Monkey Business - Fotolia

Crest report outlines ways to address cyber security gender gap

Report on the causes and potential remedies for addressing the gender gap in cyber security is aimed at stimulating debate and co-operation in the industry

The gender gap in cyber security is mainly a result of poor marketing and perception of the industry by women, according to a report by security certification body Crest.

The report is based on a workshop aimed at addressing diversity in the cyber security industry in February 2016 that was attended by representatives from Crest member companies and industry.

The workshop focused on the fact that the most recent Global Information Security Workforce Study by (ISC)2 shows that women represent 10% of the global workforce.

By comparison, 26% of IT professionals worldwide are women, according to the American Association of University Women.

Workshop attendees agreed there is no lack of opportunity for women in cyber security, and that the reality of being a woman working in the industry is extremely positive.

The group concluded that the lack of applicants could be attributed to poor marketing and a poor perception of the cyber security industry, which is far removed from the reality.

Many workshop attendees voiced frustration that computer science was either not available or not advertised as an option at school.

As a result, women account for only 18% of undergraduate degrees awarded for computer science in the UK, the report said.

Most participants said that despite the perception of the industry being sexist or inhospitable to women, they had never experienced any such issues.

The only exception to this were some accounts of women being given less technical projects or roles because these were automatically delegated to male team members.

Read more about women in information security

Attendees said the industry had changed, but perception had not evolved at the same rate, and it was crucial to market all aspects of the industry, both technical and non-technical, proactively.

Almost every workshop attendee confessed to “falling into the industry by accident” and having known very little about how exciting and innovative the industry was before they entered it.

Attendees recognised and gave credit to the various initiatives and networking groups already in existence that supported women working in cyber security and, more widely, technology.

However, it was agreed that these initiatives all work in silos and, as such, had had no great impact on the overall cause.

“Increasing the number of women in cyber security is not simply for diversity’s sake, but for the sake of the industry,” said Crest president Ian Glover.

“One of our attendees put it best, suggesting that by consistently taking people from the same backgrounds, we will keep coming up with the same approaches and solutions.”

Major challenges

Although most of the workshop attendees agreed cyber security was welcoming to women, Glover said the perception from outside the industry was very much the opposite. “It is clear that this is one of the major challenges we face,” he said.
Glover said the main purpose of the workshop was to discuss and find ways to facilitate change.

“Areas that were felt vital when addressing the issue were education, awareness, industry perception, support, role models and barriers for entry,” he said.

In practice, the report said this would mean:

  • Influencing children early in their education to encourage more girls into science, technology, engineering and mathematics (Stem).
  • Portraying the cyber security industry in an accurate, positive way and promoting cyber security careers and opportunities for women.
  • Ensuring that cyber security career marketing is gender-neutral and attracts both sexes.
  • Supporting and retaining the women currently in the profession through mentoring schemes and improved networking opportunities.
  • Raising the profile of successful women in cyber security.
  • Providing financial support for women to enter careers in cyber security.

Workshop attendees also felt the cyber security industry had to be clear on who to target with a campaign to ensure both short- and long-term success.

Glover said Crest was now looking to collaborate with existing initiatives to work together as an industry to define an agreed set of actions to address this important issue.

Read more on Hackers and cybercrime prevention