Narrowing the Cybersecurity Talent Gap by Meeting Women Where They Are
By Lucia Milică Stacy, Global Resident CISO, Proofpoint
Retail investors and organizations across the globe face unprecedented challenges as cyber threats continue to escalate. Data compromises in the U.S., for instance, reached a near-record number in 2022, while the cost of a data breach per record climbed to a seven-year high globally. Yet as organizations brace for more turbulent times ahead, 63% have unfilled security roles and 62% have understaffed teams.
In the past decade, the cybersecurity industry and the government sector have worked together on initiatives to solve the cybersecurity talent crisis. It is encouraging to see ongoing efforts to diversify the workforce and attract more women to the field. Unfortunately, the pandemic has undone some of the progress—and we must double down as we strive to improve gender equality and grow the ranks of women in this field.
Recent setbacks widen the disparities
Workers across all sectors were hit hard by job losses during the pandemic, and women were affected disproportionately. An analysis by the International Labor Organization found that 4.2% of women’s employment was eliminated, compared to 3% for men. Because of pandemic-related restrictions, women were at higher risk of layoffs or reduced working hours—and they not only experienced more severe loss of income but also took on the biggest share of unpaid caregiving work for their families. A recent study by the U.S. National Bureau of Economic Research (NBER) produced similar results, suggesting that school and day care closures posed bigger challenges for working mothers.
Even after many businesses recovered from the pandemic, the employment situation did not improve for women. A media analysis of the 140,000 U.S. job cuts in December 2020 concluded that women accounted for all those job losses.
For cybersecurity, these overall workforce trends are especially relevant because women already hold a disproportionate number of jobs in computer-related occupations. While women comprise about 50% of the workforce, they represent only 25% of workers in computer-related roles.
Women working in cybersecurity know first-hand the reasons for this disparity. Behind closed doors, female CISOs and other executives frequently share their experiences about gender inequality and the difficulty getting ahead in the industry. The extreme workloads and schedules for cybersecurity workers across the board are also no secret—and the challenge of balancing such demands with family and caretaking duties makes this career unattractive to many women. Not to mention that just getting the job can feel like an uphill battle because women have to work a lot harder to get hired or promoted in cybersecurity, which is why 52% of women in this profession obtain postgraduate degrees, vs. 44% of men.
Meeting women on their own journey
Each of us can play a role in attracting more women to cybersecurity, whether by supporting each other, mentoring younger professionals as they navigate their careers, or inspiring young girls who are only beginning to explore their interests. Considering the recent setbacks that resulted from the pandemic, we must make up some lost ground—it is time to think more creatively and strategically.
One inspiring example in gender equality is the Make Work Work campaign by Chief, a private membership network that supports and connects women executive leaders. The goal of this campaign is to “amplify the conversation around women in the workforce and the policies needed to retain them.” Chief has invited women to join the dialog and share meaningful personal stories that could help promote women’s well-being in the labor force.
These kinds of conversations are relevant in cybersecurity as well, given that we have a shortage of women leaders who are instrumental role models to other women in all stages of their careers. We need more women CISOs and other security executives who can inspire other women. Yet, according to Chief, 38% of women executives across all industries considered leaving their jobs in 2022.
A recent survey by Chief found that feeling more valued and higher pay are the top two reasons that would compel those women leaders to stay (74% and 60% of participants, respectively, identified those factors). The survey also showed that flexible work arrangements and paid leave are now table stakes for women executives. For many organizations, however, meeting these basic needs remains a challenge, and cybersecurity is no exception.
A 2022 McKinsey study sheds more light on why women leaders leave their employers: 43% are burned out (compared to 31% of men at the same level). Additionally, 48% cite advancement opportunities as the reason to switch companies (vs. 44% of men) and 49% say that flexibility is one of the three primary factors they consider when deciding to leave or stay (vs. 34% of men). All these are salient data points for organizational leaders who strive to level the playing field for women in cybersecurity.
Providing more opportunities for success
Besides meeting women where they are and making cybersecurity roles work for them, we can set them up for success with more training and professional development opportunities. The Forté Foundation is an illustration of how an industry can approach this—its focus is on “changing the balance of power in the workplace” by helping women launch fulfilling careers in business through access to business education and professional development. The organization has mobilized over 50 leading MBA programs across the globe as supporters, and close to 10,000 women have earned or are pursuing MBAs thanks to Forté’s fellowship programs.
Among the organizations that are leading in women’s empowerment in cybersecurity are the Executive Women’s Forum (which offers mentorship, leadership, and scholarship programs to advance and develop women working in the information security, risk management, and privacy fields) and WiCyS (which offers skills advancement programs to women in cybersecurity through partnerships in academic, government, and the industry). There are many others, as well as private companies leading by example and government initiatives trying to fill the gaps—but this work is only just beginning.
These are all great examples of how strategic partnerships can be forged to address diversity, equality, and inclusion in cybersecurity. Every organization has the power of attracting more women to this profession and retaining them by implementing thoughtful changes. But the challenges are bigger than any one company or government agency. As leaders in cybersecurity, we all need to put our heads together and find more ways to work on a solution collaboratively.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.
