BLOG: How close are we to closing the gender diversity gap?

Cybersecurity has long been a male dominated industry with only 20 per cent of the industry’s workforce being made up of women. This statistic is both surprising and concerning, considering that research has found that women are both score better than men on key leadership capabilities and are more skilful and accurate as analysts. 

Despite cybersecurity’s growing importance and becoming a critical IT area, women continue to be underrepresented. Issues with female recruitment in the cybersecurity industry have been linked to a perception problem. Seen as a predominantly masculine profession due to the overwhelming majority of male employees, women are less likely to view tech or security as a viable career.  

This message is delivered to women from a young age, even influencing education choices that provide a clear path into tech, security and more specifically the building blocks for a successful career in cybersecurity. We see this in application numbers for STEM courses at Universities, a choice made at just 18 years of age, young women are the lowest proportion of STEM students. 

It is important to change these perceptions and to increase female participation in the industry in anyway we can. Creating what is termed gender-balanced teams or companies, is not just important because it creates a fair employment structure but it also improves a company’s chance at success and makes good business sense. 

Why is tackling the gender diversity gap important? 

The gender diversity gap is disparity between men and women employed in a particular industry or company. When looking at the overview of the diversity gap in business we look to companies in the FTSE 100 list. Since 2012, there has been an extremely low growth in female CEOs with only 5 out of 100 in the list. The most newly appointed being Alison Rose in 2019, for RBS, and before that Carolyn McCall in 2018 for ITV. 

Recent statistics provided by STEM women selected information from UCAS between 2017 and 2018 women only made up 35 per cent of STEM students. The STEM subject breakdown showed that Computer Science and Engineering and Technology subjects. 

The diversity gap is important to tackle due to its impact on business success and the fair representation of women. But the primary impact that gender diversity is so important as gender-balanced teams often succeed to a higher degree than male-dominated teams. The importance of cross-collaboration in gender-balanced teams can be seen in studies finding that brand awareness is 5 per cent higher, organic growth is 13 per cent higher and overall gross profit is 23 per cent higher. These figures show that what female employees bring to the table is important, especially when it comes to analysis and leadership skills. 

Overall, women score better in leadership skills than men. With women outscoring men in 17 out of 19 of the leadership capabilities, including: taking initiative, resilience, practicing self-development, building relationships, and inspiring and motivating others. While these skills may not highly technical, they are important within a workplace and team dynamic. Despite outperforming men in leadership skills women tend to be promoted less in business generally, but when it comes to cyber-security we are starting to see a shift. 

Although the number of women in cybersecurity is low, only reaching 20 per cent overall the success of the few women in cybersecurity is clear. Despite being outnumbered 3 to 1, women are overall outperforming men and achieving leadership roles in the industry at a staggering rate.  

Female cybersecurity professionals are more likely to reach leadership roles such as Chief Technology Officer than men, with the ratio 7 per cent to 2 per cent, respectively. The same can be said for IT director at 18 per cent women vs. 14 per cent men and C-level executives, with 28 per cent and 19 per cent, respectively. 

These numbers show that when women are given roles in cyber-security, they have a good chance of succeeding. Women are also younger in the industry and tend to be more educated, with 52 per cent of women holding postgraduate degrees compared with 44 per cent of men. It’s clear that the female candidates that are receiving job roles are certainly capable but there still remains too few of them. These figures of success and the level of skills and qualifications that they possess show clear indication that gender-balanced teams of almost equal men and women is only a positive change needed. 

What is being done to tackle the lack of gender diversity in cybersecurity? 

Driven by global connectivity, cybersecurity risk is increasing and therefore, so is the industry. The global cyber security market was estimated at 173 billion USD in 2020, and new estimates show that the industry could grow to 270 billion USD by 2026. 

With in-house cyber-security spending is estimated to grow by 7.2 per cent annually and global spending on external cybersecurity solutions and products is projected to increase 8.4 per cent annually, these increases mean that jobs requirements too will be increasing.  

There are many factors in tackling the gender diversity issues, but company recruitment processes play a huge role. The requirements for roles in cybersecurity both experience and education tend to be quite high, with 65 per cent of roles requiring a Bachelor’s degree and 24 per cent requesting a Graduate degree. For experience, 46 per cent of roles expect 3 to 5 years of experience, with 22 per cent and 17 per cent, requiring 6 to 8 years and 9 or more years’ experience, respectively. An important change needs to come from companies themselves, adjusting job requirements to encourage female applicants to apply. 

In a recent study that these job requirement changes would encourage women to apply more often. The study revealed that women on average only apply for a job role when they meet the role requirements 100 per cent, but men apply when they meet 60 per cent of the job requirements. When questioned concerning why they do not apply to jobs that they do not meet all the requirement for women did not lack confidence, but 21.6 per cent assumed they would not be hired as they did not meet the requirements. 15 per cent of women even stated that they did not apply because they were following the guidelines in job advertisements for whom should apply. 

There are also a huge proportion of postgraduate grants, scholarships, and extra funding available for female applicants for STEM subjects. These schemes need to be better advertised to female students and new career paths should be geared towards attracting female works. With the rise of remote working due to the Covid-19 pandemic, employers can offer more flexible and beneficial work packages that will likely attract more female applicants. This can be seen in research, as a study conducted by the Harvard Business Review showed that US employees ranked workplace flexibility as a close second to healthcare. With 80 per cent of employees choosing more benefits over a pay increase. 

So how close are we really to closing the gender diversity gap? 

With the cybersecurity industry in an undeniable period of growth, it is important that training and recruitment practices within the industry keep up with the need for employment.  

It is important to ensure that recruitment focusing on employing the right candidates for the role, however, as shown the requirements for many entry levels roles are too high and sometimes too specific. Job roles rarely involve only the tasks or skills listed and often require out of the box thinking, good communication and people skills. But these skills are rarely listed are they are a given when applying for a job, often using technical or too specific language in job advertisements can turn away great applicants, especially as seen in female applicants. 

Within the UK specifically, 62 per cent of cyber firms reported employing staff that had already or were currently studying cybersecurity related qualifications. These numbers show that without specific cyber-security qualifications applicants are less likely to apply for job advertisements in the industry. Therefore, only changing job advertisements is not enough. The industry needs to change.  

With demand for skilled staff far outweighing the supply, cyber security companies should look at in-house training programmes, sponsored external training or advertising company benefits such as company financed training pots. These changes with bringing down the job requirements for roles, specifically entry level requirements would increase applications, and likely increase interest from female applicants.