Women represent only 30% of the global cybersecurity workforce, reflecting a slow growth rate and pervasive social inequalities. As we witness a concerning increase in cyber harm and a widening skills gap within the industry, it becomes imperative to engage more women in cybersecurity.
Diversity is not merely a desirable trait; it’s a fundamental necessity in our fight against cyber threats. The effectiveness of our defense strategies hinges on the varied perspectives and expertise brought forth by diverse teams. Without such diversity, we risk overlooking critical insights and fail to adequately protect those most vulnerable to cyber threats. Therefore, diversifying the cybersecurity sector isn’t just about inclusivity; it’s about safeguarding our collective digital future.
So why are women not entering (and staying) in a sector that has great growth potential, offers good pay, and with a mission for social good?
Where it begins
Despite women constituting over half of higher education graduates in the UK, they remain outnumbered 4:1 in computer science courses. While there’s been a commendable 23% rise in female enrolment in computer science degrees since 2019, persistent biases deter many women from pursuing STEM fields. Recognising and overcoming barriers underlying this fap is essential to cultivating a diverse and inclusive cybersecurity workforce.
Studies have shown that last year, the number of girls taking A-Level computing was still fewer than 3,000 in the UK. Science, technology, engineering, and maths (STEM) subjects are still heavily male-dominated. Outdated biases continue to influence girls’ decisions, not just in selecting which subjects to study at school, but also when pursuing higher education and when joining the career ladder.
A lack of female presence in cybersecurity is a deep-rooted problem to overcome and begins early in women’s educations. Initiatives such as Nominet’s donation of nearly 700,000 devices to UK primary schools aim to spark early interest in coding among children. However, sustained efforts are required to reverse the decline in girls opting for computing education. Failure to do so risks perpetuating biases that hinder technological innovation and cybersecurity advancements.
Why women often feel the cyber industry is not for them
There are a multitude of reasons why women can be made to feel that the cybersecurity industry is not one for them. But one could be that women are disproportionately driven offline by gender-based cybercrime and online harms. Women and girls are more likely than men to be victims of cyber violence due to systemic gender bias.
A 2021 study by Economist Impact found that more than half of women worldwide have experienced abuse online, making the web a space that often doesn’t feel safe or appealing for women. A story that has recently recaptured headlines is of the prolific cyber stalker, Matthew Hardy, who terrorised female victims online by creating hundreds of fake accounts and using them to destroy their relationships and reputations.
These experiences, starting from a young age, may discourage women from pursuing careers in IT and cybersecurity. The fact that there are forms of cybercrime that are exclusively targeting women is the very reason that female voices are such a crucial reason for them to be a part of creating effective cyber strategies.
Diversity of perspective
It is essential that women are involved in the creation of cybersecurity strategies. While women don’t yet make up half of the cybersecurity industry, they do account for half of the population. As such, having women involved at every step of a cyber strategy is essential to ensure policies cater for women in the right way. Increased representation of women challenges ingrained biases and demonstrates that individuals of any gender can excel in cybersecurity, irrespective of societal expectations.
For example, Signal has recently made is possible for users to not share their number with contacts, but only a username – which can be changed at will. Yes, privacy and free speech are crucial. But this will make Signal more attractive for criminals, including those looking to commit violence against women. It will make it harder for law enforcement to prosecute. Consequences like these are foreseeable, and with more women working in cybersecurity across software companies, law enforcement, and government, we can reduce these harms.
Taking positive action
Current discussions about preventing online abuse and exploitation of women are encouraging, but they must be accompanied by positive action to ensure everyone is equally protected. This comes from education in our formative years, all the way through to our professional careers.
The development of technology must be scrutinised to prevent abuse, and companies must be better at limiting harm that comes from those who abuse it.
An understanding our adversaries, lateral thinking, and the ethics of AI are knowledge that can trained in cybersecurity and made more impactful by soft skills such as communication and teamwork. The technologies we use in the industry change constantly, and encyclopaedic knowledge of these should not be a barrier.
Schools, universities, and technology companies should think about how emerging technologies, like AI, can lower barriers to a career in cybersecurity. According to the World Economic Forum, 65% of children entering school today will go on to hold jobs that do not yet exist. Leveraging emerging technologies like AI can democratize access to cybersecurity careers, reducing the emphasis on traditional hard skills like coding.
In my experience, no one should feel intimidated by the cybersecurity industry. Organizations like Nominet are committed to fostering a safe and inclusive digital environment, offering ample opportunities for women to contribute their skills and expertise. By promoting diversity and representation across the tech sector, especially in cybersecurity, we can collectively fortify our defenses and pave the way for a safer digital future.