Break the Bias and Create a More Diverse and Inclusive Cybersecurity Workforce: This year, on International Women’s Day, governments, organizations, and individuals worldwide are being asked to help envision and create a gender-equal world. A world free of bias, stereotypes, and discrimination. A world that is diverse, equitable, and inclusive. A world where difference is valued and celebrated. That is this year’s theme: #BreakTheBias.
One of the industries struggling with significant bias and gender stereotypes is cybersecurity. This field plays an increasingly crucial role in our digital world and, as a result, offers many fulfilling career paths and opportunities. However, there are still significant barriers and misperceptions driving the belief that a career in cybersecurity is not for women.
Women are underrepresented in cybersecurity
While women have been disproportionately impacted by pandemic-driven unemployment (for example, one in four women reported job loss due to a lack of childcare—twice the rate of men), the technology sector was less affected. This was mainly due to their being better prepared to pivot to remote work and flexible work models. As a result, according to a report by Deloitte Global, large global technology firms still managed to achieve “nearly 33% overall female representation in their workforces in 2022, up slightly more than two percentage points from 2019.”
While such progress is good, the technology sector still has a long way to go compared to other industries. Outside of the high-tech sector, women account for 47.7% of the global workforce. And they also make up 50.2% of the college-educated workforce.
And the gender gap is even wider within the cybersecurity industry where, according to the (ISC)² Cybersecurity Workforce Study, women only make up 25% of the global cybersecurity workforce. This gap is certainly not because there aren’t any jobs. According to that same study, the cybersecurity industry urgently needs 2.72 million more professionals. And while 700,000 cybersecurity professionals entered the workforce in the past year, the global workforce gap was only reduced by 400,000, indicating that global demand continues to outpace supply. Women are just generally not applying for or being recruited to fill these positions.
This lack of gender equity has also directly contributed to the low percentage of women who hold cybersecurity leadership roles. In 2021, for example, only 17% of Fortune 500 CISO positions were held by women, with only one female CISO in the top ten US companies.
Stereotypes and misconceptions persist
There are three main reasons why women continue to be underrepresented in the cybersecurity industry:
Problem #1: Cybersecurity is seen as a man’s career
Many women don’t consider cybersecurity a career path because it’s primarily seen as a male profession. This image is reinforced by popular media, such as Eliot Alderson in the Mr. Robot TV series, where cyber activities are performed by young geeks in hoodies working late at night in a dark room lit only by their computer screen. While it may make for compelling TV, this stereotype is inaccurate and off-putting for many women, inadvertently contributing to gender disparity in the workforce.
While cybersecurity certainly has its technical aspects, it is not just a technical industry. Like any growing industry, there are a wide variety of job opportunities that require human skills. These include analytical, communication, management, and interpersonal skills that are equally important to the organization’s success and positively impact the industry.
Problem #2: Young women are underrepresented in STEM programs
One reason why so few women apply for cybersecurity positions is they are less represented in STEM-based programs. But there is no reason why the technical aspects of a career in cybersecurity should be off-putting for women. The fact is, standardized math tests for fourth, eighth, and 12th graders show little gap in the scores between female and male students. But according to MIT WIM (Women in Mathematics), one of the drivers of the gender gap in technology fields is not ability but “stereotype threat.” This happens when an individual worries about confirming negative stereotypes, leading women to conform to gender expectations by performing worse on assessments and decreasing their interest and persistence in STEM fields.
Pervasive gender biases, few female role models, mistaken beliefs about technology being a male-oriented industry, and, sadly, teachers and parents who steer girls away from technology studies have combined to break the confidence of many young women otherwise suited to pursue a STEM-related degree. This is a global issue, with women generally earning less than 20% of all STEM degrees. According to Yale University, US women only earned 18.7% of computer science degrees. In the UK and across 35 European countries, fewer than 1 in 5 computer science graduates are women. And women hold only 18.5 percent of STEM positions in South and West Asia and 23.4 percent in East Asia and the Pacific. This bias starts early in their college careers. 49.2% of women intending to major in science and engineering switch to a non-STEM major during their first year.
Problem #3: Bias in cybersecurity hiring
We cannot cure the lack of women in STEM overnight. So, organizations need to think differently about the composition of their cybersecurity staff. Many hiring managers—and HR—view individuals with backgrounds in computer science, engineering, and other STEM fields as the most qualified cybersecurity candidates, often ignoring those with degrees in other areas. But if they want to build successful cybersecurity teams, they need to broaden the scope of backgrounds they consider when looking for new employees.
But the challenge goes beyond hiring. The reality is that women in cybersecurity roles also tend to be promoted more slowly than men—something known as the “first rung” problem. According to Fortinet CISO Renee Tarun, “Men are four times more likely to hold executive roles than their female counterparts, they’re nine times more likely to have managerial roles than women, and [on average] they’re paid 6% more than women.” In addition, women tend to leave the field at twice the rate of men, citing gender bias, discrimination, and harassment as their reasons for leaving.