Attracting and retaining more women within the cybersecurity workforce, as well as building on the positive experiences and perspectives of those already working in the sector is essential if we are to make meaningful inroads into the workforce and skills gaps.
The imbalance in the cybersecurity workforce continues to be an obstacle to growth as well as progress in addressing diversity, equity and inclusion (DEI). Based on independent research commissioned by ISC2, the number of women working in cybersecurity has remained consistent year-to-year, with an estimate that the percentage of women working in the industry is likely in the range of 20% to 25%.
This compares poorly to other professional sectors such as the legal profession and accountancy, where data from professional organizations in those sectors suggests that women make up half, or very close to it, of the active workforce. Data from the most recent ISC2 Cybersecurity Workforce Study (14,865 cybersecurity practitioner respondents, 2,400 of whom identified as women) showed that despite a global active cybersecurity workforce of 5,452,732, there remains a global workforce gap of 3,999,964. Reducing this gap not only requires an increase in hiring and upskilling, it requires an expansion in the talent pool to bring more people into the industry who were not previously part of the profession. Bringing more women into the cybersecurity profession to address the gender imbalance is necessary to make positive inroads.
While the percentage of women in cybersecurity roles and teams is much lower than other professions, there are several positives reported by the women who responded to the study that can serve as the bases for further incremental improvement.
For example, women reported higher rates of pursuing cybersecurity in school (14%), compared with men (10%). In percentage terms, more women surveyed want to work in a constantly evolving field (21%) and one where they can help people and society (16%) compared to men (18% and 14%, respectively). This sits alongside 76% of women reporting being satisfied with their cybersecurity jobs compared to 70% of men.
Furthermore, two-thirds of women surveyed (66%) said that diversity has contributed to their security team’s overall success, with 64% noting that DEI has been increasingly important for their security team over the past five years, rising to 69% for the coming five years. Nearly four in five women surveyed (78%) believe an inclusive environment is essential for the team’s success.
There are things to do as a hiring manager, team or business leader to build on these positives and grow the number of women both entering and remaining in the cybersecurity profession:
1. Focus on inclusion: Diversity and inclusion are clear focus areas for many organizations, both in terms of recruitment as well as staff retention and happiness. Bolstering efforts around inclusion will help existing and new cybersecurity professionals combat concerns and anxiety around not belonging and feeling inauthentic.
2. Remove obstacles to advancement: Supporting women in the cybersecurity sector to define their goals, along with ensuring they have the same development opportunities and access to leadership job opportunities are key. Women in senior positions inspire other women, so increasing gender equality in management and leadership roles is essential to overall positive motivation and retention.
3. Educate people as early as possible: Generation Z’s interest among women in roles in engineering, mathematics and computing is lagging behind men’s interest. Furthermore, young women are exposed to fewer STEM topics in school. Exposing women to cybersecurity programs early on can stimulate long-term and lifelong interest in the subject. Only 14% of our women respondents pursued cybersecurity in school.
4. Define and commit to sustainable diversity and equality goals: Setting specific hiring, recruitment and advancement aspirations, will aid significantly in developing and growing a workforce that more closely mirrors the diversity of the population.
5. Equal pay cannot be overlooked: To support and maintain equality in the workforce, pay equality must be an active component. Actively monitor pay levels across the organization to ensure inequalities can be addressed and don’t reoccur.
Resources:
-
ISC2 Research: ISC2 Cyber Workforce Study
-
ISC2 Research: Women in Cyber
-
ISC2 Webinar: Building a Career Pathway in Cybersecurity: A Journey Map for Women, by Women
-
ISC2 Insights: Women in Cybersecurity: Women in the Profession
-
ISC2 Insights: Women in Cybersecurity: Job Satisfaction, the Persistent Pay Gap and Ongoing Challenges