leowolfert - Fotolia
A failure to include women in cyber security recruitment campaigns, the continued focus on technical skills and a gender pay gap is exacerbating the cyber security skills shortage, say industry experts.
Europe is one of the worst offending regions in the world, with women making up just 7% of the cyber security workforce and one of the biggest gender pay gaps in the world.
The cyber security workforce in Europe also has a greater gender pay gap than other regions, with men earning 14.7%, or about £9,100, more than women.
These findings are among the main drivers of the cyber security skills shortage in Europe and the UK, according to the Global Information Security Workforce Study (GISWS) published by the Center for Cyber Safety and Education, a charitable trust of information security certification body (ISC)2.
The study is based on a survey of 19,000 cyber security professionals from around the world, with nearly 3,700 respondents in Europe, including 1,000 from the UK. Two-thirds of these UK respondents said their companies do not have enough information security personnel on their books to meet their needs.
End gender pay inequality
In the cyber security sector, men earn an average of 15.5%, or about £11,000, more than women, in spite of efforts from the Women and Equalities Committee calling on the government to address the national gender pay gap.
This pay gap exists despite a greater proportion of women respondents holding managerial positions in Europe, with 51% of women in the region holding managerial positions compared with 47% of men.
This is also the case in the UK, with 64% of women in managerial roles compared with 57% of men, in contrast with the national average where fewer women than men progress to senior positions.
Adrian Davis, (ISC)2
Women are also more educated, with 63% of European women in cyber security holding post-graduate degrees compared with 52% of men. In the UK, this figure is 50% of women compared with 37% of men.
In the UK, the proportion of women in cyber security stands at just 8%, significantly less than the proportion of women working in all science, technology, engineering and maths (Stem) roles across the UK.
Publication of the findings follows the recent pledge to introduce cyber security into UK schools to help plug a skills gap that the UK government said is a “national vulnerability that must be resolved”.
The report calls for corporations to create more inclusive workplaces and to end gender pay inequity in the face of an expected global shortfall of 1.8 million cyber security professionals by 2022.
Education and experience count against female recruits
The findings also suggest that women could be inadvertently screened out by employers’ hiring criteria, following the GISWS study on millennials, which revealed that 43% of companies in Europe and 35% of those in the UK prioritise candidates with a cyber security or related degree.
The findings highlight the fact that European and UK employers inadvertently favour men and filter out women because they are less likely to study Stem subjects.
However, 76% of female professionals in the UK have never studied a computing degree, while UCAS indicates 13,000 fewer women than men study computer science in Britain.
Adding to this, 93% of European and UK employers prioritise job candidates with previous experience, yet women predominate among the most inexperienced candidates. Some 23% of European professional women are under 35 compared with just 17% of men, and in the UK, nearly twice as many female professionals are under 35 as men.
The finding show that 45% of organisations in Europe and 35% in the UK look for a technical degree, while just 27% of female professionals in the UK have studied computer science degrees, compared with 41% of men. The figure in Europe stands at 44% of women compared with 51% of men.
However, the study found signs that a greater percentage of those now entering the industry are women. Across Europe, 23% of the female workforce is under the age of 35 compared with just 17% of men, indicating a younger workforce. In the UK, female cyber security professionals outnumber male professionals by 2-to-1 in the under-35 age group.
“These results highlight that the infosec profession is missing out on the talents and skills of 50% of the working population: women,” said Adrian Davis, managing director for Europe at (ISC)2.
“The issues of the pay gap, overt discrimination and focus on ‘techie’ skills and qualifications make our profession highly unattractive to women.
“Yet, if we are to succeed and thrive as a profession in an age where our skills and knowledge are in high demand, we must address these issues urgently and constructively. Doing so will future-proof our profession and enhance our skills and reputation,” he said.
Lucy Chaplin, KPMG Financial Services Technology Risk Consulting
Lucy Chaplin, manager of KPMG Financial Services Technology Risk Consulting, said that as the findings show, female cyber security professionals come from a far more diverse educational background than men and are less likely to have previous experience.
“By prioritising computing degrees and industry experience in their hiring checklists, employers are erecting a barrier to female recruits,” she said.
According to Chaplin, KPMG has managed to buck the industry trend and achieve near 50/50 gender parity among new graduate hires to our cyber security division by recruiting just as many people with non-Stem degrees.
“Employers have to start recruiting outside Stem subjects, which women are less likely to study, if they want to bring more women into the profession,” she said.
The GISWS report on women in cyber security is the second release of data from the 2017 Global Information Security Workforce Study.
The first dataset, released in February 2017, was millennials – the next generation of information security workers. Several more reports based on the GISWS are planned for the rest of 2017.
Read more about information security skills
- Anti-millennial recruitment stance will widen cyber security skills gap, experts warn.
- Companies struggling to fill infosec roles should focus on finding people who can do what they need, not qualifications, according to a security industry panel.
- Information security professionals need to grow their skills, engage with the business, increase security awareness, set business goals and tailor their messages, says a panel of experts.
- The information security profession has reached an inflection point and is poised for growth, according to Adrian Davis, managing director for Europe, Middle East and Africa at (ISC)2.