Gender diversity in the cyber security profession is improving, according to an ISC2 report on women in cyber security, which collated responses from 2,400 women who took part in its recent Workforce Study, but there are still significant challenges to overcome if true parity is to be achieved.
ISC2 found evidence of several encouraging trends – women now make up a higher percentage of new entrants to the profession than ever before, and are increasingly finding themselves in leadership roles. But challenges around discrimination and equal pay are proving a tougher nut to crack.
The average representation of women on security teams now stands at 23%, and with current trends is expected to hit 35% sometime in the next seven years. The current figure rises to 26% among the under-30s but drops off rapidly after the age of 45, when the proportion falls to 13%.
The research also shows that women in cyber are ambitious and keen to progress in their field. They tend to be significantly better educated than men, holding masters and doctorate-level qualifications at significantly higher rates, and cyber certifications such as those offered by ISC2 among others at similar rates. More women than men said they planned to further their technical cyber education, too.
And this is breeding further success. Another positive trend observed in the data is that within their organisations, women in cyber hold executive titles at a similar rate to men, and at a higher rate in managerial level roles, which translates as higher rates of women being involved with hiring decisions.
“It’s great to see incremental progress of younger women entering cyber security, however, it’s not enough and more needs to be done. We must continue to build a culture for all women that creates a sense of belonging that results in the retention of women in cyber security careers,” said ISC2 CEO Clar Rosso.
We must continue to build a culture for all women that creates a sense of belonging that results in the retention of women in cyber security careers Clar Rosso, ISC2
“Research reveals that the most engaged women in cyber security work at organisations that invest time and resources into diversity, equity and inclusion (DEI) initiatives, such as offering competitive pay, hosting mentorship programmes and establishing an inclusive culture that fosters professional development opportunities.”
To this point, the research also showed that a higher proportion of women acknowledged the importance of diversity within security teams than men – 73% to 63%, respectively – and 78% of women felt an inclusive environment was essential for success.
In general, the study showed that women tend to work at organisations that are actively doing more to attract diverse candidates,§ and these organisations also tend to experience fewer cyber staffing shortages.
Challenges still to be overcome
Job satisfaction among women in cyber runs high. Women like the work they do and they like it more than men, at a rate of 76% to 70%, although both these figures have fallen year on year. However, although satisfied, they tend to feel less passionate about the work.
In common with most other fields, women in cyber security are still unfairly compensated for their work in comparison with men. The average global salary of women participants in the study was $109,609 (£87,875), compared with $115,003 (£92,119) for the men who participated – a difference of several thousand pounds. The pay disparity also increases among people of colour, although the survey data on this point relates only to the US.
And age-old problems of not feeling competent or experiencing imposter syndrome continue to surface, as do concerns around discrimination.
More than a third of women in security feel they can’t be authentic at work, compared with 29% of men. The ISC2 study identified a significant racial component to these feelings, with women from BAME backgrounds saying they found it harder to be their true selves at work than men did. This issue is most widespread among South Asian, black and Hispanic/Latinx women.
In terms of discrimination, 29% of women overall felt discriminated against in the workplace, rising to 53% among black women in Canada, Ireland and the UK. In the US, this was less of an issue.
ISC2 said these are not trivial issues and may go some way to explaining why the cyber security sector finds it so hard to retain women. Other studies have found that women experiencing microaggressions in the workplace are less likely to feel psychologically safe and thus find it harder to advance in their careers because they are held back from taking risks, proposing new ways of doing things, or raising concerns or grievances.
According to another report, by McKinsey, this causes stress that cuts deep. Women experiencing microaggressions and self-shielding to deflect them are three times more likely to think about quitting and four times more likely to experience significant burnout.
Takeaways for leaders
ISC2 set out a number of ways to help further address some of the disparities. These include:
Pay more regard to early years education and science, technology, engineering and maths (STEM) topics for girls at school.
Set specific hiring, recruitment and advancement metrics to grow a workforce that better reflects societal diversity.
Make pay equity a priority – there is no excuse for not doing this.
Support women in defining their career goals and giving them better access to leadership development pathways.
Focus on the I in DEI. Organisations tend to understand what diversity and equity mean on some level, but centring inclusion will help address feelings of inadequacy and inauthenticity.