According to new research from the Center for Cyber Safety and Education (the Center) and the Executive Women's Forum on Information Security, Risk Management & Privacy (EWF), women comprise only 11 percent of the information security workforce a number that has remained steady since 2013.
The study also found that women in cybersecurity have higher levels of education than men, but fewer hold senior-level positions, and they earn less money. The Women in Cybersecurity report is part of the Center's eighth Global Information Security Workforce Study (GISWS) sponsored by Booz Allen Hamilton and is based on data that was collected in the survey.
"It's disappointing to see that the number of women in the cybersecurity workforce continues to remain low," said David Shearer, CEO, the Center for Cyber Safety and Education and (ISC). "We must encourage young women; help them to see that information security is a challenging, lucrative and exciting career field. We must also promote women into leadership positions, and pay them at levels that are equal to their male counterparts. There is a large shortage of skilled cyber professionals, and women are a valuable resource that can help to bridge that gap."
Key takeaways from the Women in Cybersecurity report include:
- Women comprise only 11 percent of the global information security workforce.
- Women have higher levels of education than men, with 51 percent holding a master's degree or higher, compared to 45 percent of men.
- Fewer women hold positions of authority (director level or above) compared to men.
- Women working in cybersecurity have a more varied educational background than men contributing to the diverse set of skills they can potentially bring to the industry.
- On average, women in the information security industry earn a lower annual salary than their male counterparts.
- Fifty-one percent of women in the cybersecurity industry in North America and Latin America have experienced some form of discrimination, compared to only 15 percent of men.
- Women who have higher levels of access to sponsorship and leadership programs report feeling valued in their role and are more likely to be successful.
The Center for Cyber Safety and Education and the Executive Women's Forum on Information Security, Risk Management & Privacy have joined forces with several industry leaders to raise awareness of the need for women in cybersecurity. Additional sponsors of the report include: PricewaterhouseCoopers LLC, IBM, Alta Associates, (ISC) and Veracode. Booz Allen Hamilton sponsored the Global Information Security Workforce Study (GISWS), which provided the data for the report.
"I believe it is imperative for the cybersecurity industry to support and facilitate the recruiting, retaining and promoting of women. Proactively developing this career path will combat gender inequality and prevent further decline in the overall security labor pool," said Sloane Menkes, PwC principal and global crisis center coordinator. "While there is significant demand for high-skilled workers, there is also a critical pipeline issue of women joining our cybersecurity workforce. Cybersecurity leaders need to commit to reversing this trend - from our universities to our board rooms - before the issue is irreversible."
"With increasingly sophisticated threats and the demand for security talent soaring, the cybersecurity field is one that absolutely cannot afford to neglect the population of women and the many talents they offer," said Shamla Naidoo, global chief information security officer, IBM. "The security industry needs the best and brightest to remain ahead in the fight against cybercrime, and creating a workforce with diversity of thought, gender and backgrounds is essential to this goal."
"The Women in Cybersecurity report found that 52 percent of millennial women havea computer science degree, yet the number of women in the cybersecurity workforce has remained stagnant for the last two years," noted Sam King, chief strategy officer, Veracode. "We are already facing a significant skills gap in cybersecurity with positions going unfilled. If we continue on this track, we will be unable to secure the digital economy. We need to examine why it is that the next generation of workers is not pursuing careers in cybersecurity, but especially women. In addition to focusing on cybersecurity education at the university level, creating programs aimed at high school and middle school students will help to create enthusiasm for this industry."
"Mature cyber security teams require a mix of skills and diversity of thought you must foster teamwork that's inclusive and integrates multi-disciplinary and diverse perspectives" added Angela Messer, a Booz Allen executive vice president, and leader of the firm's Cyber innovation business and cyber talent development champion. "An overreliance on any one background or perspective leaves an organization vulnerable to adversaries and threats that rapidly change only diverse, multidisciplinary teams can rapidly respond and problem solve on the next challenge. It's also a security imperative that our industry broaden access to talent by becoming better at attracting, retaining and empowering female cyber warriors."