Cyber Security’s Gender Gap Problem


It’s well known that the IT industry in general has a gender gap problem, with only 26% of IT professionals worldwide being women, according to data from the American Association of University Women. But if you dig down into the numbers for cyber security professionals, the gender gap problem gets even worse.

According to a new study from CREST — a nonprofit accreditation and certification body, representing the security industry — only an estimated 10% of the global information security workforce are women, a brutal figure considering the growing needs of security personnel in the workforce.

“Increasing the number of women in cyber security is not simply for diversity’s sake, but for the sake of the industry,” said CREST president Ian Glover. “The first step is to work out why women are not entering the industry. Although most of our [recent] workshop attendees agreed that cyber security is welcoming to women, the perception from outside the industry is much the opposite. It is clear that this is one of the major challenges we face.”

The problem is highlighted further considering that the 10% figure has remained largely unchanged in more than three years, even as the cyber security industry faces a shortage in skilled employees and increased demand for cyber security experts among senior management.

The CREST study looks at how women continue to shy away from the cyber security field due to a general portrayal of IT as “geeky” and “weird,” and an area of study that’s meant to be male dominated. Shifting that attitude must start early in education, with young girls being better targeted with IT opportunities.

“Areas that were felt vital when addressing the issue were education, awareness, industry perception, support, role models and barriers for entry,” Glover said. “It was also felt that we had to be clear who to target with a campaign to ensure both short and long-term success. Finally, we discussed how to get the message across all ages, cultures and regions.”

While gender stereotypes have been partially dispelled, more initiatives are needed to help boost women into the IT sector, the study found. Additionally, Hollywood entertainment continues to treat cyber security as a male-dominated area, with the roles it casts in films and TV shows. That too needs to be addressed, according to the study.