Reversing the decline of women in IT Research from Intellect and the Department of Trade and Industry found the number of women in IT has dropped to 16 per cent, from 21 per cent five years ago. The report by e-Skills UK says the IT industry is not doing enough, particularly for higher-skilled management positions. How can CIOs encourage more women in IT?

This has been a recurring issue for some time and we cannot have solved it or it would not keep coming back to haunt us. We need to look at the very foundations – how do we encourage more young women to embark on a career in IT?

Look at your local high-street computer store, which is for many the first exposure to IT. These are largely staffed by men. Does this set the mind of our women against joining the profession? One major retail outlet even offers installation and repair of computing equipment calling themselves The Tech Guys.

We have to look at the surrounding environment and the exposure people have to IT before we start to dream up more solutions to add to the ones that have already been tried and left wanting. Maybe the first step is to rename IT: Not information technology; how about information systems, information solutions, or just information?

Denise Plumpton, director of information, Highways Agency

Employers are well placed to reverse the negative perceptions many girls and young women hold about technology: that IT is boring; that the technology industry is male dominated; and that IT professionals are all geeks with limited social skills. Employers can engage with local schools, colleges and universities to make presentations, arrange company visits, provide work placements, promote role models and support Computer Club 4 Girls to give girls and young women a realistic insight into the exciting and challenging nature of modern careers in IT.

Innovative company policies such as flexible and remote working, career breaks, mentoring, training and family support will appeal not just to women, but to the whole diversity of the IT workforce.

Karen Price, chief executive, e-Skills UK

One of the reasons why women may find combining career and home responsibilities difficult is juggling working hours. Betfair is a 24/7 operation, but we do, wherever possible, offer flexible working to those looking to maintain a work/life balance for whatever reason. CIOs have a responsibility to create challenging learning environments where employees feel their skills are recognised and well rewarded. Combine this with a realisation that people do have a life outside of work and hopefully all talented people, men and women will want to progress and eventually lead in this environment.

Rorie Devine, chief technology officer, Betfair

Typically female capability traits will be better suited to many of the newer emerging roles in IT such as relationship management and social network systems. So the answer might be to recruit internally from other business units and cross-train. But some deeply technical roles may remain stubbornly male.

Mark Raskino, vice president and research Fellow, Gartner

There are two areas that need special attention to overcome this national business dilemma: Lure women back to the IT industry who have left to raise a family and look for ways to retain experienced female IT professionals.

According to recent research, 48 per cent of British women working in IT said their decision not to have children had been influenced by work-related choices. Smart companies know that being flexible with IT staff when they become parents will help keep employees happy, maintain productivity and ultimately reduce the risk of losing experienced female IT professionals.

It is crucial that organisations introduce more dynamic, flexible working policies to find and retain the talent needed in this industry.

Sandra Smith, IS director, Toshiba UK

Beating the internal security threat Cyber crime is a costly business. With internal data breaches costing an average of £1.8m a year, technology leaders need to keep an eye on their own staff – as well as external intruders. How can CIOs prevent unauthorised employee access to valuable data?

Many people do not realise that viruses and spyware have not gone away but have gone silent and infect by stealth. Systems now contain trapdoors and in 2007 we will see losses from information theft increasing. On the people side, the importance of professional security certification will continue to grow - driven by the need for engineering levels of digital reliability.

Paul Dorey, chairman, Institute of Information Security Professionals (IISP)

It’s important for CIOs to install appropriate levels of security, and tools and processes are necessary but not sufficient for stopping internal data breaches.

Equally, if not more importantly, CIOs need to address the drivers of internal cyber crime. One key driver is the behaviours that lead staff to commit such crimes; another is organisational culture; and a third is organisational leadership.

Arguably, if an employee really wants to access unauthorised information they will find their way around the processes and tools. CIOs that think they can sleep peacefully because they have bought the best tools and installed the best processes without changing behaviours, leadership and culture are fooling themselves.

Ashley Braganza, director, Centre for Organisational Transformation, Cranfield School of Management

Quis custodiet ipsos custodes? – and who will watch over the guardians? An old problem, and one to which many of the old solutions still apply in the digital world.

First and foremost do everything possible to win the trust and loyalty of employees; treat people fairly, build on the fact that they are in a position of trust and make sure they understand that they – and their colleagues – have a lot to lose if the business is damaged by a security breach. Build a sense of a trusted elite with a duty of care among all IT professionals.

CIOs must also ensure that there are internal checks and controls, best practice implementation of security systems and proper management of supervisory passwords and administrator rights.

Perhaps the most important thing is to recognise that there are inherent flaws in the classic security model. The perimeter cannot be defended – this is futile. Each device, server, application and database should defend itself from unauthorised access and limit the degree to which even authorised access can affect operation.

The internal network should be viewed as being no different from the public internet. Central control and management of large numbers of PCs is an enormous vulnerability as one individual, by error or by design, could do enormous damage. The consumer model of secure interaction shows the way; while there are flaws, the intense pressure of operating in a virulent environment ensures that all components, including humans, are case-hardened and able to resist attack.

David Burden, chief information officer, Royal Mail