Women in Cybersecurity: Women in the Profession

By /

n

n

Click Here for the Full Report

n

 

n

Women’s Role in Filling the Workforce Gapn

n

nThe number of women working in cybersecurity has remained consistentnyear-to-year. ISC2 has estimated that the percentage of women in thenindustry is likely in the range of 20% to 25%. While there isn’t onenorganization tracking this metric specifically, ISC2’s numbers arenconsistent with Cybersecurity Ventures’ Women in Cybersecurity Report, which reported that women held 25% of cybersecurity jobs globally in 2022.n

n

nOne positive trend is that ISC2 expects this percentage to shift higher asnmore young people enter the profession. The data showed a highernrepresentation of women within the respondent pool, starting with the agenrange 39–44 (16%), and the percentage increased as the age decreases (26% innthe under 30 age category). 

n n

When respondents were asked how their security teams are staffed, and innparticular, what percentage of their security teams are women, the overallnglobal average suggests that 23% of teams are comprised of women. At thenextremes, 11% of survey participants said they had no women on theirnsecurity teams, while 4% said more than half of their security team arenwomen. Interestingly, the average percentage of women team members, asnreported by women participants, was significantly higher than by the mennsurveyed (30% vs. 22%, respectively), meaning women work at organizationsnwith a higher percentage of women on their security teams. Also,nsignificantly more men (21%) did not know in percentage terms the extent ofnwomen in their security teams compared to 13% of women participants who didnnot know.

n n

Of the 11% of participants who said there were no women within theirnsecurity teams, half worked in the U.S. They also worked in IT Servicesn(19%), Financial Services (13%), and Government (11%), while nearly halfnworked at mid-size organizations with 100–999 employees. No singlensector reported a significantly higher percentage of women withinnsecurity teams. Security professionals working in Cloud Services,nAutomotive, and Construction reported the highest percentage (28%) ofnwomen within their security teams, while the Military and Utilities hadnthe lowest (20%).

n n

These numbers are still a significant minority, especially given thencurrent need for cybersecurity talent. Increasing the representation ofnwomen across every industry is needed to help close the global workforcengap. Organizations should review their cybersecurity recruitmentnpolicies and practices to ensure that they get a more gender-balancednpool of candidates and that the women in their teams are also part ofnthe recruitment process.

n
n

nWomen’s Paths into Cybersecurity and Their Roles Within Organizationsn

n

nWomen in our survey have been working in cybersecurity for slightly lessntime on average than men (nine years vs 11 years for men). However, thendata show that their pathways into the profession and motivations fornjoining are slightly different from men’s common pathways.n

n

nWhen asked why they initially pursued cybersecurity as a profession,nwomen participants had significantly higher rates of pursuingncybersecurity in school (14%) and having a family member or mentornworking in the field who encouraged them to pursue it (14%). This wasncompared to 10% of men who pursued the field in school and 11% who werenencouraged by others. Women participants also wanted to work in ancontinuously evolving field (21%) and one where they could help peoplenand society (16%) at significantly higher rates than men who respondedn(18% and 14%, respectively).

n n

Regarding formal and continuing education, women respondents holdnadvanced degrees (Master’s and Doctorate-level qualifications) atnsignificantly higher rates than men. They hold cybersecurityncertifications at similar rates and have plans to acquire morencertifications at similar rates to men in the industry. When asked whynthey wanted to pursue a certification, both genders listed the samenprimary reasons: to improve skills, stay current and for careerndevelopment. However, women participants indicated they pursued andnplanned to pursue certifications to get promoted, to apply for jobs ornbecause their organization had a skills gap at much higher rates thannmen.

n n

Another positive trend we noted is that within their organizations,nwomen appear to hold executive titles at a similar rate to men. We sawnhigher rates of women holding managerial level roles and lower rates ofnbeing individual contributors when compared to men. This also translatednto higher rates of women being involved with hiring decisions than menn(33% of women to 24% of men). In terms of job titles, more than halfn(57%) of women participants hold formal security titles like SecuritynConsultant, Security Analyst and Security Engineer, while 43% holdninformal titles (e.g., IT Manager, IT Director, VP IT). Men whonparticipated in the study hold formal security job titles at a highernrate (63%).

n n

Does Gender Determine Whether or Not You’ll Become a Malicious Insider?

n
According to IBM’s Cost of a Data Breach Report 2023, data breaches initiated by malicious insiders were the most costly. Meanwhile, Verizon’s 2023 Data Breach Report found that while the average external threat compromises about 200 million records, incidents involving an inside threat actor have resulted in the exposure of one billion records or more. Additional academic research affirms that gender bias impacts managers’ perceptions of who may be an insider threat in the workplace. This is an area that needs to be explored in more detail, but ISC2’s survey showed significant statistical differences between men and women regarding malicious activity. Over a third (35%) of women respondents reported being approached by malicious actors wanting them to act as a malicious insider, compared to just 21% of men who participated.
n n n
]]>

Leave a Comment

Your email address will not be published. Required fields are marked *