For nearly a decade, we’ve heard the same discussion in cybersecurity circles about the gender diversity problem. As the first women owned penetration testing provider in the UK some 28-years ago, I’ve researched, campaigned, written, spoken and stepped up as a visible role model, always presenting the business case. I’ve also watched how panels, passion projects, and awareness campaigns touting the need for inclusivity and diversity have come and gone – including my own.
Yet here we are, in 2025, and the percentage of women in cybersecurity remains stagnant—or worse, is backtracking. Women today make up just 20-25% of the global cybersecurity workforce, with the UK seeing a drop from 22% to a shocking 17% in a single year. And here’s the kicker—only 12% (deemed seniors with more than 6-years of experience) are women.
Meanwhile, cybersecurity job vacancies are skyrocketing. According to the World Economic Forum, globally, we’re facing a shortfall of nearly 4 million workers. In the UK alone, cybersecurity has become the fastest growing tech occupation, experiencing a 128% rise in roles within the last three years. The demand has never been higher, yet the industry still struggles to bring women into the fold and to keep them there. It’s utter madness.
If you’re a woman in cybersecurity, none of this will feel like news. If you’re not, and are wondering why this matters, buckle up. In this blog I’m once again looking at why we’re stuck, the systemic cracks in our approach to diversity, and what it will take to build a thriving and inclusive cybersecurity future.
The Diversity Backslide—Why DEI Isn’t Enough
The conversation around Diversity, Equity, and Inclusion (DEI) is no longer enough. It’s now stale and is becoming increasingly polarised. Sadly, many businesses have placed DEI initiatives on the chopping block due to political agendas, cultural divisions, and a seeming lack of progress. Big names like Meta, Google, and Amazon have taken major steps back, slashing budgets and programs that—truthfully—were already underfunded.
Last year, the UK’s Tech Talent Charter shut down, alongside huge US-based groups like Girls in Tech, and Girls Who Code. The Ada Lovelace Foundation faced funding threats, too, and concerns were raised about the sustainability of funding for the CyberSafe Foundation.
For women in cybersecurity, particularly in environments riddled with systemic inequality, news such as this is devastating. Without meaningful investment in creating inclusive workspaces, the voices of women and other marginalised groups are sidelined. Simply put, DEI initiatives cannot rely on grassroots efforts and passion projects run by overworked volunteers. They need robust funding and leadership-level prioritisation.
And yet, while organisations cut DEI funding, the right-wing populist wave brings heightened risks, like the frightening rise of antisemitism, extremism, and violence against women. For women in cybersecurity—one of the most male-dominated industries—it’s harder than ever to move forward when societal changes push them two steps back.
Where We’ve Gone Wrong
Cybersecurity’s focus on gender diversity has primarily revolved around awareness campaigns and narrow initiatives, especially those targeting schools. While well-meaning, most of these efforts haven’t culminated in systemic change.
- The Leadership Problem: Diversity isn’t prioritised at the top. Most decision-makers focus solely on mitigating relentless cyber risks, seeing gender inclusion as secondary or irrelevant to “urgent” challenges. Yet the lack of diverse talent hurts innovation, creativity, and the ability to respond to threats effectively.
- Exhausted Women, Detached Men: Women running these initiatives are running on empty. Men, on the other hand, often feel detached, unaware of how to actively contribute or even resentful of being excluded from these conversations.
- Superficial Metrics: Too many organizations rely on vague goals like “improving awareness” without actionable metrics. Awareness only gets you so far—companies need to dig into retention, promotion data, and pay equity metrics to truly uncover (and fix) systemic issues.
- The Hidden Hostility: Sexism and misogyny in cybersecurity haven’t disappeared; they’ve simply become more insidious. As one woman in the industry put it,
“Sexism and misogyny are alive and kicking, and in my view, haven’t improved in the 17 years I’ve worked in security—it’s just more hidden, making it more vindictive and spiteful. The boys’ club is alive and well. A lot of men really do not want a woman managing or leading them. They feel undermined or belittled when we are more organised, drive harder, or are just better at our jobs than them.”
This hostility persists despite the presence of strong male allies who champion inclusion. The problem is that the bitter resistance from those who don’t want women in leadership remains unchecked, making day-to-day work—especially in high-pressure environments—draining and demoralising.
It’s clear the current approach isn’t working, and it’s long past time to admit it. I spoke about this on a podcast with Aleksandra Melnikova from SquareX.
Building Momentum—Action That Drives Real Change
Cybersecurity professionals thrive on actionable, measurable results. So why should inclusion be any different? Here’s where we need to shift gears.
1. Prioritise Data-Driven Inclusion
Organisations must understand where the problem is. By tracking meaningful metrics like applications, retention rates, and promotions you can uncover hidden biases in the system. So ask yourself, is your company promoting women as often as men? Are women staying in the organisation after five years, or are they dropping out?
When I worked as a Managing Director at Accenture, building their Applied Cybersecurity Services in the UK, and as a strategic lead for gender diversity in cyber globally, I not only spoke to women but I looked at the data. You see, data shines a light on what’s actually wrong, allowing leadership to address root causes rather than surface-level symptoms.
2. Redefine Inclusion Beyond Gender
Focusing narrowly on gender diversity can unintentionally hinder broader progress. Inclusion must account for race, disability, sexual orientation, and other axes of identity. Real progress comes from dismantling barriers that affect all employees, not just one demographic. A broader view fosters an inclusive culture where everyone feels valued.
3. Engage Men as Allies
Men still dominate leadership roles in cybersecurity, so getting them involved is critical to progress. Instead of framing diversity solely as a women’s issue, present it as a shared opportunity to innovate and thrive. Ask male colleagues to sponsor women’s careers, advocate for pay equity, and rethink male-dominated hiring practices. Read my 35 Actions You Can Take to Support Inclusion Beyond IWD.
4. Leadership Accountability
Without accountability, change remains aspirational. Leadership across the board must commit to measurable goals and regular audits to weave inclusion into the fabric of their organisations. Diversity and inclusion initiatives need to move from optional to expected.
5. Invest in Structural Change
Superficial fixes like one-off panels and occasional mentorship programs don’t solve the deeper problems that plague the industry. Real solutions require overhauling workplace systems—from bias-free recruiting pipelines to inclusive promotion practices and flexible work policies. Diversity shouldn’t depend on isolated programs; it must be intrinsic to organisational operations.
We Need a Fresh Perspective—And Everyone’s Participation
It’s time to move beyond isolated conversations on gender diversity to holistic inclusion strategies rooted in equity for all. That’s why I redefined my own initiative—The Source (including this newsletter) from being women-focused to encompassing all human beings. Inclusion doesn’t have to be divisive. Everyone benefits from better workplace equity—yes, even the groups who hold dominant positions of power in the industry!
The Irony of Inclusion Fatigue
Many women, especially those leading grassroots initiatives, are fatigued. When efforts feel repetitive or produce lackluster results, discouragement grows. At the same time, diversity campaigns misstep by isolating certain demographics, alienating other parts of the workforce. Fatigue quickly turns into resistance, compounding the stagnation.
A unified, intersectional approach can help here. Inclusion doesn’t have to favour one group over another. It’s about creating a workspace where everyone thrives.
Cybersecurity Can’t Wait for Change
With AI, the demand for skilled cybersecurity professionals is only going to rise. And yet, the talent pool continues to exclude diverse perspectives—a self-inflicted wound that the industry can no longer afford.
We don’t have a talent problem. We have a systemic problem. Fixing it will take willpower, structural change, allies, and committed leadership. It will take fresh conversations that finally move beyond awareness and focus instead on results.
The longer we wait, the more we miss out on the brilliance, ingenuity, and insight that women—and other marginalised groups—can bring to the table.
This blog isn’t just a call to action; it’s a plea for reinvention. It’s something I discussed with Steve Prentice and Kate Barecchia on the Security Sessions Thales podcast last week.
To End
Eight years ago, in my book IN Security, I set out to solve the problem of the low numbers of women in cybersecurity. I highlighted many of these issues and outlined actionable steps that remain just as relevant today. The insights and guidance within its pages offer a valuable roadmap for addressing these systemic challenges and finding solutions that inspire real progress. I encourage you to read it—it’s still a resource designed to spark ideas and fuel change for organisations and individuals alike.
Ultimately, the future of cybersecurity depends on the diverse perspectives, skills, and insights that only a truly inclusive workforce can provide. Every one of us has a role to play in making this a reality. Whether you’re a leader reviewing policies, a manager fostering a supportive team environment, or an advocate raising awareness, take a moment today to reflect.
Now I Want to Hear from you!
Join me on LinkedIn or message me privately and tell me, what steps can you take—whether big or small—to challenge systemic barriers and foster a more inclusive, equitable environment in your workplace or community, so we affect the change in terms of gender diversity we need to see?
