Breaking down barriers

Breaking down barriers

It’s no secret that when it comes to gender bias and stereotypes, one of the industries that struggles the most is cybersecurity. Over the past decade efforts to break to bias and encourage more women into the sector have increased, but does it go far enough, asks Cora Lydon.

The reality is that while progress is being made it’s still painstakingly slow and there are still considerable barriers and misconceptions around women’s roles within cybersecurity and technology sectors.

According to The World Bank, women account for just 39.2 per cent of the global workforce in 2021b – with some regions faring far worse. The Middle East and north Africa have a figure of just 18.8 per cent of the workforce being made up of women.

In a recent report, Deloitte Global is predicting that large global technology firms will only manage to achieve “nearly 33 per cent overall female representation in their workforces up to 2022, up slightly more than two percentage points from 2019.”

When you drill down even further specifically into the cybersecurity sector the stats make for even grimmer reading. According to the (ISC)² Cybersecurity Workforce Study, women make up just a tiny proportion of the global workforce: just 25 per cent. The regional outlook fares even worse: according to one study reported by G20 insights, in 2017 in the Middle East women represented just five per cent of the cybersecurity workforce and while this figure is likely to have grown it remains likely that the region still lags behind the US and its European counterparts.

And it’s not because the jobs aren’t there either. The (ISC)² study highlighted the need for more cybersecurity professionals – stating that it urgently needs some 2.72million more to join the industry to meet demand. Further stats reveal how quickly demand is outpacing supply: last year 700,000 [professionals entered the cybersecurity workforce, yet the global workforce gap only saw a reduction of 400,000.

Despite these dismal workforce figures it seems that the Middle East has no problem in attracting women onto STEM courses. According to UNESCO, in Arab countries between 34%-57% of STEM graduates are women. In Saudi Arabia the majority of students on computer science courses are women – 59%. In comparison in the US this figure stood at just 14% and only slightly higher in the UK at 16%.

Money talks

To give the topic some perspective, according to Tessian’s Opportunity in Cybersecurity Report 2021, it’s estimated that if the number of women professionals in the sector equalled that of men, the economic footprint of the cybersecurity industry could increase by US$30.4bn in the US and £12.6bn in the UK. If women were to earn the same salary as men the figures are even more impressive: a US$43.1bn increase in the US and £17bn in the UK.

Equal pay is also the number one way to engage more women into the cybersecurity industry, with 47% of women agreeing in Tessian’s report. This was closely followed by more diverse role models (44%), a gender-balanced workforce (43%) and more apprenticeship programmes (41%).

However the 2021 report revealed a chink of light. In the 2020 report, 66 per cent of women agreed that there was a gender bias problem in cybersecurity. In the latest report (2021), this had fallen to 52 per cent. Progress should be celebrated, but let’s not forget that over half of the female cybersecurity workforce see an issue with gender bias.

Creating opportunities

While covid wreaked havoc it seems it could have actually helped advance the female workforce; if we can take any positive from the pandemic it should be this. Despite the fact that a global recession had hit, nearly half (49%) of women questioned by Tessian, revealed that Covid-19 had affected their career as a women in cybersecurity in a positive way. What isn’t understood is the reason for this – whether it was a genuine reduction in gender inequality practices, a boost from the increased investment in IT needed to circumvent Covid’s impact or even the flexibility they’ve been afforded by work from home practices.

While firms are working to move the needle, organisations will need to step up their efforts to engage a female-balanced workforce – and for a very good reason. Diverse teams perform better, are more innovative and are good for business all-round. But, for reasons that are not yet fully understood, women are either not applying for these roles, or are failing to be recruited.

It becomes something of a vicious cycle that is perpetuated by this lack of a diverse workforce. In 2021, just 17 per cent of Fortune 500 CISO positions were held by women – without these female examples of success and potential mentors it is hard to break down the stereotype that women don’t belong in the world of cybersecurity. And so it continues.

Getting to the heart of the issue

It’s vital for organisations to give careful consideration to how they merge their Diversity, Equity and Inclusion objectives into their digital innovation strategies. Because not only is a gender diverse team good for women it’s also good for business.

According to Barbara Maigret, Global Head of Sustainability & CSR at Fortinet, recruiting more women to the industry can shape our cybersecurity strategies for the better. She said: “The three critical elements of an effective cybersecurity strategy are people, products, and processes. But when we continue to recruit the same people—same gender, same educational background, same perspective—we are unlikely to develop strategies that allow us to get out ahead of our cyber adversaries. For example, it is not a stretch to say that the failure to rethink security strategies—starting with who makes up our cybersecurity teams—played a part in the nearly 1100 per cent increase in ransomware attacks organisations worldwide experienced last year.” (Fortinet The 2021 Ransomware Survey Report).

Given the rate at which organisations are transforming through digital innovation, and the efforts from cybercriminals to exploit those efforts there has never been a better time to break down cybersecurity stereotypes and embrace a workforce that actively welcomes women into its folds.



Register for Intersec, 17-19 January 2023 here