Insight: Why cybersecurity businesses need to close the gender gap

Cybersecurity threats are growing at an alarming rate across the globe, while at the same time, cybercriminals are becoming even more sophisticated in their methods of attacks.

Meanwhile, the shortage of cybersecurity talent is making it difficult for organisations and industries to meet these constantly shifting security demands.

As such, the cybersecurity landscape has become increasingly challenging. In fact, cybercrime is expected to cost the world $10.5 trillion annually by 2025, the World Economic Forum forecasts. But organisations are struggling to build the specialised skills required to manage these growing threats.

According to ISACA’s latest State of Cybersecurity Report, 63% of enterprises have unfilled cybersecurity positions, while labour shortages in the UK have become particularly acute. In fact, while there are currently about 339,000 cyber professionals in the UK, up 13% year-on-year, there is still a shortfall of 56,811 workers – up 70% year-on-year.

And yet, despite this growing need for cybersecurity talent, we also continue to see significant underrepresentation and exclusion of women within the cybersecurity sector.

A recent report published by Cybersecurity Ventures on women in cybersecurity found that, as of September 2022, women accounted for only 25% of the workforce in the global cybersecurity industry – the UK is doing marginally better, with women making up 36% of the nation’s cybersecurity workforce, figures from the National Cyber Security Centre reveal.

But, women are expected to represent only 30% of the global cybersecurity workforce by 2025 and 35% by 2031. This means that over a period just shy of a decade, the number of women in the industry will have grown by only 10%.

This lack of inclusion of women in the cybersecurity workforce is not only detrimental to the sector and to businesses’ security because it facilitates the continued shortage of much-needed cybersecurity skills, but also because it enables blind spots in cybersecurity through a narrowed lens of perspectives in the field.

That’s why, if businesses are to tighten up their cybersecurity, they need to start meaningfully and seriously closing the gender gap.

Gender equality as a driver of progress

Ensuring the increased inclusion of women into the field of cybersecurity would do more than just fill empty chairs in the industry, it will also play a key role in broadening and strengthening an organisation’s security capabilities by bringing diverse perspectives to problem-solving and innovation.

In fact, it’s been well-proven that including women helps to ensure better outcomes for technological solutions by enabling organisations to approach the functionalities of technologies from a different perspective, thereby reducing any blind spots that would not get caught otherwise.

For example, women internet users face a higher number of cybercrime incidents while being at an increased risk of financial data loss, violations of privacy, and security breaches, according to the World Bank.

Additionally, a more diverse workforce ultimately improves business performance, as companies with a gender-diverse employee base tend to have better financial returns than national industry averages.

But, most importantly, by empowering more women to enter the cybersecurity industry, which is a well-paying, highly productive, and future-proof industry for employment, we would be able to strengthen and diversify national economies.

Attracting more women into cybersecurity

According to the World Economic Forum, there’s a perception that awareness of cybersecurity is low among women and that the low participation of women in cybersecurity is due to a lack of access to cybersecurity education. This is not true.

In fact, 82% of respondents to a global survey of female STEM undergraduate students said they had either ‘some’ or ‘a lot’ of knowledge about cybersecurity, while 58% said they had access to cybersecurity education and 68% had already taken a cybersecurity-related course.

So, what exactly is acting as a barrier to entry for women in cybersecurity and how do we create a more inclusive cybersecurity workforce?

Well, it’s not as simple as just recruiting more women into cybersecurity roles. Emphasis needs to be placed on training and education, as well as encouraging women and young girls to pursue cybersecurity as a career path by providing mentorship and access to other female role models within the industry.

One of the biggest reasons that women don’t consider a career in cybersecurity is often because they’re simply not exposed to it as an option for them.

As such, there remains a significant opportunity to attract more women into the field by exposing them to the broad and diverse positions available within cybersecurity from a young age – from secondary school to tertiary educational institutions – as well as through internships, projects, and other cybersecurity-related experiences, like hackathons.

The underrepresentation of women in the cybersecurity sector has a direct negative impact on the security and protection of people, organisations, industries, and entire economies.

That’s why the inclusion of more women in cybersecurity is critical to not only closing the talent shortages of cybersecurity professionals, but also creating a cyberspace that is safer, while enabling a more inclusive cybersecurity industry.

Debi Dowling is chief of staff and VP of strategic programs at Onapsis