A woman on a computer with a threatening red background to indicate danger and cyber issues

Cybersecurity threats are growing at an alarming rate across the globe while at the same time, cybercriminals are becoming even more sophisticated in their methods of attacks, writes Debi Dowling, Chief of Staff & VP of Strategic Programs at Onapsis

Meanwhile, the shortage of cybersecurity talent is making it difficult for organisations and industries to meet these constantly shifting security demands. As such, the cybersecurity landscape has become increasingly challenging. In fact, cybercrime is expected to cost the world $10.5 trillion annually by 2025 but organisations are struggling to build the specialised skills required to manage these growing threats. According to ISACA’s latest State of Cybersecurity Report, 63% of enterprises have unfilled cybersecurity positions while labour shortages in the UK have become particularly acute. In fact, while there are currently about 339 000 cyber professionals in the UK (up 13% year-on-year), there is still a shortfall of 56 811 workers (up 70% year-on-year).

A lack of inclusion for women in cybersecurity

Despite this growing need for cybersecurity talent, we also continue to see significant underrepresentation and exclusion of women within the cybersecurity sector. A recent report on women in cybersecurity found that as of September 2022, women made up only 25% of the workforce in the global cybersecurity industry – with the UK doing marginally better with women making up 36% of the nation’s cybersecurity workforce. But, women are expected to represent only 30% of the global cybersecurity workforce by 2025 and 35% by 2031. This means that over a period just shy of a decade, the number of women in the industry will have grown by only 10%.

This lack of inclusion of women in the cybersecurity workforce is not only detrimental to the sector and to businesses’ security because it facilitates the continued shortage of much-needed cybersecurity skills, but also because it enables blind spots in cybersecurity through a narrowed lens of perspectives in the field. That’s why, if businesses are to tighten up their cybersecurity, they need to start meaningfully and seriously closing the gender gap.

Gender equality as a driver of progress

Ensuring the increased inclusion of women into the field of cybersecurity would do more than just fill empty chairs in the industry, it will also play a key role in broadening and strengthening an organisation’s security capabilities by bringing diverse perspectives to problem-solving and innovation.

In fact, it’s been well-proven that including women helps to ensure better outcomes of technological solutions by enabling organisations to approach the functionalities of technologies from a different perspective, thereby reducing any blind spots that would not get caught otherwise. For example, women internet users face a higher number of cybercrime incidents while being at an increased risk of financial data loss, violations of privacy, and security breaches.

Additionally, a more diverse workforce ultimately improves business performance as companies with a gender-diverse employee base tend to have better financial returns than national industry averages.

But, most importantly, by empowering more women to enter the cybersecurity industry, which is a well-paying, highly productive, and future-proof industry for employment, we would be able to strengthen and diversify national economies.

Attracting more women into cybersecurity

 According to the World Economic Forum, there’s a perception that awareness of cybersecurity is low among women and that the low participation of women in cybersecurity is due to a lack of access to cybersecurity education. This is not true. In fact, 82% of respondents to a global survey of female STEM undergraduate students said they had either some or a lot of knowledge about cybersecurity while 58% said they had access to cybersecurity education and 68% had already taken a cybersecurity-related course.

So, what exactly is acting as a barrier to entry for women in cybersecurity and how do we create a more inclusive cybersecurity workforce? Well, it’s not as simple as just recruiting more women into cybersecurity roles. Emphasis needs to be placed on training and education as well as encouraging women and young girls to pursue cybersecurity as a career path by providing mentorship and access to other female role models within the industry.

Attracting more females into cybersecurity – the see it to be it conundrum 

One of the biggest reasons that women don’t consider a career in cybersecurity is often because they’re simply not exposed to it as an option for them. As such, there remains a significant opportunity to attract more women into the field by exposing them to the broad and diverse positions available within cybersecurity from a young age (from secondary school to tertiary educational institutions) as well as through internships, projects, and other cybersecurity-related experiences like hackathons

The underrepresentation of women in the cybersecurity sector has a direct negative impact on the security and protection of people, organisations, industries, and entire economies. That’s why the inclusion of more women in cybersecurity is critical to not only closing the talent shortages of cybersecurity professionals but also creating a cyberspace that is safer while enabling a more inclusive cybersecurity industry.

If you are interested in Cyber Security, we have a number of incredible sessions being featured at our upcoming One Tech World conference on 27th April, find out more and reserve your ticket today.

Lianne Potter

Lianne Potter will be speaking for us at One Tech World about…

This company sucks, why your next cyber risk might be easier to spot than you think!

With the cost of living increasing and people navigating a post-covid world, and other uncertainties in business, there is a potential that we, the security function, could see a surge in risky behaviours that would be detrimental to the security of the organisations we serve. When people are under stress, mistakes happen, and people take short cuts, which leads to them becoming one of the hardest advisories to build resilience against – insider threats. In this session I will discuss how exciting research using Glassdoor for OSINT purposes can be applied to help you predict if your organisation is likely to engage in risky cyber activities, how to embrace grey area thinking to illuminate your blindspots, and how the tools and methodologies of anthropology can give us a strong foundation to build antho-centric security cultures within your organisation that will enable you to be proactive, not reactive to insider threats.

When 95% of cybersecurity breaches are caused by human error, we as security practitioners need to, and can do better to create a culture that enables all of us to build up our resilience against cyber threats inside and out.