No official figures exist to prove exactly how many women work in the cybersecurity industry, but some estimates suggest a figure as low as 10%. Which means that just 1 in 10 people working in cybersecurity are female.
Cybersecurity is seen as “unsexy”
Cybersecurity has an undeniable image problem. Both hackers and the experts tasked with fighting them are typically portrayed in the media as being male, geeky with poor hygiene and inter-personal skills.
Obviously this is not the case in real life, but the stereotype is so ingrained that people believe that it is true. As a young person – male or female – choosing their career path, this cliché is unhelpful.
Evidence suggests that the number of young women entering IT has fallen steadily since the 1980s. If the industry cannot improve its image and credibility with young people, this situation is unlikely to change.
The cybersecurity industry will need to come together to raise the profile of women and to highlight their achievements. Over time this will help to undo many of the negative stereotypes that deter young people from entering the field.
Discrimination and harassment are still significant problems
Once women begin a career in IT and security, many face ongoing problems at work. A study carried out by an IT security firm last year discovered that corporate culture seems to be biased against women entirely.
The research also discovered that women face even greater problems outside their place of work. Trade shows and conferences were highlighted as being of particular concern because women face far greater discrimination – and increased harassment too.
The stress of these cultural failings forces female cybersecurity workers to reconsider their roles – and many leave the industry as a result. Losing experienced workers further reduces the number of people available, which actually makes the world of IT even less safe.
Things need to change. Now.
Obviously there is nothing to say that women must work in IT security, but there is a chronic shortage of well-trained specialists in the industry. Current efforts to recruit more cybersecurity experts are failing – so it is logical that businesses should be investing in programs to attract more women into the industry.
At the same time, businesses need to look very carefully at their culture. Is it welcoming to women? Are they valued and respected? And what safeguards are in place to reduce the risk of harassment and discrimination in the wider industry?
Ongoing skills shortages mean that businesses are crying out for suitable candidates. So why continue to game the system towards a male majority when that clearly isn’t solving the crisis?
Time will tell whether the industry finally learns its lesson – let’s hope things have changed for the better by International Women’s Day 2019.