Gender Diversity in Cybersecurity: Could Organizations do More?
Guest author: Jane Frankland, Entrepreneur, Author, Speaker, and Influencer
Current research suggests that a staggering 75% of global cybersecurity jobs are filled by men. The same report found that only 17% of Chief Information Security Officer (CISO) roles at Fortune 500 companies are held by women, which equates to just 85 out of 500 positions.
There is an alarming shortage of women within the sector and, despite efforts to change this, progress for greater diversity has been slow. When you consider that millions of cybersecurity roles remain vacant, this is a worrying trend.
Greater diversity brings many benefits, not least to an organizations’ profit margins. The Global Gender Gap report found that companies in the top quartile for gender diversity on their executive teams were 21% more likely to experience above-average profitability compared to those in the fourth quartile.
In this article, we’ll explore the potential reasons for the lack of female representation in cybersecurity, what needs to be done to improve these figures, and offer some useful tips for those looking to begin a career in the industry.
Cybersecurity should be a rewarding and welcoming career for everyone. More needs to be done to address the gender gap
Why is there a lack of women working in cybersecurity?
One of the traditional arguments put forward for the lack of gender diversity within cybersecurity is women’s low participation in Science, Technology, Engineering, and Math (STEM) disciplines at an early age.
The Boston Consulting Group (BCG) canvassed the opinions of 2,000 female STEM undergraduate students across 26 countries to see if this statement was true. 78% of respondents said they first developed an interest in STEM in middle school or high school, which suggests that if girls aren’t engaged early, it’s highly unlikely they’ll later pursue a career in cybersecurity.
Critically, the survey also revealed that some women have negative perceptions of cybersecurity as a career choice. 37% of respondents believed it would be hard to achieve a good work-life balance, which is one of the top three priorities for women when choosing a job. It also suggested that those women with low awareness of cybersecurity have negative views of people who work in the field.
Raising awareness of the opportunities within cybersecurity is crucial to addressing the gender gap. One of the main reasons for women not wanting to pursue a career in the sector is the lack of information on the roles available. Similarly, another reason is the perception that they don’t have the required technical knowledge to do the job.
Negative perceptions of the cybersecurity industry are preventing women from applying for roles. This needs to change
What needs to change within the industry to attract more women?
It’s not just traditional misconceptions that need to change. An area that requires urgent attention is employers’ hiring practices. Are they recruiting for positions that are needed, or is their motivation driven by compliance and HR requirements? If it’s simply a box-ticking exercise to demonstrate women are applying for roles, but are ultimately unsuccessful, it’s a waste of everyone’s time.
If the need is genuine, however, then organizations should be doing everything possible to attract the very best talent for the role. Demonstrate that your business has the support networks and career pathways in place that allow individuals to flourish, whoever they are. Unfortunately, a common trait we see in advertisements for cybersecurity roles is the propensity to include an extremely broad range of criteria, which results in a reduced number of not just female applicants, but applicants in general.
From a female perspective, organizations need to think about how they communicate with potential future employees. For example, does your recruitment messaging include testimonials and success stories of current female team members? Will new employees have access to female mentors? Are you doing enough to dispel the myth that cybersecurity roles are exclusively for men? More needs to be done to promote the advantages of working in cybersecurity for women. Show that your organization offers meaningful benefits, such as a hybrid working model and flexible working hours.
Encouraging greater gender diversity and empowering women within cybersecurity teams will bring different experiences and voices to the table, which can only be beneficial to organizations moving forward.
The more diversity an organization can add to its security team the better. It brings fresh ideas and a different approach to problem-solving
Are you interested in a career in cybersecurity?
If you’re interested in pursuing a career in cybersecurity, but are unsure where to begin, follow these simple tips to get started.
Tip 1: Decide which area of cybersecurity suits you best – There are multiple disciplines within cybersecurity. For example, do you want to work in the business, technical, or consultancy aspects of the industry? Recognize where your main interest lies and which area best suits your skills.
Tip 2: Network and make connections – Build relationships with people within the industry by following them on social media or attending events. Don’t be afraid to put yourself out there and ask as many questions as you can. Opportunities will most likely present themselves via your network.
Tip 3: Find a mentor – Use your network to find someone who can act as a mentor during the early stages of your career in cybersecurity. Having someone to guide you and share experiences can be hugely beneficial. It will also help ease the transition into a new role or sector.
Tip 4: Explore training courses and qualifications – There’s no escaping the fact that at some point in your cybersecurity career, you’ll need to obtain industry qualifications. Understand which ones you’ll need for your chosen role and complete them early to get ahead of the competition.
Don’t underestimate the power of networking. It can open the door to some truly great opportunities
The answer to addressing gender diversity may seem simple; employ more women. However, getting there is not that straightforward. There are still numerous barriers still in place that are preventing the advancement of women within the sector. Until organizations address their approach to hiring and retaining talent, there will not only be a shortage of women in cybersecurity, but the skills gap will also widen.
To hear more from Jane on women within the cybersecurity sector, listen to this episode of our Capability-Centric GRC & Cyber Security Podcast.