Why The Number Of Women In Cybersecurity Is So Low?

by Sohini Bagchi    Mar 23, 2017


Women comprise only 11 percent of the global information security workforce, and that’s not good news for us. A study conducted by Frost & Sullivan found that women in cybersecurity have higher levels of education than men, but fewer hold senior-level positions, and they earn less money. On a positive note however, the small representation of women in cyber provides a big opportunity for them to enter a field. Women who have higher levels of access to sponsorship and leadership programs report feeling valued in their role and are more likely to be successful. [Read the full report here]

Moreover, those working in cybersecurity have a more varied educational background than men contributing to the diverse set of skills they can potentially bring to the industry. The Women in Cybersecurity report is part of the Center’s eighth Global Information Security Workforce Study (GISWS) – sponsored by Booz Allen Hamilton – and is based on data that was collected in the survey. These entities have joined forces with several industry leaders to raise awareness of the need for women in cybersecurity. 

 Women outdo men in cyber security education
More than half of women of any age [51 percent] who enter computer security have a Master’s Degree or higher, compared to 45 percent of men entering the industry. “It’s disappointing to see that the number of women in the cybersecurity workforce continues to remain low,” said David Shearer, CEO, the Center for Cyber Safety and Education and (ISC)².
“We must encourage young women; help them to see that information security is a challenging, lucrative and exciting career field. We must also promote women into leadership positions, and pay them at levels that are equal to their male counterparts. There is a large shortage of skilled cyber professionals, and women are a valuable resource that can help to bridge that gap,” he said in the report.

Pay and promotion gap

The results shown in the (ISC)2 report for pay gaps and promotion potential indicates that on average, women in the information security industry earn a lower annual salary than their male counterparts. Women in security positions are more likely to hold non-managerial roles: Men are four times more likely to hold C-level positions, four times more likely to be in executive management positions and nine times more likely to occupy a managerial role. But for those women who attain upper level management positions, the pay gap is actually closing.

Sloane Menkes, PwC principal and global crisis center coordinator believes it is imperative for the cybersecurity industry to support and facilitate the recruiting, retaining and promoting of women. Proactively developing this career path will combat gender inequality and prevent further decline in the overall security labor pool,” said .

“While there is significant demand for high-skilled workers, there is also a critical pipeline issue of women joining our cybersecurity workforce. Cybersecurity leaders need to commit to reversing this trend - from our universities to our board rooms - before the issue is irreversible,” said Menkes.

Read more: Gender Diversity: Defining Women’s Role In The Workplace

“With increasingly sophisticated threats and the demand for security talent soaring, the cybersecurity field is one that absolutely cannot afford to neglect the population of women and the many talents they offer,” said Shamla Naidoo, global chief information security officer, IBM. “The security industry needs the best and brightest to remain ahead in the fight against cybercrime, and creating a workforce with diversity of thought, gender and backgrounds is essential to this goal.”

Experts believe that the economy globally is already facing a significant skills gap in cybersecurity with positions going unfilled. It needs to examine why it is that the next generation of workers is not pursuing careers in cybersecurity, but especially women. In addition to focusing on cybersecurity education at the university level, creating programs aimed at undergraduate levels will help to create enthusiasm for this industry.

A change in mindset

“Mature cyber security teams require a mix of skills and diversity of thought – you must foster teamwork that’s inclusive and integrates multi-disciplinary and diverse perspectives” said Angela Messer, a Booz Allen executive vice president, and leader of the firm’s Cyber innovation business and cyber talent development champion.

“An overreliance on any one background or perspective leaves an organization vulnerable to adversaries and threats that rapidly change – only diverse, multidisciplinary teams can rapidly respond and problem solve on the next challenge. It’s also a security imperative that our industry broaden access to talent by becoming better at attracting, retaining and empowering female cyber warriors.” 

Companies need to help women get ahead in cyber if there is any hope of having enough cybersecurity experts to fill coming needs, but a solid strategy remains elusive.

The need for more mentors and role models continually emerges in tech gender gap surveys, while schools are experimenting with programs that can interest more young girls in cybersecurity careers. As a recent Coursera study reveals that female instructors can help close the gender gap in STEM. The study states that Only 28 percent of graduates from U.S. STEM (science, technology, engineering, and mathematics) degree programs are female, this representation seems woefully low. 

One hypothesis is that seeing other women succeed in STEM could encourage female learners and help close the gap. For example, having more female STEM professors on the platform, as per the Coursera report, has often helped in increasing the number of women who take up STEM courses.

Hence, in order to meet the world’s ever-growing need for security talent, we need to include a lot more women in this industry, and that requires a huge change in the mindset.

Support and more support

The lack of women in security is a big setback to improve the cyber security skills gap. Low visibility as well as lack of opportunities for advancement are creating a weak pipeline. The need of the hour is greater support and sponsorship.

The picture that these statistics paint is not a rosy one. But within these dark clouds there is a clear answer for how to improve this situation. A large proportion of women who feel valued within their organization say that they’ve benefited from sponsorship or have received non-technical skill development or leadership training, which means sponsorships and other forms of support can play a big role in greater participation of women in the cyber world.

Experts believe companies must also use proven, positive techniques to encourage men to get involved in inclusive training, mentoring and recruitment efforts.