The cybersecurity industry is plagued by widespread gender inequality, according to a new diversity survey. Every key market on the globe suffers from a lack of women in the workforce, severe wage gaps and a dearth of female executives.
The Women in Cybersecurity Report, from (ISC)2 and the Executive Women’s Forum on Information Security, Risk Management & Privacy (EWF), found that women comprise only 11% of the global information security workforce. And globally, men are four times more likely to hold C-level roles and nine times more likely to hold manager-level positions than women.
The wage gap meanwhile is real: On average, women in the information security industry earn a lower annual salary than their male counterparts at every level. Sadly, 51% of women in the cybersecurity industry in North America, Latin America and the UK say they have experienced some form of discrimination, compared to only 15% of men.
All of this is fueling a skills gap, with a global shortage of 1.8 million workers expected by 2022.
This reality exists despite the fact that women have higher levels of education than men. A full 51% hold a master’s degree or higher, compared to 45% of men. Women working in cybersecurity also have a more varied educational background than men, contributing to the diverse set of skills they can potentially bring to the industry.
In terms of regional differences, women comprise 14% of the cybersecurity workforce in North America, the highest regional concentration in the world—this compares to just 7% in Europe and 8% in Asia. However, a higher percentage of women work in that region: Females in the United States comprise fully half (48%) of the workforce overall, in line with the population; i.e., most women of working age hold jobs. An examination of other regions of the world shows that female participation in the workforce is much smaller, "which leads one to wonder if cultural issues, discrimination, access to education, or a combination thereof are contributing factors," the report noted.
Also, although North America employs the most women in cybersecurity as a proportion of the workforce, the prevalence of women in senior executive roles remains extremely low at 4% compared to men at 25%.
The UK meanwhile has one of the lowest proportions of women in cybersecurity in the world, with women comprising just 8% of the workforce. This is fueling a dramatic cyber-skills shortage affecting 66% of UK companies.
UK women in cybersecurity also earn 15.5% less than men (a difference of approximately £11,000). However, in tune with the global trend, female professionals are more educated than their male counterparts in that country, with 50% of women in cybersecurity holding postgraduate degrees compared to just 37% of men.
One bright note: despite the low proportion of women in the workforce in the UK, there are signs that those in the industry are outpacing men in progressing up the career ladder. A full 64% of women are in managerial positions in the UK, compared to 57% of men.
In Europe overall, women form just 7% of European cybersecurity workforce, while the region shows highest gender pay gap in the world. Women earn approximately 15% less than men in the region (a difference of approximately £9,100).
This pay gap exists despite a greater proportion of women respondents holding managerial positions, with 51% of women in Europe holding managerial positions compared to 47% of men. Women are also more educated, with 63% holding postgraduate degrees, compared to 52% of men.
“These results highlight that the infosec profession is missing out on the talents and skills of 50% of the (working) population: women,” said Adrian Davis, European MD at (ISC)2. “The issues of the pay gap, overt discrimination and focus on ‘techie’ skills and qualifications make our profession highly unattractive to women. Yet, if we are to succeed and thrive as a profession in an age where our skills and knowledge are in high demand, we must address these issues urgently and constructively: doing so will future-proof our profession and enhance our skills and reputation.”
The research found the gender disparity is partly caused by women being ‘screened out’ by employers’ hiring checklists. A full 43% of companies in Europe and 35% of those in the UK say they prioritize candidates with a cybersecurity or related degree. Most (93%) of European and UK employers also prioritize job candidates with ‘previous experience’, yet women predominate among the most inexperienced candidates.
Also, about 23% of European women are under 35 compared to 17% of men, and in the UK, nearly twice as many female professionals are under 35 as men.
“At school I had no context about what my interest in maths and science could lead to and ended up working in cybersecurity by chance,” said Holly Rostill, ethical hacker at PwC. “We can’t take this risk with future generations, and need to show more young people the range of exciting jobs in technology and how they can apply their skills and education in a real-life environment. Recent research from PwC shows that young girls are being put off tech careers as they don’t know what they involve and they don’t think they’re creative enough. There is a huge education gap that we as an industry can help to fill by providing young people with access to as many role models working in cyber security as possible.”
Recommendations for rectifying this sorry state of affairs include creation of inclusive workplaces, increasing job satisfaction and ending pay inequity. Women who have higher levels of access to sponsorship and leadership programs report feeling valued in their role and are more likely to be successful.