Cybersecurity – Where Are All the Women?

Lorna Fimia

Companies report that they are highly committed to gender diversity, but that commitment has not translated into meaningful progress.

According to a 2017 report by Frost & Sullivan, only 11% of global cybersecurity roles are filled by females. This figure reflects how male-heavy the profession is compared to the general workforce with an almost 50-50 split between the genders.

Frost and Sullivan’s women’s report in cybersecurity found that only 1 in 5 C-level and executive positions are filled by women and only 1 in 10 in managerial positions.

Women in cybersecurity


Board Level Gender Bias at Tech Companies

According to a 2018 report from Tech Nation, during the period from 2000 to 2018, the number of women appointed to the boards of tech companies, though varying slightly from year to year, has never reached more than 30%, with a high of 26.8% in January 2003.

When looking at the cumulative number of men and women appointed to the boards of technology companies, the gap between men and women is growing – in January of 2010, the number of cumulative appointments of women to technology boards was 11,842 compared to 40,600.9 men, and the gap grows further in January of 2018, where the cumulative number of women appointed to the boards to tech companies only reached 75,097, compared to 252,915.9 men.

Are Stereotypes To Blame?

The stereotypical image of an employee in cybersecurity is generally a man, perhaps quiet or unsociable, working in a dark room with just a computer… Unsurprisingly, this image doesn’t appeal to many people, especially women.

There is also the view that for the few women that do work in cybersecurity there is a lack of respect (reference social media storm surrounding the use of “booth babes” at Infosecurity Europe 2018) and not much of a life outside of work.

Why Would Women Not Be Attracted To Cybersecurity?

There are many reasons why a woman may not be attracted to the cybersecurity industry, including the poor image it holds, as detailed already. The 24/7 working culture may also not appeal to a prospective employee with caregiving responsibilities, along with the perceptions of wage inequalities and other forms of discrimination.

The lack of women in cybersecurity can start from before they enter the workforce. From school, college and university level, Science, Technology, Engineering, and Mathematics (STEM) is largely portrayed as a masculine field, especially professions such as cybersecurity and IT. In these crucial years when deciding a career path, girls, as well as boys, should be made to feel accepted and encouraged in the field.

The IT industry as a whole is renowned for being a predominantly male, intense environment to work in. Rightly or wrongly, male-dominated professions often hold a reputation of being sexist and chauvinistic, which is another deterrent to women looking at cybersecurity.

With all these factors working against them, a lot of women underestimate their abilities and, even if fully qualified, don’t feel that they are as skilled as men. A study by Ehrlinger and Dunning found that men overestimate both their ability and performance, whereas women underestimate both. In this case, the average performance of each gender did not differ, meaning they are both just as capable as each other.

To counter this issue, women working in cybersecurity, and IT as a whole, need to be encouraged much earlier. Dispelling the negative, masculine stereotypes will help to rid the profession of the bad reputation it currently holds regarding women.

Almost half of the women already in cybersecurity hold a degree in computer science, the same percentage as men, meaning if more women take up the subject at a younger age, the numbers in the industry will increase with it.

Why Might Women Leave Cybersecurity?

Even when women have chosen to pursue a career in STEM the challenge can be keeping them in the field, and with the amount of discrimination they can face it’s not hard to see why so many leave. Cybersecurity workers of both genders were asked if they had experienced any form of discrimination at work in the 2017 Frost and Sullivan women’s report, with 51% of females responding yes but only 15% of males saying the same.

Surprisingly, ‘positive discrimination’ can also be detrimental. This includes purposefully hiring a female over a man, irrespective of who would be better for the role, just to increase diversity. In order to increase the number of women in cybersecurity, women should not be given priority for jobs they may not be suited to, but secure a role based on their talent and capability. Otherwise, it can make qualifications seem worthless and cause resentment in the workplace.

“Now companies need to take more decisive action. This starts with treating gender diversity like the business priority it is, to setting targets to holding leaders accountable for results. It requires closing gender gaps in hiring and promotions, especially early in the pipeline when women are most often overlooked. And it means taking bolder steps to create a respectful and inclusive culture so women—and all employees—feel safe and supported at work.” This is an edited extract from Women in the Workplace 2018, a study undertaken by LeanIn.Org and McKinsey.

Consistency is a concept that is vital to creating an equal, diverse working environment. If someone is treated differently it creates an inequality in the department and could lead to decreased self-confidence and belief. Support from others, especially management, is key in ensuring all staff feel comfortable in their role.

To overcome the problem of a lack of intellectual respect for females, it is paramount that all staff be treated the same, whether that be equal pay or equal promotion opportunities. This also applies to men; giving male workers the same parental leave after having a child is one way of demonstrating a completely fair working environment. Creating a respectful environment for everyone will help staff to feel valued and accepted.

Women in cybersecurity

What is Being Done For Women in Cybersecurity?

This problem has been around for some years now, with some companies already ahead of the trend and addressing the problem. Using marketing tactics that promote an equal environment can encourage women to look into a cybersecurity career; a positive, supportive and respectful environment will be much more appealing to everyone.

Some organizations are also taking initiative by recognising and celebrating the achievements of women, with events such as the Women in IT Awards. In the 2017 ceremony the Chief of MI6, Alex Younger, revealed that his Head of IT was in fact female, inspiring women all over the globe to aim high and believe in themselves. Alex also revealed that his organization struggles with diversity, and encourages women to go into the field and bring some new skills with them.

Campaigns such as HeForShe are a method of showing solidarity amongst co-workers. It allows both men and women to pledge to help and respect women all over the world, whether that be at home or in the workplace. The Women’s Security Society is also a place that women can go to make connections in the industry and get support.

“We aim to narrow the gender gap by spreading awareness of the diverse career opportunities available to women in cybersecurity, by addressing gender biases, and by initiating a dialogue that helps women navigate the profession and its opportunities.” Klaus Julisch, Lead Cyber Partner and sponsor of the Women in Cyber program in Switzerland, Deloitte

One issue arising when companies are looking to hire is the lack of women readily available; where they usually look to hire from are all male-dominated areas too. Widening the pool you recruit from will offer a broader range of employees, from more diverse backgrounds and with a larger range of skills. Perhaps changing how companies advertise jobs can help the field of cybersecurity appeal to more people, including women.

Progress on gender diversity at work has stalled. To achieve equality, companies must turn good intentions into concrete action.

So, the question remains, what are you doing to support women in your workforce? If you haven’t already, it’s definitely worth having the conversation with management to encourage women into cybersecurity and make them feel welcome, respected and supported.