The digital world we live in evolves at a staggering pace. Constantly connected, regardless of how aware of it, we are regularly exposed to risks of all sorts of data breaches. And there comes the need for better cybersecurity at all levels, indeed on a personal scale, but also inside companies. But yet, as appealing and fast-growing as the field is, the demand has yet to be met. And in the equation, women are still an overlooked “minority.”
«Cybersecurity is all about having policies, processing procedures and dos and don’ts of using these digital assets in a secure manner; there is a difference between the way the physical world gets protected and the digital space, and we have to know the dos and don’ts of the digital space as well,» says Manisha Bansiwal, Deputy Chief Information Security Officer, GMR Group – as reported by The female Quotient. Since the rules of the game are not completely clear, but the threats are ever-evolving, and the depth of their implications is constantly growing, all roles related to technology, specifically those in the protection of data and identities, will remain in high demand in the future.
Regardless of the all-time high world workforce of 5.5 million jobs – an increase of 440,000 jobs (or 8,7%) from last year and up from the 2.8 million in 2019 – there is still a gap in the field of almost 4 million workers on a global scale. An estimated 57% of organizations report unfulfilled cybersecurity positions in their structures.
Yet, the human capital in cybersecurity appears very homogeneous: Similarly to what happens in most tech fields, the vast majority of digital security professionals are (white) men – according to estimates, they represent 75% of today’s workforce. Despite of the high and steadily increasing needs and the evident shortage of profiles, only 57% (just 67% if they are experiencing staff shortages) of companies say they are invested in D&I initiatives – reads the report by ISC2*, a member association for cybersecurity professionals.
Initiatives that could help them fill open positions with women talents, attracting them from different career paths or evaluating internal profiles among their current workforce.
A vicious circle
It is not only a matter of percentages. The digital security sector has a reputation for being an elitist, jargon-heavy field with a high level of discrimination. Of the 25% of women professionals in the sector, 30% confirmed they feel discriminated against at work. Cybersecurity professions are perceived as being only about technical skills and qualifications. Instead, they also include a variety of other roles that require creativity, communication and problem-solving capabilities.
The sector could potentially look more appealing to women, but it is still perceived as lacking flexible working options and not particularly inviting, for example, to new mothers who want to return to their jobs. Moreover, despite of the recognized opportunities for growth and development, the potential benefits, and the working chances tech fields offer, few girls still choose STEM studies or pursue careers in IT or the digital world.
The lack of new and different talents entering the security fields determines a demand that still outpaces supply. In 2023, the workforce gap grew an additional 12.6%, according to the ISC2 report, with the greatest rise in Asia-Pacific and North America (on the opposite side, the Middle East and Latin America, on the other side, saw the gap shrink this year.)
Even if this picture appears definite and is slow to shift globally, there are signs that the situation is evolving – surely, at a slow pace and with many challenges ahead. Women, while breaking barriers, are bringing fresh perspectives to a field that, for all the different threats it encounters, needs different looks and innovative solutions to the ever-changing risks.
Even if only 17% of cybersecurity professionals in non-managerial positions are women, they have progressed in the last few years on the leadership ladder in the field. They account for 14% of those aged 60+ but 30% of those under 30. Younger women are also rising at the managerial level in bigger numbers; they make up 10% of C-level executives above 50 but 35% of all executives in their 30s.
The path is a long one. In particular because of the great gender disparity existing in the general workforce in the field. But, as it is happening in other similar sectors, the possibility for change are many. They span from fostering a culture of respect, improving career development specifically for women, and building more pathways for a career in cyber security. Or looking internally to grow talents from within the organization and cultivating an interest in tech from early on. The growing attention is translating into more universities offering specific cybersecurity programs, for example. And all this can eventually make a difference in highlighting the value for women to enter the field.
Similarly, companies should think about inspiring and nurturing the next generation of (female) professionals by considering that improving gender diversity is not only a moral concern. It could concretely enhance the performance of teams, and employees agree. According to the ISC2 report, «Cybersecurity professionals value a diverse workforce. 69% said that an inclusive environment is essential for their team to succeed, and 65% feel that it’s important that their security team is diverse. 57% say that DEI will continue to become more important for their cybersecurity team over the next five years.»
If, at an international scale, women represent 25% of the workforce in cybersecurity, growing from 20% recorded in 2019 and 10% in 2013, and with a prospect of further increasing to 35% within 2031, Italy is lagging behind. Only 10% of the professionals working in digital security are female (according to the Global Gender Gap Report 2020.) Moreover, when new positions open up, the percentage of candidates does not exceed that level.
Emanuela Panero, Chief People Officer of the Italian company Ermes Cyber Security, confirms the situation. «We employ only seven women out of 38 employees. Regardless of our constant research for female talents, (women) still represent barely 10% of the candidates for every new position we open.» She then adds, «Now is time for cybersecurity to become part of companies’ structure – they are more and more aware of the risks they are exposed to on a daily basis. The search for people within the field is high, as are the required skills. But it is not difficult to enter this sector thanks to the many training and specialization programs that have grown and have been added through the years. More women must enter scientific and technical professions to help fill the gaps in the (labour) market.»
* “Cyber workforce study 2023”, ISC2 2023
Alley Oop’s newsletter
Alley Oop’s newsletter arrives in your inbox every Friday morning with news and stories. To sign up, click here.
If you want to write to or contact Alley Oop’s editorial team, email us at email@example.com.