At this point, it’s a truism that the tech industry needs more women. But one sector that holds incredible opportunity is cybersecurity. By next year, millions of cyber jobs will be available, but will be unfilled.

Having spent the last 10 years in cybersecurity, I’ve seen firsthand how badly underrepresented women are in the field. They make up just one-quarter (24 percent) of the world’s cyber security workforce. Last year, the European Commission launched an initiative to increase women’s participation in cybersecurity to address the sector’s chronic talent shortage.

By all rights, women should play a much larger role in network security. They have strong credentials, with 52 percent holding post-graduate degrees versus 44 percent of men. Women who enter the field also fill more leadership roles proportionately: seven percent occupy senior jobs, such as chief technology officer, compared with only two percent of men.

Cybersecurity should be a magnet for women. In addition to plentiful job openings, it offers the status that comes with doing important work. Whereas in the past, cybersecurity was seen mainly as a support function, today it is recognized as being crucial to every organization.

So why do women remain a minority in a field that needs them so badly?

As with the tech industry more broadly, many women have misgivings about entering the profession. They don’t want to feel isolated in a field that lacks diversity, or risk facing discrimination. Some, especially college-age women still deciding on a career direction, lack confidence.

While some tech companies have started a number of initiatives to help rectify the gender imbalance in the cyber security field, many other companies don’t have systems in place that are focused on recruiting and retaining women. There are a few relatively simple actions that every company should consider.

First, firms must make a special effort to encourage women to apply. Internal HP research suggests that men will seek a position if they think they meet 60 percent of the requirements, whereas women will apply only if they feel they meet all of the criteria. Companies can help counter this reluctance by actively recruiting women to cyber security roles, while emphasizing the availability of mentorship and ongoing training programs to help employees meet the evolving demands of the job. Conducting a broad search for candidates will also help companies find and recruit more women, instead of just looking for candidates that went to an elite set of schools or who worked for certain companies.  

Second, companies should scrutinize their performance indicators for historical bias to ensure that women are not being evaluated differently than men. For example, studies have shown that women who are assertive are sometimes labeled as “bossy” whereas men who exhibit the same behaviors will be perceived as confident. Unconscious bias trainings are one way to make sure employees are aware of these types of biases and to help create a more equitable working environment for everyone.

Third, during the hiring process, companies should make sure at least two women are among the finalists for any position when the pool of qualified candidates permits. Research has shown that hiring authorities tend not to choose a minority candidate when she is the only one in the group. In other words, if four out of five candidates for a job are men, the job will almost certainly go to a man. Adding a second female candidate significantly increases the odds that a woman will be hired.

Cybersecurity is a growing field that requires a broad range of skills. It should be a magnet for talented women. I am confident that as cyber security companies continue to make it a priority to recruit and retain women, we’ll see the gender gap close further and will see more women in senior positions.