Around the world, people are gearing up to celebrate International Women’s Day on 8 March. But I have to ask the difficult question/s. Is it really something worth celebrating in cybersecurity? Have we really made enough progress that’s worthy of a celebration? Let’s be honest. Many believe the answer is no, and that we should be striking or boycotting the day instead. Here’s why.
#1. Women still remain significantly underrepresented
According to (ISC)² Global Information Security Workforce Study (2021), women made up just 24% of the global security workforce in 2019 and in 2021. In other reports, for example Cybersecurity Ventures, women consistuted 20% in 2019 and 25% in 2021, and the UK’s Department of Culture and Media Studies (DCMS), found that the proportion of women in the workforce has increased from 16% in 2021 to 22% in 2022. However, in the Middle East and Africa it’s much lower with women contributing to 5% and 9% of the cybersecurity workforce respectively.
These statistics raise questions about why the numbers are still so low, and why they’re not changing at a faster rate especially since diversity initiatives have supposedly been being implemented for some time now. It’s clear that there’s still an unconscious bias or outright discrimination against women in cybersecurity roles, and the hiring process. Despite the fact that women have been proven to be just as talented, capable and resourceful as their male counterparts, women are often overlooked due to outdated stereotypes and preconceived notions of what a “cybersecurity professional” looks like.
Furthermore, the challenges that women face go beyond mere recruitment. There’s a need for organisations to provide proper mentorship, training and support mechanisms that can help women reach their full potential in cybersecurity. This is especially true when it comes to leadership roles, where there is still a woeful lack of female representation. Just consider Accenture’s Cybersecurity Forum Women’s Council report. This said women comprised only 17% of Fortune 500 CISOs positions in 2021, and that 57% of men were more likely to be asked to fill the CISO position in their current company compared to 40% of women. Furthermore, 76% of women said their search took 6-months or less, compared to 30% of men.
#2. Women are still being paid less than men for the same work
Despite the strides of the feminist movement in recent decades, the issue of unequal pay between genders still remains today, and in cybersecurity. Women still receive lower wages than their male counterparts for doing the same amount of work. They are mostly told they need to wait longer, work harder, or become more qualified. Globally, women in cybersecurity are earning less than three-quarters (72%) of their male counterparts.
In 2022, the bot, @PayGapApp, which has over 75,000 followers, replied to every corporate tweet that used the hashtag #IWD2022 with a quote tweet highlighting the salary disparity between men and women in the company. It was enlightening especially as many cybersecurity companies were featured. The same year, Microsoft Security also reported on the gender gap in cybersecurity and how to increase the numbers. Commissioning a survey they found that more than 54% of women believe the industry has a gender-bias problem that results in unequal pay and support.
Until we see tangible change within our industry, International Women’s Day will remain nothing more than an empty gesture. We need to continue to put pressure on organisations, HR, and leaders to ensure pay parity and that the cybersecurity industry moves away from its male dominated culture and towards a more diverse and inclusive one.
#3. Women are still being held back
Women in cybersecurity are still facing a lack of recognition and promotion opportunities. Leaders are not advocating or sponsoring the careers of women in cybersecurity and there are still few role models for women to look to. With 50% of women with a technical degree leaving the workplace mid-career – double the rate of their male colleagues in similar roles, women are still not moving into leadership positions at the same rate as men.
It’s discouraging to see that despite increased education levels, beneficial legislation, and a number of initiatives taken by organisations to help bring women into the upper ranks of management and leadership, they are still being underutilised in these positions. Women possess a variety of qualities essential for effective leadership such as communication skills, problem solving abilities, creativity and resilience; all which need to be maximised in order to break down systemic barriers faced by female professionals. It’s incumbent upon today’s employers to ensure that women are given equity when it comes to leadership roles if we wish for them to truly rise up through the ranks.
#4. Women are still experiencing sexual harassment
Unfortunately, despite the countless efforts and campaigns from organisations to put an end to it, sexual harassment is still rampant in the cyber industry with 1 in 4 women experiencing it at a cybersecurity conference. Toxic masculinity remains a substantial challenge for women, whether they face unwanted attention, or inappropriate comments. This type of harassment not only puts women in uncomfortable situations, but it also inhibits them from advancing and accessing key opportunities that are critical for their professional development. It deprives women access to exciting roles and denies them their right to feel safe while attending cybersecurity conferences or being part of related work environments where they can reach their full potential. Recognising the severity of this issue, companies must stop looking the other way and instead take action to ensure the safety and wellbeing of their female employees. As human beings, we must all to come together and create a more diverse industry that is free from any form of discrimination or prejudice. Without shame, and without blame.
#5. Women are still not attending conferences or networking
Conferences and networking events are an invaluable source of education, mentorship, and career opportunities for professionals. However, due to the male-dominated nature of the industry, many women find it difficult to break through these barriers and take full advantage of such events. This disconnect not only negatively impacts individual growth but also hinders wider efforts towards diversity and inclusion. We need to ensure that women have access to these platforms, equipping them with the resources and network of contacts necessary for a successful career in cybersecurity. This can only be achieved if we collectively make an effort to build more welcoming environments and foster meaningful relationships between industry professionals. Additionally, when company leaders encourage their female employees to attend as part of their professional development.
#6. Women are still not being given an opportunity to speak at conferences
Women in cybersecurity are a crucial, but largely underrepresented, part of the industry that continue to be denied opportunities for expansion and development. This lack of visibility is perpetuated by conferences not giving women adequate representation in participating panels or speakers. There is an evident need to bridge this gender gap to provide insight from experienced female practitioners who have valuable perspectives and insights on the field.
Women want to speak at conferences. When the IN Security Movement surveyed 2,157 women from around the world, they discovered that 81% wanted to speak at a conference. If conferences were to diversify their line-ups, it could lead to greater opportunities for women in cybersecurity, elevating their voices and proactive roles within the sector. Moreover, it would make for a better conference experience for attendees as seeing both male and female representatives provide a holistic look at the current threat landscape.
#7. Women are still being subjected to the Goldilocks principle
As the cyber sphere continues to expand, there is an urgent need to fill the burgeoning fields of cybersecurity. Women have been identified as a key demographic to draw on as they have often displayed aptitude in coding and computer science. However, they continue to experience the “Goldilocks principle” when it comes to taking up positions in this field; meaning that some are told they are not qualified enough while others face criticism for being overqualified for a position. Thus, women are put in a harsh predicament and unfortunately, it appears that no amount of effort on their part can make them ‘just right’. If this unbalanced landscape persists, we should both expect less female recruitment in cybersecurity and fewer collaborative efforts with men and businesses seeking results from those skilled in this field. Quite simply, we must strive towards progress that elevates women and provide the same opportunities across genders.
#8. Women are still leaving the field at higher rates than men
50% of women leave the tech industry before they’re 35-years old and although no reports can be found on the precise numbers of women leaving cybersecurity, CEO Clar Rosso told The Register in 2022 that “women leave the cyber profession at higher rates than men.”
#9. Women are still having to work harder than men
Many women are still being told (or feel like) they must work twice as hard as their male counterparts to do well. This double standard occurs in many industries but is especially pronounced in cybersecurity where men still hold most of the top positions and decision-making roles. Women in the field have spoken out about the challenges they face and how these challenges often lead to burnout. Companies need to do more to support women by creating an equal playing field, where everyone is given the same opportunities for growth and success regardless of gender.
#10. Women are still being asked to do more +1 roles
Even when women in the industry have been able to secure roles or promotions, most report being given additional and often unpaid roles to their main job. For example, office housework, mentoring junior colleagues, setting up women’s / diversity events, typically outside of normal working hours. This is an undue burden on female employees who should be given the same resources and respect as any other worker. Although some are pushing back (quiet quitting) many are feeling the pressure to accept them without complaint as they are deemed to be beneficial career investments and considering the current layoffs. Companies need to be more aware of the diverse and often additional duties that women may have to undertake if they are to retain them as part of their workforce.
#11. Women are still being blamed for cybersecurity’s lack of gender diversity
Women are not the sole responsibility-bearers for the lack of gender diversity in cybersecurity. In fact, many organisations have failed to do enough to develop and promote female talent within their ranks. There is an unvented bias against women that stems from deep-rooted societal norms which creates a false perception that they lack the aptitude or just simply don’t belong in the industry. This is further propagated by the tech world’s stereotypes and gender-based language which often paints women as a minority within the sector. Thus, organisations should actively work to create gender-neutral cultures, shift mindsets towards viewing female talent as an asset and equip them with the tools to grow and excel in their roles. Only then will we be able to break the glass ceiling that has kept women from achieving their true potential within the world of cybersecurity.
#12. Women are still suffering from neoliberal feminism
Neoliberal (often referred to as corporate feminism) feminism demands women alter their behaviour and mindsets and play by the existing workplace rules, so they fit in better. Examples of this are rife in cyber from media releases, corporate publications, to keynotes, panels, and conversations. They include asking women to become more like men, to speak up more, to be more assertive, self-confident, or to take more risks. Alternatively, to laud ‘exceptional women’ who have somehow managed to have it all – a family, partner and well-paid fulfilling job and find work-life balance or to know their worth (different to market rate) and negotiate. Neoliberal feminism makes women wrong, promotes quietism and presenteeism.
#13. Women are still feeling alone and isolated
Whether you’re at the start of your career or at the top, feeling alone and isolated can be daunting. This is especially true for women in cybersecurity who are often the only woman in the room or one of the few women within their team. Despite the huge amount of support available through online forums, networks, training, and events many women still feel disconnected from their peers and isolated from decision-making forums. Additionally, the lack of resources for women in cybersecurity can lead to feelings of inadequacy or anxiety as they don’t have access to the same materials or opportunities that their male colleagues do.
Organisations should make a concerted effort to create an inclusive environment where women in cybersecurity feel safe to share their ideas and experiences with their peers and colleagues. This could include investing in initiatives to foster relationships and mentoring programs, providing tailored career development opportunities, and creating a safe space for individuals to connect with others regardless of gender.
#14. Women are still not being researched
You cannot affect the low numbers of women in cybersecurity through an annual day (IWD) or month (Women’s History Month) of celebration, a workshop on inclusion, a woman speaker, a female network, or even rules. This format cannot change organisational systems. Huge data gaps exist and without adequate reporting and investment in data collection, the gender gap for women in cybersecurity will continue to widen. Despite reports of increasing numbers of women entering this field, little has been done to measure the root cause of the problem, the impact any initiatives are making, or to document women’s experiences.
This lack of information makes it difficult for organisations and governments to develop policies and strategies that enable gender parity in the sector. Thus, more research needs to be commissioned on a regular basis to get a better understanding of the challenges and needs of women in cybersecurity.
Additionally, existing data should be made available to organisations so that they can make informed decisions about their hiring and retention processes. By doing this, organisations will have access to the information necessary to address the gender gap in cybersecurity and ensure that female talent is given an equal opportunity to develop and thrive.
#15. Women are still being let down by virtue signalling companies
Although some companies are loudly proclaiming that they are working to increase diversity and create an equitable workplace, many are simply ‘virtue signalling’ which does little to improve the situation for women in cybersecurity. Too often organisations launch initiatives without considering the needs of their female employees or fail to follow up on commitments with meaningful actions. Companies should move away from tokenism and towards meaningful change.
This could include actively recruiting female talent, investing in training for their existing female staff, offering flexible working arrangements that are suitable for women and promoting a culture of respect and inclusion. Additionally, organisations should ensure that their policies promote gender equality rather than exacerbating inequalities by providing benefits or accommodations that do not benefit all genders equally. Only by taking tangible steps towards creating a more diverse and equitable workplace can we ensure that women in cybersecurity are given the opportunity to thrive.
#16. Women are still not reaching parity on industry boards
Women are often underrepresented on industry boards even though they exist and bring a wealth of experience and perspective. Gender diversity on cybersecurity boards helps to ensure that all angles of an issue can be explored, as well as ensuring that the decision-making body is more representative of the people it serves. Having equal representation also allows for a wider range of ideas and solutions to be shared, enabling businesses to make more informed decisions. Additionally, research has demonstrated that organisations with more diverse leadership are more successful; therefore, having women equally represented on boards and councils can lead to tangible positive impacts on the business.
I looked at The Cyber Security Alliance, a consortium of cybersecurity organisations that represent a substantial part of the cybersecurity community, especially in the UK. Here’s what it looks like and who’s doing the best and worst.
Here’s the table as a leaderboard, from worst to best
International Women’s Day provides a powerful platform to challenge gender bias within the cybersecurity sector and bring more women into the field. However, this should not be merely an opportunity for people to virtue signal in support of greater diversity but instead an opportunity to take real action that is sustainable. There have been many initiatives launched recently for women to reskill, be mentored or to learn about career pathways. These provide clear ways individuals and businesses can put their commitment into practice. To see tangible results in the outlook of diverse representation within cybersecurity, it’s time to go beyond symbolic gestures and commit to creating long-lasting change with meaningful initiatives and vigilance.
Until these issues are addressed and we start seeing tangible progress, it’s difficult to say that International Women’s Day is worth celebrating in cybersecurity. We need to continue pushing for better gender diversity in the industry and ensure women have an equal opportunity to succeed. That way, we can ensure that International Women’s Day is truly something to celebrate.
This year let’s make International Women’s Day a call to action to bring more women into the world of cybersecurity and ensure they have the opportunity to thrive. Together, we can help create an industry where everyone is welcome and can reach their full potential regardless of gender. And that’s something worth celebrating!
Now I want to do this
If you’re a leader and want to increase the number of women in your company, take my Women in Cybersecurity Assessment. Or book a discovery call with me.