Closing the Gender Gap in Infosec: Progress and Challenges
Table Of Contents:
The information security industry has long been criticised for being a boys’ club, and despite progress, it continues to move at a glacial pace towards gender diversity. According to a recent report from (ISC)2, women constitute just 25% of the cybersecurity and infosec workforce globally. Cybersecurity Ventures also reported that women hold 17% of CISO roles within Fortune 500 companies, which, put in context, means 85 of 500 available CISO roles are currently held by women. These stats paint a dismal picture of gender diversity, particularly given the sector’s growing skills gap. A reported 3.5 million roles will remain unfilled in the industry by the end of 2025.
As the industry gears up to celebrate and spotlight women in cybersecurity and infosec as part of International Women’s Day, March 8, we discuss the gender bias problem in cybersecurity, the root causes of this bias, and what organisations can do to bring more women into cybersecurity jobs and retain them.
Progress Made So Far
Over the past decade, there has been a growing awareness of the gender gap in cybersecurity and infosec. The sector has been actively trying to address the gender diversity imbalance within its workforce. For example,
-
Recruitment:
Several initiatives were launched to encourage more women to join the cybersecurity sector. These include targeted recruitment campaigns and mentoring programs designed to support and guide women interested in entering the field.
-
Education:
The industry has partnered with training and education providers to encourage more women to study cybersecurity-related courses. Scholarships and grants are available for women interested in cybersecurity and infosec, and universities are encouraged to provide more resources to support women in the field.
-
Support:
Various initiatives have been created to offer mentoring, training, and networking opportunities to help women advance their careers in the infosec and cyber sector.
-
Awareness:
Industry-wide commitments to promote gender diversity and inclusion, as well as programs designed to address gender bias and discrimination, have been implemented.
Despite these efforts, the percentage of women in cybersecurity and infosec has increased by just 8% since 2017. This clearly highlights that more work needs to be done to close the gap more rapidly if we’re ever to achieve gender parity in the sector. And begs the question, why haven’t these initiatives driven more women into the industry?
Challenges Facing Gender Diversity In Infosec
According to a recent survey by Microsoft Security, more than half of women (54%) believe that the industry has a gender bias problem that results in unequal pay and support. The study also found that only 44% of female respondents believe they are sufficiently represented, despite 83% of respondents saying that they think there is an opportunity for women in cybersecurity.
There is clearly a perception issue that the cybersecurity and infosec industry is finding hard to shake. The reality is that women often face barriers such as unconscious bias, lack of mentorship and promotion opportunities, and are the subject of negative stereotypes that can make it harder for them to succeed in the field. Tackling this is perhaps one of the biggest challenges infosec and cyber organisations face in improving the gender imbalance.
It is also true that women still need to be paid equally compared with their male peers and are often overlooked for promotions within cybersecurity. Studies have highlighted that the salary gap starts early in cybersecurity: Women with 1-3 years of cybersecurity experience make nearly $19,951 less than men with the same years of experience, according to aggregated data from (ISC)2.
Another challenge is the lack of flexibility in the industry, which can be a barrier to women who want to balance their personal and professional lives. For example, long working hours and inflexible schedules can make it difficult for women to succeed in cybersecurity roles.
Fundamentally there is also a failure at all educational stages to encourage women to consider STEM (science, technology, engineering, and mathematics) subjects and careers in cybersecurity. An ISC2 study highlighted the dramatic decline in the percentage of girls choosing I.T., tech or computer classes past primary school. Whilst a PWC study highlighted that just 3% of women who studied tech or computing at university went on to work in cybersecurity. There needs to be a greater focus on encouraging girls into technical and computing classes, starting at primary school and supported by industry.
The Importance of Closing the Gender Gap In Infosec
The benefits of having more women in cybersecurity are clear. Gender diversity brings different perspectives and approaches to problem-solving, which can lead to more innovative solutions. Including women in the cybersecurity and information security workforce has been shown to lead to positive outcomes, such as improved decision-making and reduced cybercrime. It also increases the talent pool and helps address the skills gap in the industry.
Studies have shown that gender diversity can improve cybersecurity outcomes. For example, a report by McKinsey & Company found that companies with more gender diversity were more likely to have better financial performance and more significant innovation. Additionally, diverse teams can better identify and address blind spots in cybersecurity.
According to a report by the National Cybersecurity Institute, organisations with more diverse workforces were also found to have a lower risk of cyberattacks, with organisations with at least 30% of women in their cybersecurity teams experiencing 40% fewer security incidents.
Having more women in the sector and more diversity generally is so important when you consider the technology being built now, such as A.I., facial recognition, and IoT health devices, and how those will impact our lives significantly moving forward, the need for tech to be designed and developed by diverse groups has never been more important!
Future Outlook For Gender Diversity in Infosec
There are several initiatives and trends that could encourage more women to enter and advance in the cybersecurity industry. One trend is the rise of remote work, which could make the industry more flexible and accessible for women. Additionally, as more programs encourage girls and young women to pursue STEM (science, technology, engineering, and mathematics) careers, including cybersecurity, we should see more women entering the sector and providing pathways for other women to follow.
The growing industry skills gap should also pave the way for more women to enter the sector and achieve pay parity with their male peers. Forward-thinking infosec and cyber organisations must address the skills gap to stay ahead of the rapidly moving cyber risk landscape, and women provide not only one of the fastest ways to achieve this but also offer exceptional business benefits ranging from statistically better decision-making, improvements to the financial bottom line and a reduction in cyber attacks.
To close the gender gap in cybersecurity, companies and the industry as a whole must also take action together. The onus should no longer be on women to resolve this challenge. It’s an industry-wide problem and requires an industry-wide approach. Men in the sector need to be active allies, not passive participants. Diversity is now a must-have for any organisation looking to achieve business success, not something worked towards with platitudes and limited follow-through during one month of the year. To use a quote from Jenny Radcliffe, the people hacker, “gender diversity is for life, not just for March 8”.
Unlocking Gender Diversity in Infosec
Unlocking gender diversity in cybersecurity ensures the industry’s sustainable and prosperous future. Women bring unique perspectives, ideas, and skills to the table, which can help organisations better understand and address the evolving cybersecurity threat landscape. As technology continues to play an increasingly significant role in our lives, the sector must reflect the diversity of its users.
Achieving gender diversity in cybersecurity requires a concerted effort from all stakeholders, including employers, educators, policymakers, and the wider community. By working together to create inclusive cultures, removing barriers to entry, and encouraging and supporting women in the field, we can unlock the full potential of gender diversity in cybersecurity and build a safer and more secure digital world for all.