Progress towards gender equality in cyber still slow

A fifth of women working in cyber security think gender equality within the workforce will never happen, while 60% think it will take a decade or more, according to research produced by the Chartered Institute of Information Security (CIISec).

Ahead of International Women’s Day on 8 March 2021, CIISec’s research paints a disappointing picture of progress around equality in the sector, with 47% of respondents saying that had experienced or observed blatant misogyny that went undisciplined, while 61% said a lack of self-confidence was holding them back, and 50% did not believe they had the needed skills to move to more advanced roles.

“There’s no question that the cyber security industry must become more diverse. This isn’t only a matter of creating a more inclusive and fairer world. Without greater diversity and inclusion, the industry risks stagnating,” said Amanda Finch, CEO of CIISec.

Other perennial issues highlighted in the study included being passed over for promotion, being paid noticeably less than men doing the same job, feeling unwelcome in the workplace, and – in many situations – being the only woman on the security team.

However, women in cyber tend to agree on what needs to be done to improve matters. For example, 56% say better support, mentoring and career progression would be most helpful, 49% say the security sector needs to shed its “boys only club” image, and 48% say that the presence of more high-profile women in security would have a positive impact.

“Organisations need to work together to eradicate the ‘boys only club’ culture cyber security has built up over the years. As an industry facing a skills shortage, it can’t afford to drive away valuable new blood that could bring fresh new ideas. We need to encourage a new generation of talent into the industry and give women better support – both to help them progress, and so they want to stay in their careers,” said Finch.

Finch said that the problem would not be a quick fix, and that the sector clearly needs to dig much deeper into the underlying issues and address them from the ground up to really effect change.

“Understanding exactly what women are experiencing and need are just the first steps to help make a change. We need to offer clear paths to progression through frameworks and ongoing training. We need to break down barriers and demonstrate the varied roles and career paths within the industry,” she said.

“Doing this will help make a real difference in encouraging women into the industry, bringing with them the new skills we so desperately need to fight against the changing threat landscape.”

Jane Chappell, co-founder and operations director of consultancy Arcanum Cyber Security, who was also the first woman to command a cyber unit in the British Army, said that picking security as a career was not something that should seem scary for women. She said she had found the industry open and accepting since moving into the profession in the early 2000s, and that things were steadily improving.

“During the past 10 years, I have seen a significant increase in women working in all aspects of cyber. On a recent National Cyber Security Assessment Panel, 45% were women with careers in cyber security,” she said.

“For me, being a woman has not made any difference whatsoever. However, I do have an armed forces background where, during my early years of service women, accounted for approximately 5% of the serving personnel.

“Discrimination in cyber wasn’t an issue and I never encountered any bias. Perhaps this was because so few people understood ‘cyber’, which was then referred to as IT security, so were interested in the knowledge that both women and men had.

“Cyber is an everyday word now and many people know much more about it. There’s a great deal more publicity and hype about women in the profession today,, which I feel detracts from the fact that the profession needs people with passion and ability at all levels, regardless of gender,” said Chappell.

“I’ve never regretted my career move into cyber as it’s such a developing profession, provides a great deal of job satisfaction and has an extensive outreach network.”

International Women’s Day takes place on Monday 8 March. This year, the theme of the event is #ChooseToChallenge, encouraging people to challenge and call out gender bias and inequality wherever they see it, and to seek out and celebrate women’s achievements.