Governance & Risk Management , Next-Generation Technologies & Secure Development
Why Are So Few Women Working In Cybersecurity?Study Finds Percentage of Women in Sector Unchanged Since 2013
Women's representation in the global cybersecurity workforce has remained at 11 percent since 2013, according to a recent (ISC)² report covering 19,700 respondents from 170 countries. That percentage is much lower than the representation of women in the overall workforce. (See: Women Are Ideal to Lead GRC Roles )
See Also: 2022 Unit 42 Incident Response Report
Attracting women to careers in cybersecurity will not only help address the global shortfall of security pros but also will infuse fresh perspectives on how to tackle today's challenges. The report projects a shortage of 1.8 million cybersecurity pros globally by 2022, so it's imperative for organizations to make diversity a priority.
Plenty of Jobs Available
Clayton Jones, managing director, Asia-Pacific at (ISC)², a not-for-profit organization that specializes in information security education and certification, believes the lack of women in this sector contributes to the shortage of available talent.
"It's clear that enterprise and government efforts to attract and retain more women in the global cybersecurity profession have not made a meaningful impact," Jones says.
In the Asia-Pacific region, women account for only 10 percent of the regional information security workforce, compared with 14 percent in North America, according to (ISC)². Moreover, in Asia-Pacific there are no women at C-level cybersecurity-related executive positions. (see Figure #1 below)
"Perceptions that students need to be good in math or have to be technology-savvy in order to pursue studies in cybersecurity has to be changed," Jones says. Of course having a technology background helps, but it's definitely not the only qualification needed to excel in this field, he adds.
Within Asia-Pacific, Malaysia (15 percent), Singapore (10 percent) and Australia (10 percent) have relatively higher percentages of women in the workforce, while India (7 percent), Japan (6 percent) and Hong Kong (5 percent) have lower participation.
One reason for the lack of women in cybersecurity in the region is their high dropout rate, says Shivangi Nadkarni, co-founder and CEO at Arrka Consulting, an India-based firm that helps businesses assess their IT risks. "Women are considered the primary caregiver in a family. Therefore, when a woman plans to start a family, she is often expected to opt out of regular office," Nadkarni says.
What's Being Done?
Hong Kong-based Vivian Poon , a network and security professional working at a financial institution, says female students need to be made more aware of cybersecurity career opportunities. "Some non-profit organizations such as Programme for International Student Assessment (PISA) and (ISC)² are actively going to schools to give cybersecurity seminars to students," Poon says.
In India, some companies, including Lucideus, a Delhi-based IT risk assessment and digital security services provider, have launched cybersecurity awareness programs for students.
"We have been conducting trainings for both school students and professionals. The idea is to develop an interest from a young age," says Rahul Tyagi, vice president of training at Lucideus. "The more exposure they get, the better it will be for the future of our industry."
The governments in countries across Asia are also taking steps to help make life easier for working mothers.
Singapore, for example, offers 16 weeks of paid maternity leave while China offers 14 weeks of paid maternity leave. The Indian government recently increased maternity leave to 26 weeks while Australia offers 52 weeks.
A key step some organizations are taking to build interest in cybersecurity careers is to rotate staff among various functions.
"One way to familiarize and attract women to the cybersecurity function in an organization is to provide them periodic exposure and mentoring in the issues pertaining to this sector," says Reshmi Khurana , managing director and head, South Asia, at Kroll. "There are organizations that expose their staff, including women, to relevant technical aspects like deep web and bitcoins, among other things. All this helps spread awareness and interest on the subject."
Nevertheless, many corporations still struggle to recruit women for cybersecurity careers. Professor Jill Slay, director at the Australian Centre for Cyber Security, shares an anecdote. "Some large companies in Australia have certain quotas to fill to meet their diversity goals," she says. "On one such occasion, a company was looking for 18 women to fill their positions. I only came up with two women CVs".
Slay doesn't believe Asian companies discriminate against women workers. "The problem lies is lack of proper training," she says. "Women need to be encouraged to study correct courses at school and be motivated by social as well as technical aspect of cybersecurity."
But businesses must create inclusive workplaces to support advancement of women. "Companies need to close the workforce gap with a multiyear initiative to attract and retain top women talent," Jones says. "Additionally, pay inequality needs to end to increase satisfaction levels for women."
Organizations must recognize that female millennials will demand equal pay, treatment and opportunities, she adds.
Of women who work in information security globally, one in five works in a governance/risk/compliance role, according to a 2015 study by (ISC)².
Jones says women offer valuable skills needed to excel in GRC, including defusing emotions, collaborating across multiple stakeholders and skillfully balancing business objectives and risk management.