborative teams.

Early engagement of young women in subjects of their interest, such as through apprenticeships in fields like e-commerce, has proven to be a successful strategy for attracting them to the tech field. The introduction of e-commerce apprenticeships in Austria resulted in 60% of participants being women, showcasing the effectiveness of this approach in bridging the gender gap in tech.

In conclusion, the analysis reveals the significance of gender diversity and inclusion in cybersecurity. It highlights the importance of promoting and including women in this field, authentic company cultures, the presence of female role models, demographics, and investment in technology. The evolution of digital jobs, the economic challenges faced by Europe, the impact of COVID-19 on work models, and the need for integration of women into companies from the hiring phase are all noteworthy aspects. The analysis also emphasizes the importance of community support, advocacy for mixed teams and collaboration, and early engagement of young women in subjects of their interest. Overall, a comprehensive approach involving various strategies is vital for achieving gender equality and fostering growth in the field of cybersecurity.

Dr. Cécile Aptel

The lack of representation of women in the cybersecurity sector is an urgent issue that needs to be addressed. Currently, only about a third of diplomats in cybersecurity are women, highlighting a significant gender disparity. The underrepresentation of women in this field has implications for individual, business, and state cybersecurity.

One contributing factor to this gender disparity is the societal discouragement of girls pursuing STEM and technology studies. This bias limits opportunities for girls in education and future careers in security-related sectors. As a result, women remain underrepresented in defense, military, and intelligence, which are closely linked to cybersecurity.

To attract and retain women in cybersecurity, flexible working arrangements are crucial. Providing flexibility in work schedules and arrangements allows women to balance personal and professional responsibilities effectively. Creating inclusive and supportive company cultures that value and consider women’s opinions is also important. Men play an important role in achieving gender equality by mentoring and supporting women in their professional growth.

Further measures are needed to increase the representation of women in expert groups related to international security and ICT. Diverse representation in these groups is essential for comprehensive and inclusive decision-making processes.

Equipping women with technical, managerial, and leadership skills is important for their advancement in the cybersecurity sector. Networking and mentorship opportunities are significant for women’s career growth. Education plays a vital role in addressing gender inequality, and partnerships between industry and education facilities are key to providing quality education that prepares students, especially girls, for cybersecurity careers. Programs that educate children about responsible digital behavior and cybersecurity are fundamental for their safety online.

Collaboration between men and women is crucial for the growth and success of the cybersecurity field. Mixed teams have proven to be more innovative, and fostering inclusivity and equal opportunities will enhance creativity and problem-solving in the sector. Men have a role to play in achieving gender parity by embracing the benefits of gender equality.

While progress has been made in Saudi Arabia towards gender equality, continued efforts are needed to ensure sustained progress and an inclusive society for women.

In conclusion, addressing the underrepresentation of women in the cybersecurity sector requires a comprehensive approach. Encouraging girls to pursue STEM education, providing flexible working arrangements, valuing women’s opinions, and fostering mentorship opportunities are crucial steps towards achieving gender equality. Partnerships between industry and education facilities, as well as educating children about responsible digital behavior, are essential for the future of the cybersecurity field. Creating an inclusive and supportive environment where men and women can collaborate will drive innovation and enhance the effectiveness and security of the cybersecurity sector.

Betania Allo

Women in cybersecurity face numerous challenges, including gender bias, lack of representation, and unequal opportunities. Betania Allo, a successful cybersecurity professional, emphasized the need for mentoring and early education programs to encourage girls to explore this field. Inclusive hiring practices and anti-bias training are necessary for organizations to address the deficit of women in cybersecurity roles. Forums and platforms for dialogue are essential in advocating for gender equality and representation. Betania Allo’s positive experience working in Saudi Arabia demonstrates the importance of openness and trust in talent from all over the world. Representation of women in leadership roles is crucial for decision-making, and collaborative efforts between men and women are needed to advocate for gender equality. Mentorship plays a vital role in women’s career progression in cybersecurity. Women-led forums offer ideal platforms for conversations about representation. Highlighting the intersection of technology with other areas of expertise can attract more women and girls to the technology field. The biggest challenge for women in cybersecurity is overcoming the fear to enter the field. Empowerment and support are key in encouraging women to pursue careers in cybersecurity. Overall, addressing these challenges will lead to a more diverse and inclusive cybersecurity industry.

Moderator – Jane Witherspoon:
Space Needs You, attracting women to cyber security careers. Her Excellency, Dr. Margit Schrambach, former Minister for Digital and Economic Affairs, Austria. Dr. Cecile Aptil, Deputy Director, United Nations Institute for Disarmament Research, UNIDIR. Jane Weatherspoon, Moderator, Beirut Chief Middle East, Euronews. Betania Allo, Cybersecurity Innovation and Partnerships Manager, NEOM. Hello ladies and gentlemen and your excellencies, what a pleasure to be here and thank you for that round of applause. I think we need a second one for the all-female panel. As our voice of God said, we’re going to be talking about the gender disparity within cybersecurity. Women are still critically underrepresented, holding only 25% of the cybersecurity jobs globally. So, my esteemed panel, we’re going to get straight down to business. I would like to address my first question to Dr. Margit. You know, what are the primary challenges that organizers encounter when trying to not just attract but retain women in cybersecurity?

H.E. Dr. Margarete Schramböck :
Yes, first let me say I’m really happy to be here today. Thank you for having me and I’m also happy to see such a big audience that is interested in this topic because this does not happen so often. So, I think this is something special about Saudi Arabia. Being here now for quite a few months, I’ve also learned that in Saudi, 58% of engineers are women, which is different to Europe and it’s different especially to German-speaking regions in Europe and this is something which Saudi can really be proud of and really happy to see that. Being on the board of Aramco Digital, I see it also in the daily work that 50% of our team members in the security operations center are female and this is a very, very good sign. Why do they do it so well here in Saudi? Well, there is a clear vision, Vision 2030, and it’s in the vision. You can read it, you talk about it, you discuss about it, but most importantly, you do it and this is something which is special here and which I also wanted to mention. Now, to your question, you have been asking about the challenges, so companies really to be successful in the field of cyber needs diverse teams, they need mixed teams. We know this from the past, we know that companies, teams are much more successful if they take this into consideration and why shouldn’t it be true for cyber? It is true for cyber as it is for all the other areas. Now, the companies and the organizations need to be authentic in this, so women feel very quickly if what the company talks or the organization talks is what the company do and if this is in line, you will, of course, attract even more women in this sector. Looking at the different stages, of course, we also need role model and this is also a challenge for companies and organizations, so that often they are lacking role models. I was many years a role model, I was 15 years CEO of European IT companies including a telecom company which is like SDC, it was called A1 for Central Eastern Europe, and, yes, it was often clear that we were missing middle management, so women in middle management that could be a role model. So it’s tough, it’s hard, we still have to work on it.

Moderator – Jane Witherspoon:
We’re going to come on to, a little later in our conversation, roles and those roles at the top, but at this point, I would like to bring in Dr Cecile because you have some thoughts in terms of expanding on the security aspect, don’t you?

Dr. Cécile Aptel:
Yes, thank you, Jane, and before I answer your question, if I may, thank our guests. So first, Saudi Arabia, I’m absolutely delighted to be here and to discuss this question here and of course the Global Cyber Security Forum for providing this opportunity. When we think of cyber security, there is obviously the cyber dimension and we know that some of the challenges come from girls in a number of contexts not always being keen to pursue studies in the STEM and in technological areas, that seems to be less the case in Saudi Arabia which is great, but in addition to cyber, there is the security element and if we look at security the way it is also construed, security is a sector in which women are far behind. I mean obviously when we look at defence, military, intelligence, and why do I say that? Because cyber security is multi-layered and when we think cyber security, it’s not only individual or business security, it’s also state cyber security and cyber attacks, cyber warfare. Within this context, there are negotiations ongoing, obviously notably at the United Nations, and we see that in those contexts there are very few women involved in these negotiations. In fact, only about a third of women diplomats, we see women diplomats across sectors and in the area of cyber security, these numbers are really lagging. So the combination of cyber challenges and security challenges is really probably also one of that convergence that we need to address.

Moderator – Jane Witherspoon:
But Tania, you’re sitting on the end. I want to just give a bit more context to your career because we see you’re Cyber Security Innovation and Partnerships Manager at NEOM, but your previous roles, you’re the former United Nations Senior Officer in Counterterrorism and Emerging Technologies, quite a title. I’d like you to elaborate, if you can, on how organizations can address the barriers that discourage women from entering fields, biases, lack of role models, which is something Dr. Margaret just touched on, misconceptions about cyber security roles. What has your experience been?

Betania Allo:
Thank you so much for the great question and thank you again. I second my colleague’s words. I’m extremely happy to be here and very grateful to the organization of the GCF for having us. So yes, indeed, women in cyber security still face a lot of challenges, as you mentioned, gender bias, lack of representation, unequal opportunities. And I think that organizations, and we all here in the room, have a huge responsibility to make sure that this changes. So in my experience, one of the things that make women doubt whether cyber security is a path for them is the lack of information. So mentoring and correct education, you know, paths in early exposure to cyber security and what it is, is one of the most important things that can encourage girls to get into this path. Then, well, I got into cyber security later in life, and maybe because of that lack of mentorship at an early age, but mentoring for me was key to have the luck and the privilege to have great mentors in my life who gave me the best guidance, advice, and encouraged me to challenge my own fears, and that allowed me to be here and to, you know, start a career that builds on different skills that I’ve had before. So organizations, per se, I think that also need to work a lot in more inclusive hiring practices, anti-bias training for both men and women, because there is something that is still happening everywhere in the world, and even in the countries that are famous for their gender parity policies, there’s still gender bias in technology and in cyber security as well. So yes, I think that this kind of forums, this kind of platforms for dialogue, I think are a great opportunity to encourage everyone to advocate for this kind of causes that will make the room fuller and fuller of women.

Moderator – Jane Witherspoon:
As a female actually doing it here in Saudi, you know, what has been that experience and the change from coming from outside? How was it received?

Betania Allo:
Well, I was very lucky, because when I first started thinking about moving to Saudi, to the Middle East, I was very lucky to have several opportunities here, and, well, Neom, do I need to even explain what Neom has, you know, and how amazing and exciting it is to be working. I consider myself so privileged, but something I did not know is that most of my colleagues would be Saudi, they would be from here, right? So although Neom has 70% expats, my department is mostly Saudis, because of regulations. So I was received with such generosity, such solidarity, from all levels, I was trusted with so much responsibility, and being a woman and being a foreigner, you know, those are two elements that makes it even more impressive, and I think it speaks volumes of the massive changes of this country has been through, and how much they trust talent from all over the world.

Moderator – Jane Witherspoon:
Dr. Margaret, can you elaborate from a European perspective?

H.E. Dr. Margarete Schramböck :
Well, Europe is in a very tough situation at the moment. So contrary to Saudi, which is growing at, I would say, 8% on average, Europe is really has slowed down, and the age structure is completely different. So what I find exciting here, and being in the board of Aramco, building up Aramco Digital, we can see that we have this wonderful age structure with a lot of young people, excited people who want to change, and want to be part of this transformation, also in the digital, especially in the digital area, and in the cyber security. So the focus is, as you’ve heard also from the CEO of Aramco, that there is investment, and there is investment, for example, in Sabrani. Do we see similar big investments in Europe at the moment, to a lower extent? So Europe still plays a role, but has to be very careful. And I think there will be different centers in this world. Of course, we have the US, and we have China. But there is a big room for Saudi, and its huge population, and its engineers to play an important role here. And we are in the middle of this transformation, which makes it so exciting. For me, coming back to being successful, having successful innovations and competitive products, always needs these two sides. So females bring completely different skills into the teams, and especially in the cyber, we can see, and in many digital jobs, it means from blue-collar worker to white-collar worker. Think of a harbor. When you are in a harbor, and you have to move the containers, this was pure blue-collar worker in the past. Now it’s white-collar, somebody sitting in a control center, as it is in cyber. You are doing things which you can do remotely, which you can do in a team. You don’t have to be outside in the construction site. And this evolution of tech solutions has also helped to engage more women. Contrary to Europe, I think, with Saudi and many women in engineering, there is a really good basis here.

Moderator – Jane Witherspoon:
I want to bring in the element of family raising as well, and being a working mom myself, as many of us are in this room. Can we have it all? Can we balance it? I think that makes it a little bit easier, some of these initiatives, and the situations like remote working.

H.E. Dr. Margarete Schramböck :
I think what COVID has shown us is that different types of working is possible, and that it can be done in a different way. And this helps, of course, to combine the topics of family and kids and the jobs. From the company perspective, and being a CEO for 15 years, it is worth starting at the very beginning. So it all starts before the women are joining the company. Sometimes we think, when we are managers, it starts when they are here. No, it starts in the acquisition or in the hiring process, where it is different to the male side, where you have to address women more directly. You have to invite them. It is a little bit different than it is on the other side.

Moderator – Jane Witherspoon:
Cecile, I think you have something to add in there. Sure.

Dr. Cécile Aptel:
Just the fact that flexible arrangements are important not only to attract women, but especially to retain women, and to enable them to really make a career, which I think is one of the challenges. It’s challenging in the cybersecurity for everyone. We need to really be also very clear that it’s not only about women. It’s difficult to attract men and have enough workforce. So the challenge is compounded for women, and it’s important for companies to have ways of retaining women. Flexibility, flexible working arrangements are important, but it’s also important to ensure that women feel valued. feel that they belong in the companies to retain them. And I think that’s an important dimension. And when we think of inclusive workforce, it’s not only having women sitting at the table, but being able to voice their concerns. And very often, because of a number of cultural expectations everywhere around the world, women are not likely to really ask for the floor. And so I think it’s particularly important that men, who are, of course, the great partners in this adventure of having more women, extend their reach to women. That they also mentor women, young women, sponsor them, and really just make sure that women’s views are also asked and considered. All of this is what makes women feel that they belong, that they have a role to play, and therefore to stay there.

Moderator – Jane Witherspoon:
Well, we did mention it earlier, and we were talking about roles. You know, what needs to be done? Cecile, I’m going to keep you on the floor. What needs to be done to ensure that enough roles are at the top of the chain? And how do we attain that, despite the fact that there is this leaky pipeline phenomenon, you know, stepping back and coming back into the room, you know, where maybe women are deemed to have lost some crucial years? What needs to be done about that?

Dr. Cécile Aptel:
So again, I think having working places that are inclusive, that are flexible enough to attract and retain women, that women feel that they belong there. But I think that some additional measures are needed. And I’ll go back to the example that I was giving earlier, you know, the lack of women diplomats engaged in UN processes on cyber, or even ICT in international security environment. Because that was a real concern, back in 2018, the UN Secretary General, Guterres, decided to really make a commitment to ensure that there will be more women appointed in the group of experts of the United Nations. And thanks to that commitment, which he took very seriously, more states nominated more women. And as a result, we really went from having 25% only of experts in 2018, to today 40% of experts being women that participate into these working groups. And similarly, in terms of diplomats participating in the negotiation, there’s been fellowship, in particular women in international security in cyberspace fellowship, that has been targeting relatively junior diplomat women, but not only diplomats, regulators, ICT experts, lawyers working in these areas, professors working in these areas, and encouraging them over a number of years to come and participate, to be there in those UN working group, in particular, the open-ended working group on the use of ICT in international security environment. And not only were they there, but then they were mentored. They had access to more senior leaders and diplomats that could train them. And they had specific training on participating in multilateral negotiations. Just to indicate that measures need to be multilayered, that it’s not simply, in fact, just thinking that it will happen unless the women are equipped with skills. And to go back to the question of how it works in the corporate sector, it’s one thing to be a technical expert in cybersecurity. It’s something else to be equipped with the skills to manage a team, and then to make it to leadership role or board roles, because you have leadership. And all of that with men usually happens through networking. Younger women that don’t necessarily have older women to be playing that role model still need to benefit from that networking and learning those skills. So we need very deliberate efforts to really make sure that women are also trained with managerial and leadership skills.

Betania Allo:
But Tania, I’ve seen you’ve been nodding all the way through that. I absolutely agree in everything, and I don’t know where to start. Have you anything, I mean, in terms of your experience, in terms of female leadership at the top and what you’ve taken away from that that has maybe helped you in your career progression? Well, so as you mentioned earlier, I don’t come from a very traditional path to cybersecurity, if that’s even a thing, right? So I, for some background, I’m a lawyer. I’m originally from Argentina. And then I moved to the US for graduate studies, and I have degrees in international relations and cybersecurity law and policy. And now I’m pursuing my PhD in cybersecurity. So as you can see, I went from building upon my legal and policy background to a more technical one. And honestly, I will go back to the mentorship and the fellowship that you just mentioned. Networks of women have been so helpful for me while I was making these decisions through, because I don’t consider it I transitioned careers. I think I always say that I’ve been building upon my different roles and bringing what I’ve learned from my other experiences to my new roles. So I think that one of the most important things is representation, to see women on leadership roles and to see women in those, in tables where decisions are being made, to make sure that their voices are heard. And that’s why we need men to advocate as well. We need you guys to look around the table. How come we don’t have any women sitting in this meeting, for example? What is wrong? Really, we couldn’t find any women to come here and join us. That’s why it’s not only our fight, it’s all of us responsibility to advocate for this happening. And in my experience, having really strong and determined women being my bosses and women who mentored me, and even men who also gave me the opportunity to believe in myself, and they believed in me maybe more than I believed in myself back then, right? And I think those are the people that I am so grateful that I had the opportunity to meet. And there is a lot of generosity out there. I know there are so many students here listening, and just don’t be scared to reach out. You will be amazed. This room is full of generous people who are willing to tell you more about their careers, tell you more about their experiences, and guide you through your own career path so you can find success as soon as possible. So yeah, I think that these forums, again, are the perfect platform to have these conversations.

Moderator – Jane Witherspoon:
Dr. Margaret, how important are those support of extended communities within the cybersecurity sphere?

H.E. Dr. Margarete Schramböck :
Well, my opinion, it’s the support of the different communities is key in all the areas. I’ve started out selling telephone systems. Now, selling telephone systems or being a technical director for telephone system is not the one thing you would have expected from somebody graduated from a business school. It happened more by coincidence, but then you have to take the opportunity. And what I did is I was searching for mentors always myself. At that time in the 90s, that was really long ago, in the 90s- I remember them, don’t worry. Yes, nobody was really into that mentoring and thought, yeah, you would need a mentor. So I was looking into, in that time, the tech community and I was investigating who could be that. And I addressed the person. And yes, there were men, there were male managers and not women because there were no women there. I was the only one. So for a long period of time, then gradually we got more. So the more you have the community of women also, you can also rely on them. But I’m a big fan of mixed teams, as I said before, and I’m a big fan of doing things together and not just in the separate areas. Looking at education, this is something I wanted to add on that. Maybe we can talk about that.

Moderator – Jane Witherspoon:
No, absolutely. I mean, I know Batania mentioned earlier, to get in at the earliest opportunity and learn about the field that you want to work in. But how can educational institutions maybe collaborate with industry partners and create, I guess, curricula that will appeal and empower women to pursue careers in this field? And especially from an earlier age, like you said, Batania.

H.E. Dr. Margarete Schramböck :
The earlier we start, the better. So at a very young age, to encourage the girls to attend classes, extra classes, and so on. And it, of course, needs to be a little bit adapted to their interests. And what I did, for example, in Austria, I introduced a new form of apprenticeship on e-commerce. So we had a lot of apprenticeship. You must know that in Austria, 50% of young people choose apprenticeship. It’s a little bit different than all in other countries in the world, except for Germany, Switzerland, and Austria. And introducing this apprenticeship for e-commerce suddenly led in 60% of the young people who chose this being women. So because they were interested in that. And I was not taking care, I didn’t care where they would start. They don’t need to start in mechatronic, but they can start in the e-commerce. They can start in the cyber, which are more fields which are of their interest because they are more in the area which they like.

Moderator – Jane Witherspoon:
But Tania, I know you’re gonna hide. I know this is coming for you.

Betania Allo:
It’s something that I’m very passionate about, maybe because of how I had to navigate it myself. So I feel really passionate about women and girls getting into the field. And even if they’re not in the field yet, to try to see how technology can be, can intersect to that area of expertise that you have, and slowly transition into a technological, more technological role. That’s what I saw building from technology and policy. So I think that besides what Margaret was saying regarding early exposure, I would say, again, mentoring, extremely important mentoring programs. And we at NEOM are extremely involved in mentorship and scholarship programs with different institutions here in Saudi and abroad. And that helps a lot because sometimes different elements makes it difficult for girls and women to pursue careers in technology. And those things help a lot. So that’s something that the tech industry can also collaborate and give that step forward in helping the next generation of cyber leaders also be 50-50.

Moderator – Jane Witherspoon:
Cecile?

Dr. Cécile Aptel:
Yes, education is so crucial. And as a former professor, I really cannot but say that, yes, education is absolutely critical. I think that the partnerships between industry and education facilities is not only in terms of the curriculum. I think that there is also something else that we have discussed here, which is protection of children in, in fact, the cyberspace. And this will be growing. This is already a big concern today. How do we protect children? And how do we ensure that children are secure and safe when using the cyberspace? But it’s also going to grow because we are probably facing radical changes in education. I mean, the next generation is probably going to be largely educated in schools that are not only very equipped, but very connected. And the very context of what is education is dramatically changing in our lifetime, which really means that there is, we have to be taking very seriously the issue of child protection and of educating children, not only in terms of cyber security to become expert, but to become responsible for their own security in the digital space and in the cyberspace. So I think that we are going to necessarily see partnerships there and they’re welcome because it’s a different way of, in fact, being human that our children are facing in terms of their career and their life.

Moderator – Jane Witherspoon:
We’ve got one minute on the clock. I’m going to start at the end with Batania. I would like you in 20 seconds, what’s the biggest challenge in the next five years for women in cyber security?

Betania Allo:
I would say like losing the fear to getting into the field. Ask for help, ask for mentorship, don’t be scared. You deserve a seat in that room and I very much look forward to seeing that in the next five years.

Moderator – Jane Witherspoon:
Amazing. Cecile.

Dr. Cécile Aptel:
I think it’s not only for women, it’s for women and men. Yes. Far too often, men may feel threatened by the fact that women are also entering the market, you know, the different markets, including cyber security. And I think it’s extremely important that we reframe that. It’s a win-win. It’s not that one is exposing the other. It’s really that we can have team, mixed team working together and becoming that much more innovative and in fact creating even much more of a market for everyone to work together. So I think partnerships is absolutely key and that men, as much as women, have a key role to play. And I want to then take the opportunity to say how impressed I am being in Saudi Arabia to see how much has been achieved. So big kudos as well here.

Moderator – Jane Witherspoon:
Last word, Dr. Margaret.

H.E. Dr. Margarete Schramböck :
Well, for me, it’s for the young generations to tell them, be brave, take the opportunity, create the opportunity. There is never a better moment than this moment and especially here, where so much transformation is going on.

Moderator – Jane Witherspoon:
Ladies and gentlemen, thank you for being with us for this session. And to my esteemed panel, thank you. Thank you.