Choose your topics

The GRC Trends to Look Out for in 2024

Our GRC experts at SureCloud share their 2024 predictions for the world of governance, risk and compliance.

The Top 5 Challenges of Third-Party Risk Management

With the supply chain now seen as a legitimate attack path, what can your organization do? Let’s explore 5 challenges of TPRM and how to overcome them.

Third-Party Risk Management GRC
What is Third-Party Risk Management?

What is third-party risk management and how should you approach it? Find out in this post.

Third-Party Risk Management GRC
The Top 4 Challenges of Risk Management

What are the top four challenges of risk management today and how can you overcome them? Find out in this post from SureCloud.

Third-Party Risk Management GRC
Transform Compliance into Your Competitive Advantage

In GRC, compliance is often viewed as a cost that makes it harder to pursue growth. Here's how to make it your competitive advantage.

Compliance Management GRC
Questions You Should Ask when Preparing For Your First Pen Test

Understand the processes that you and your chosen pentest provider will travel through for your first pen test, from the initial point to the day the test starts.

Penetration Testing
TPRM Blog 6-Writing Clear Questions

Our GRC Practice Director explores the importance of clear communication and how to achieve it in your third party questionnaires. Read more here.

Third-Party Risk Management GRC
The Simple Way to Combat Phishing

SureCloud Cybersecurity Practice Director Luke Potter shares his tip to stay ahead of attackers phishing for your downfall.

Penetration Testing
See Yourself in Cyber With Janhavi Deshpande

See Yourself in Cyber With Janhavi Deshpande - SureCloud

Cyber Security
Vector (7)
Cyber Risk Management

Gender Diversity in Cybersecurity: Could Organizations Do More?

Gender Diversity in Cybersecurity: Could Organizations Do More?
Written by

Jane Frankland

Published on

3 Aug 2023

Gender Diversity in Cybersecurity: Could Organizations do More?

Guest author:  Jane Frankland, Entrepreneur, Author, Speaker, and Influencer


Current research suggests that a staggering 75% of global cybersecurity jobs are filled by men. The same report found that only 17% of Chief Information Security Officer (CISO) roles at Fortune 500 companies are held by women, which equates to just 85 out of 500 positions. 


There is an alarming shortage of women within the sector and, despite efforts to change this, progress for greater diversity has been slow. When you consider that millions of cybersecurity roles remain vacant, this is a worrying trend. 


Greater diversity brings many benefits, not least to an organizations’ profit margins. The Global Gender Gap report found that companies in the top quartile for gender diversity on their executive teams were 21% more likely to experience above-average profitability compared to those in the fourth quartile. 


In this article, we’ll explore the potential reasons for the lack of female representation in cybersecurity, what needs to be done to improve these figures, and offer some useful tips for those looking to begin a career in the industry. 


Cybersecurity should be a rewarding and welcoming career for everyone. More needs to be done to address the gender gap


Why is there a lack of women working in cybersecurity?

One of the traditional arguments put forward for the lack of gender diversity within cybersecurity is women’s low participation in Science, Technology, Engineering, and Math (STEM) disciplines at an early age. 


The Boston Consulting Group (BCG) canvassed the opinions of 2,000 female STEM undergraduate students across 26 countries to see if this statement was true. 78% of respondents said they first developed an interest in STEM in middle school or high school, which suggests that if girls aren’t engaged early, it’s highly unlikely they’ll later pursue a career in cybersecurity. 


Critically, the survey also revealed that some women have negative perceptions of cybersecurity as a career choice. 37% of respondents believed it would be hard to achieve a good work-life balance, which is one of the top three priorities for women when choosing a job. It also suggested that those women with low awareness of cybersecurity have negative views of people who work in the field. 


Raising awareness of the opportunities within cybersecurity is crucial to addressing the gender gap. One of the main reasons for women not wanting to pursue a career in the sector is the lack of information on the roles available. Similarly, another reason is the perception that they don’t have the required technical knowledge to do the job. 


Negative perceptions of the cybersecurity industry are preventing women from applying for roles. This needs to change 


What needs to change within the industry to attract more women? 

It’s not just traditional misconceptions that need to change. An area that requires urgent attention is employers’ hiring practices. Are they recruiting for positions that are needed, or is their motivation driven by compliance and HR requirements? If it’s simply a box-ticking exercise to demonstrate women are applying for roles, but are ultimately unsuccessful, it’s a waste of everyone’s time. 


If the need is genuine, however, then organizations should be doing everything possible to attract the very best talent for the role. Demonstrate that your business has the support networks and career pathways in place that allow individuals to flourish, whoever they are. Unfortunately, a common trait we see in advertisements for cybersecurity roles is the propensity to include an extremely broad range of criteria, which results in a reduced number of not just female applicants, but applicants in general. 


From a female perspective, organizations need to think about how they communicate with potential future employees. For example, does your recruitment messaging include testimonials and success stories of current female team members? Will new employees have access to female mentors? Are you doing enough to dispel the myth that cybersecurity roles are exclusively for men? More needs to be done to promote the advantages of working in cybersecurity for women. Show that your organization offers meaningful benefits, such as a hybrid working model and flexible working hours. 


Encouraging greater gender diversity and empowering women within cybersecurity teams will bring different experiences and voices to the table, which can only be beneficial to organizations moving forward. 


The more diversity an organization can add to its security team the better. It brings fresh ideas and a different approach to problem-solving 


Are you interested in a career in cybersecurity? 

If you’re interested in pursuing a career in cybersecurity, but are unsure where to begin, follow these simple tips to get started.


Tip 1: Decide which area of cybersecurity suits you best – There are multiple disciplines within cybersecurity. For example, do you want to work in the business, technical, or consultancy aspects of the industry? Recognize where your main interest lies and which area best suits your skills.


Tip 2: Network and make connections – Build relationships with people within the industry by following them on social media or attending events. Don’t be afraid to put yourself out there and ask as many questions as you can. Opportunities will most likely present themselves via your network. 


Tip 3: Find a mentor – Use your network to find someone who can act as a mentor during the early stages of your career in cybersecurity. Having someone to guide you and share experiences can be hugely beneficial. It will also help ease the transition into a new role or sector. 


Tip 4: Explore training courses and qualifications – There’s no escaping the fact that at some point in your cybersecurity career, you’ll need to obtain industry qualifications. Understand which ones you’ll need for your chosen role and complete them early to get ahead of the competition. 


Don’t underestimate the power of networking. It can open the door to some truly great opportunities 


The answer to addressing gender diversity may seem simple; employ more women. However, getting there is not that straightforward. There are still numerous barriers still in place that are preventing the advancement of women within the sector. Until organizations address their approach to hiring and retaining talent, there will not only be a shortage of women in cybersecurity, but the skills gap will also widen.  


To hear more from Jane on women within the cybersecurity sector, listen to this episode of our Capability-Centric GRC & Cyber Security Podcast.