In 2024, at least three out of four cybersecurity professionals are men.
Cybersecurity is not the only industry dominated by men, but it is in contrast to other industries. Law (53%), Accounting (46%)and Doctor of Medicine (37%) —It's late.
New research from ISC2 shows that women wear just the right amount of makeup. 20% to 25% of the cybersecurity industry. And this number has remained relatively stable over the past few years, the report said.
It's even more striking when compared to the racial makeup of the industry. In the US, UK, Canada, and Ireland, the majority of cyber professionals over the age of 40 are white, but the majority of those under 40 are not white. Two-thirds of new entrants to the industry from these countries in the past 12 months were non-white, according to ISC2 research.
What about take-home? Cybersecurity is beginning to solve the diversity problem, but we still have a long way to go.
Gender expression in cyber in numbers
Just 4% of ISC2 survey respondents said women make up the majority of their security teams. In contrast, 11% admitted they had no women on their team at all.
Mild network effects also seem to be at work. The average woman in the security industry works with about 8% more women (30%) than men (22%).
The issue is similar across industries, with the most diverse sectors such as cloud services, automotive, and construction (all 28% female) significantly outnumbering the least diverse sectors (military and energy, 20% each). not. ).
However, alongside the lagging trends, there are also some positive trends.
Only about 14% or 15% of cyber professionals over 40 are women, while at least 25% of those under 35 are women (a relative improvement).
Most interestingly, women who enter the cybersecurity field tend to be promoted as much or better than their male counterparts. Women also hold executive titles at the same level as men. A larger percentage of them have management-level roles and a smaller percentage are ranked as individual contributors. It may sound counterintuitive, but a higher percentage of women are involved in the recruitment process in the security industry than men (33% to 24%).
However, this data contrasts with other recent findings.
Root of the problem: exclusion
Women in Cybersecurity (WiCyS) tracked how women experience exclusion in the industry in its 2023 State of Inclusion Benchmark in Cybersecurity report. Respect ranks as the worst problem It was included on that list, but right behind respect was “opportunities for career and growth.”
“Women experience the glass ceiling around the age of six,” reports WiCyS Executive Director Lynn Dome. “You can imagine A woman’s journey in cybersecurity As they progress through their careers, they don't necessarily get the stretch assignments they expected, and perhaps miss out on promotions because their managers haven't taken the initiative to identify their career trajectory within the organization. and have had such an experience. Microaggressions, tokenism, lack of respect for comments. All of this leads to a point where individuals are likely to choose to exit their career and move on to other fields. ”
This is a self-fulfilling cycle. More women are avoiding security because women are underrepresented. Dome says, “A lack of diversity in the workforce is a symptom of a lack of inclusion.”
Simply hiring more women will not solve the problem. Because exclusion runs much deeper than any single person or organization can account for.
“The gender gap in cybersecurity starts long before women enter the workforce,” explains Jessy McDermott, Partner Solutions Architect at Aqua Security. “As a former engineering student, I know firsthand that this gap exists at the college level. For example, the women who completed the engineering program with me at Dartmouth College During those four years, I experienced continued prejudice and suspicion, and witnessed how women were ultimately forced out of the field before graduating.
“This is only going to get worse over time, as women begin to realize that careers in information technology and cybersecurity are “male-dominated.”If I can do something graduate from university Without being kicked out of the field, you have just begun the first part of your never-ending journey. Ultimately, this can all lead to impostor syndrome, which I and many of my female friends in the industry deal with. Even after many years of experience as a cybersecurity professional, I still have days when I have to prove something, but more importantly, prove Share my knowledge with others. ”
So, she added, “I love that more companies are trying their best to hire more women in the field, but when you see the difference. women need internal support To be confident and successful in your role. ”
Impact of non-diversity on companies
In addition to the obvious impact on people, there are also uniformity impacts on businesses.
“Low retention rates for female talent are costly as recruiting funds are recouped, and it also poses a reputational risk,” Dohm points out.
“Broader than just cybersecurity, there is a body of research that shows that the more perspectives you bring to the table, the better your ability to problem-solve,” said ISC2 CEO Cllr Rosso. “Cybersecurity is a highly complex and growing threat landscape, and the more perspectives you bring to solving a problem, the more likely you are to be able to impact your cyber defenses.”
Mr. Doum succinctly states: “Not having the diverse perspectives that women bring to the cybersecurity workforce is a security risk.”