A survey of over 19,000 cybersecurity professionals, commissioned by IT industry association (ISC)2’s charitable arm, the Center for Cyber Safety and Education, has found a chronic shortage of women working in cybersecurity amid a widening skills gap. Women form just 7pc of the European cybersecurity workforce, among the lowest proportion anywhere. The report authors call for corporations to create more inclusive workplaces and to end gender pay inequity with the cybersecurity skills gap projecting a global shortfall of 1.8 million workers by 2022.
Part of the eighth Global Information Security Workforce Study (GISWS), the Women in Cybersecurity report surveyed 3,694 cybersecurity people in Europe, with 1,043 from the United Kingdom (UK). In the UK, the proportion of women stands at just 8pc, significantly less than the proportion of women working in all STEM industries across the UK. The revelations follow the recent pledge to introduce cybersecurity into UK schools to help plug a skills gap that the Government says is a “national vulnerability that must be resolved”.
The study suggested that the cybersecurity work force in Europe has a higher gender pay gap for cybersecurity than other regions, which sees men earning 14.7pc more than women (about £9,100). This discrepancy is mirrored in the UK, which sees men earning an average of 15.5pc (about £11,000) more than women, in spite of efforts from the Women and Equalities Committee calling on the Government to address the national gender pay gap.
This pay gap exists despite a greater proportion of women respondents holding managerial positions, with 51pc of women in Europe holding managerial positions compared to 47pc of men. This is also the case in the UK; with 64pc of women in these roles compared to 57pc of men in contrast to the national average where fewer women than men progress to senior positions. Women are also more educated, with 63pc of European women in cybersecurity holding postgraduate degrees compared to 52pc of men. In the UK, this figure stands at 50pc of women compared to 37pc of men.
The findings also suggest that women could be inadvertently ‘screened out’ by employers’ hiring criteria, following last month’s GISWS study on Millennials which revealed that 43pc of companies in Europe and 35pc of those in the UK, say they prioritise candidates with a cybersecurity or related degree. However, 76pc of female professionals in the UK have never studied a computing degree, while UCAS indicates 13,000 fewer women than men study computer science in Britain. Adding to this, most, 93pc of European and UK employers prioritise job candidates with ‘previous experience’, yet women predominate among the most inexperienced candidates. Twenty-three percent of European women are under 35 compared to 17pc of men, and in the UK, nearly twice as many female professionals are under 35 as men.
Gender pay gap
The research has found that women in the European and UK cybersecurity industry are subject to the worst gender pay gap of any region in the world. European male cybersecurity professionals earn 14.7pc more than women (about £9,100), while in the UK men earn 15.5pc more (about £11,000) than women. While the survey indicated that a higher proportion of women work part time than men, 11pc of women and 4pc of men work under 35 hours in Europe, female professionals in Europe and the UK work on average only around two hours less than men per week.
Education
The findings highlight the fact that European and UK employers tend to prioritise people with technical experience and qualifications, inadvertently favouring men and filtering out women because they are less likely to study STEM subjects. Forty-five percent of organisations in Europe and 35pc the UK state that they look for a technical degree while just 27pc of female professionals in the UK have studied computer science degrees, compared with 41pc of men. The figure in Europe stands at 44pc of women compared to 51pc of men.
Women out-climbing men
Despite the low proportion of women in the workforce, there are signs that those in the industry are outpacing men in progressing up the career ladder. 51 percent of women are in managerial positions, compared to 47pc of men in Europe, and this majority is mirrored in the UK with 64 per cent and 57pc respectively. There are also signs that a greater percentage of those now entering the industry are women. Across Europe, 23pc of the female workforce is under the age of 35 compared to just 17pc of men, indicating a younger workforce; in the UK, female cybersecurity professionals outnumber male professionals by two-to-one in the under-35 age group (21pc female versus 11pc men).
Industry reaction:
Holly Rostill, Ethical Hacker at PwC said: “At school I had no context about what my interest in maths and science could lead to and ended up working in cyber security by chance. We can’t take this risk with future generations and need to show more young people the range of exciting jobs in technology and how they can apply their skills and education in a real-life environment. Recent research from PwC shows that young girls are being put off tech careers as they don’t know what they involve and they don’t think they’re creative enough. There is a huge education gap that we as an industry can help to fill by providing young people with access to as many role models working in cyber security as possible.”
Adrian Davis, European MD at (ISC)2 said: “These results highlight that the infosec profession is missing out on the talents and skills of 50 per cent of the (working) population: women. The issues of the pay gap, overt discrimination and focus on ‘techie’ skills and qualifications make our profession highly unattractive to women. Yet, if we are to succeed and thrive as a profession in an age where our skills and knowledge are in high demand, we must address these issues urgently and constructively: doing so will future-proof our profession and enhance our skills and reputation.”
Lucy Chaplin, Manager at KPMG’s Financial Services Technology Risk Consulting said: “As the findings show, female cyber security professionals come from a far more diverse educational background than men and are less likely to have previous experience. By prioritising computing degrees and industry experience in their hiring checklists, employers are erecting a barrier to female recruits. We have managed to buck the industry trend and achieve near 50-50 gender parity among new graduate hires to our cyber security division by recruiting just as many people with non-STEM degrees. Employers have to start recruiting outside STEM subjects, which women are less likely to study, if they want to bring more women into the profession.”
Visit www.iamcybersafe.org.
