Article by Nicky Whiting, Director of Consultancy at

Women are woefully underrepresented across the entire technology sector, and while efforts are being made to increase female representation within the sector, a significant disparity still exists. 

Cybersecurity sits somewhere in the middle of the various sectors regarding representation, currently 10% higher than the industry average. However, there is a distinct underutilisation of female talent within cybersecurity: women across the globe hold more qualifications than their male counterparts. It is essential to mention that statistics such as these indicate that women often feel like they need to be more qualified than men to be considered for the same role within the cyber sector. As a result, there is currently an enormity of untapped potential leaking out of the industry. This leak needs fixing. As an industry, we are missing out on future leaders, fresh talent essential for innovation, and a collection of diverse mindsets, all of which are crucial to tackling the evolving threat landscape.

The business case for diversity in cybersecurity

By championing diversity and inclusion, businesses can play an important role in addressing long-term societal issues. In the workplace, this action helps to create an environment where innovation, originality and empathy thrive. Working environments where these factors are pervasive often produce cutting-edge products and solutions, precisely what is needed to secure systems against today’s cyber threats.

The lack of diversity in cybersecurity has resulted in teams comprising employees whose experiences, opinions, and ideas are incredibly similar. We need to see more effort being made to embrace better diversity management and a more holistic, inclusive approach to work.

For cybersecurity, as in other industries, the business case for diversity is overwhelming. Organisations that promote diversity and inclusion regularly outperform their rivals and see higher profitability than their less diverse counterparts. Boston Consulting Group found companies with more diverse management teams have 19% higher revenues than their less diverse counterparts. Diversity also has important benefits in boosting employee retention.

If we are to realise these benefits, investing in STEM education needs to be a priority for our industry.

The obstacles facing women in STEM

The gender disparity in the technology sector derives in part from a lack of female representation in STEM (Science, Technology, Engineering, Mathematics) education. A correction needs to occur if we are to see gender divisions within technology begin to shrink. This underrepresentation in STEM is spurred by many obstacles that hold talented women back.

A major obstacle is the lack of role models currently within cybersecurity. Young minds are easily moulded by various forms of media, and at present, there is a blatant lack of female cybersecurity role models for young women to look up to and emulate. Concerted efforts need to be made amongst organisations to ensure that the stories of women in cybersecurity are heard. The amplification of these stories will begin to rectify the STEM issue at hand while attracting females from other sectors who have had somewhat of an interest in this exciting field.

We also need to see more time invested by cybersecurity companies in showcasing to women what a STEM career has to offer them while also enlightening advisors, educators, and parents. Whether it is backing skills workshops in schools, careers presentations to students, or even targeted apprenticeship programmes – cybersecurity companies can and must do more to encourage more women to consider it as a career path. Furthermore, this work must happen as early as possible in young women’s lives, as it becomes increasingly difficult to move into STEM when someone chooses, for example, humanities-based exams at GCSE or A-Level.

It is also important to note that while STEM pathways provide the easiest route to obtaining a career in cybersecurity, it isn’t always necessary. Compliance – a vital part of modern cybersecurity – does not require a background in STEM. 

Creating a cybersecurity environment where women excel

Having worked in various info-sec companies across the UK, I am proud that at Bulletproof, we are committed to creating a workplace that celebrates diversity and encourages a truly inclusive approach to work.

The blueprint for achieving an environment like this is simple. Women must be highlighted within the business and encouraged to step into the spotlight. Employees must be afforded the flexibility needed to deal with the varying circumstances within their lives. Organisations need to ensure that inclusive language is used in all recruitment stages. Recruitment practices should also be re-evaluated to ensure that female candidates understand that they can apply for a role without ticking every box in terms of skills, as men will often apply for positions without doing so. Equal pay and opportunities must be afforded to every individual. Finally, ensuring that a culture of belonging and community is championed throughout the organisation is paramount. Any form of toxicity within an organisation, such as misogynistic comments, must be met with a zero-tolerance approach. This sends a strong message from the top, builds values and creates an environment where women feel comfortable and safe.

Ensuring that this environment is created will only benefit an organisation. The more diverse a cybersecurity workforce is, the more equipped it will be to deal with the myriad of threats facing the current cyber landscape.