From 2023, women will make up only 20% to 25% of the cybersecurity workforce, according to training body ISC2. New research from Deloitte explores the reasons behind this gender gap, despite the high demand for skilled professionals in the industry.
Half of young female workers interested in cybersecurity feel they lack sufficient knowledge in the field to pursue a career in it. Additionally, 55% of all women surveyed believe the industry could be intimidating and 47% worry about not being taken seriously.
The results, published in “POV Reimagined: Women in Cybersecurity” in October, are based on a survey of 8,000 non-cyber professionals around the world conducted by Deloitte Global and media company The Female Quotient. They also conducted interviews with female security leaders globally and group discussions with adults inside and outside the industry.
Emily Mossburg, global cyber leader at Deloitte, said: “The cybersecurity industry is experiencing explosive growth but faces a critical talent shortage. “It’s time to challenge stereotypes and show women that cybersecurity not only offers the job security and growth opportunities they seek, but also a chance to make a real difference in the world.”
Concerns about knowledge, inclusion and remuneration deter women from security roles
According to ISC2, 90% of organizations face cybersecurity skills shortages. The global shortfall is forecast to reach more than 85 million skilled professionals by 2030. In the UK, 35% of businesses are struggling to permanently fill cyber roles, while 75% agree there is a gap. urgent skills.
Despite the opportunities available, young female workers still feel discouraged from entering the industry, which respondents attribute to three key limitations:
- A perceived need for cybersecurity expertise and deep technology expertise.
- A major concern is that the inclusive culture they crave does not exist within the industry.
- The need for fair and transparent compensation.
The second point is underscored by 51% of women surveyed indicating that they do not believe there is a place for someone like them in cybersecurity, and the same percentage feel that they would not fit in or be able to express their authentic self in the industry. .
A 2023 study found that 83% of female security professionals have experienced exclusion at least once, in areas such as professional growth, respect, recognition, access and workplace policies.
SEE: Few women hold leadership positions in cybersecurity
Compensation is also a valid concern. Cybersecurity salaries are slightly higher for men than women, averaging $148,035 for men and $141,066 for women in the US, or $115,003 for men and $109,609 for women worldwide, according to ISC2. However, ISC2 researchers say the industry appears to have more pay parity than the broader U.S. labor market.
These three main concerns do not seem to affect men. While only 23% of working women have considered cybersecurity as a career, the percentage is 35% for men.
But despite the obstacles, women are aware of the benefits of joining the cyber industry. The Deloitte survey found that 48% of working women believe there is great potential for growth in cyber and 44% say the industry could offer them a prosperous career.
These opinions are not unfounded, as 57% of women already working in the cyber sector say they have job security, 53% said they had opportunities to learn on the job, and 52% have a strong sense of purpose.
Reduce the gender gap in cybersecurity
The authors of the Deloitte report say that to dispel the myth that a career in cybersecurity requires extensive technical experience, the industry needs an image overhaul.
“To make cybersecurity seem less technical and niche, we can better frame cybersecurity as an essential element of digital transformation, which is broader and more mainstream,” they wrote. “This will help more women perceive cybersecurity as familiar and accessible, making it easier to imagine themselves thriving in this field.”
Additionally, active steps can be taken to alleviate concerns about inclusion and pay transparency, which 30% of respondents said need to focus on. These steps include:
- Attract and hire more diverse staff. For example, don't overemphasize technical skills in job descriptions when they are not important.
- Offering more and better jobs. These could include internships and retraining opportunities for career changers.
- Establish equal pay. Eliminate pay and promotion gaps, as well as offering family-friendly benefits such as flexible working.
- Place women in more leadership positions. Mentorship initiatives provide a good opportunity to elevate women in cyber and create pathways into the industry.
- Increase knowledge of the reality of the industry. For example, promoting technical and non-technical roles, work-life balance, and women's achievements in cyber.
- Create training opportunities and community building initiatives. These could include forums and networking events.
Amber Pearson, Deputy CISO and Executive Director of Information Security Policy and Strategy at the US Department of Veterans Affairs, said: “Overall, increasing the presence of women in cybersecurity can strengthen the industry, making it more innovative, resilient and capable of addressing the complex challenges of the digital age.”
