Are cybersecurity teams underusing female talent? [Q&A]
Despite this there is still a clear divide across the technology sector generally, in both treatment and pay. So, is the cybersecurity sector under-utilizing female talent? And what advantages can a more gender diverse workforce deliver?
We spoke to Nicky Whiting, director of consultancy at business cybersecurity specialist Defense.com to find out.
BN: Why do you think women are under-represented in cybersecurity?
NW: There are many obstacles that women have to overcome to enter the cybersecurity industry, such as educational and societal pressures. There is also a perception around cybersecurity that it is a male-dominated space. It's a problem that affects the technology industry as a whole, women see it as being a bit of a boy's club, which can be really off-putting. It impacts every field in STEM (science, technology, engineering and math), where women make up less than a quarter of the global workforce.
Something as basic as a job advert can play a significant role in this. Studies have shown that masculine wording in adverts and male-sounding job roles put women off applying. They can discourage many women when they believe there are more men in a particular job and see that job as much less appealing. An action taken by Defense.com to counter this is to highlight the achievements of male and female employees in our job adverts and considering carefully how we word adverts. This shows potential female applicants that at Defense.com, their voices will be heard and their successes acknowledged, celebrated and rewarded.
BN: What advantages does a better gender balance deliver for the business?
NW: Apart from the obvious moral justifications, there is a strong business case for gender diversity. Having a diverse range of opinions, skills and experiences creates a better environment for innovation and creativity. This is crucial to the success of cybersecurity businesses, businesses need to take that on board. Organizations that promote diversity and inclusion regularly outperform those companies that do not.
A Boston Consulting Group report found that firms with more diverse management teams have 19 percent higher revenue than their less diverse competitors. It’s obvious, really, that having the broadest range of backgrounds, experiences, and skills will increase the likelihood of fresh, original ideas and cutting-edge innovation.
Diversity and gender balance also have significant benefits for employee retention. Recent research found that almost half of young people are likely to leave a role if it doesn't align with their values. Nearly half of the young people said that they wouldn't work for a company that wasn't actively pursuing diversity and inclusion. Cybersecurity firms need to take this on board especially, as the industry has stood at a zero percent unemployment rate for a long time and where there are over three and a half million job openings worldwide. Retaining the top talent will be the make or break for a cybersecurity business.
BN: What role does education have to play, and is there a need for greater investment in training?
NW: Education is both the problem and the solution to the gender gap in cybersecurity. The lack of female representation in STEM education is a major hindrance stopping women from entering the cybersecurity industry, although there are roles in the industry that don’t require STEM. Much more needs to be done to encourage women into STEM education, such as highlighting prominent female role models for young women. Organizations should take the lead on this by making a serious effort to showcase the success and stories of everyone, but especially women in cybersecurity. We also need to do more to influence parents and teachers, to raise awareness of the industry, the job opportunities on offer (beyond the perceived) as they in turn will influence the life choices of young women.
Investing in training and development is vital; offering this could attract women from other industries to cybersecurity. Defense.com offer thorough and in-depth training and continuing professional development for all employees tailored to their specific needs and career aspirations, so everyone is operating to the maximum of their abilities.
BN: How much progress has the industry made addressing gender balance in the last few years?
NW: Small steps have been taken by the cybersecurity industry in recent years to address the gender balance, however, there is still so much more to do. There have been improvements to note, and the industry is slowly heading in the right direction. A 2013 study found that women represented just 11 percent of all cybersecurity staff, a measly amount which left women massively underrepresented in cybersecurity. A 2019 study found that the number had risen to 20 percent, and the most recent stats show that around 25 percent of the global cybersecurity workforce now consists of women.
While there are clearly some improvements, they are pretty small and there is a long way to go, especially in the UK, which has one of the world's lowest amounts of female cybersecurity employees. This is something that the UK cybersecurity industry needs to take seriously and rectify as soon as possible. If the UK cybersecurity industry is to have a chance at staying competitive with counterparts from other countries, they need to embrace the innovation that comes with a diverse team.
BN: What needs to happen to make this a more attractive sector for female entrants?
NW: Cybersecurity businesses can introduce many strategies and policies to make the industry more appealing for female entrants. For example, having non-gendered language or specifically highlighting the accomplishments of female employees in job adverts can make all the difference when a woman is deciding whether cybersecurity is the industry she wants to be in or whether that role is right for her.
Introducing a flexible working environment is one innovative policy that could make the sector more attractive to female entrants. In the UK, women are far more likely to work part-time roles than men, so it makes sense for cybersecurity to have flexible working options. Flexible working options allow both men and women time for necessary non-work actions such as work/life balance, school runs, doctors' appointments and family time. Also, by having flexible working options, you are making the business culture more accepting and inclusive, and therefore it will be more appealing to women. Flexible working is a policy that Defense.com has introduced so that the women who work here feel valued. Those thinking of applying can see it as a business accepting and accommodating to its employees.
Women must be offered competitive salaries, training and development and internal opportunities for career progression. It's absolutely imperative that women are on a level pegging in terms of pay compared to their male counterparts. This is essential and has to be addressed to prove that women are equally valuable and valued team members. Only then will we start to see a genuine corner turned in the pursuit of gender parity in cybersecurity.