The Real Reason Why Women Are Marginalized in Cybersecurity

Cybersecurity is one of the industries that suffers from significant bias and gender stereotypes.

This field is becoming increasingly important in our digital world, and as a result, it offers a variety of rewarding career paths and opportunities. However, there are still significant barriers and misperceptions that lead women to believe that a career in cybersecurity is not for them.

While pandemic-related unemployment has disproportionately impacted women (for example, one in every four women reported job loss due to a lack of childcare—twice the rate of men), the technology sector has been less affected. This was primarily due to their better preparedness to transition to remote work and flexible work models.

As a result, according to a Deloitte Global report, large global technology firms will still have “nearly 33% overall female representation in their workforces in 2022, up slightly more than two percentage points from 2019.”

While this is encouraging, the technology sector still has a long way to go in comparison to other industries. Women make up 47.7 percent of the global workforce outside of the high-tech sector. They also account for 50.2 percent of the college-educated workforce.

The gender gap is even wider in the cybersecurity industry, where women account for only 25% of the global cybersecurity workforce, according to the (ISC)2 Cybersecurity Workforce Study. This isn’t because there aren’t any jobs available.

According to the same study, the cybersecurity industry requires 2.72 million more professionals right now. And, despite the fact that 700,000 cybersecurity professionals have entered the workforce in the last year, the global workforce gap has only shrunk by 400,000, indicating that global demand continues to outpace supply. Women are simply not applying for or being recruited for these positions in general.

This lack of gender equity has also contributed directly to the low percentage of women in cybersecurity leadership roles. In 2021, for example, women held only 17 percent of Fortune 500 CISO positions, with only one female CISO in the top ten US companies.

Stereotypes and misconceptions continue to exist

Women continue to be underrepresented in the cybersecurity industry for three main reasons:

Problem #1: Cybersecurity is viewed as a man’s profession.

Many women do not consider cybersecurity as a career option because it is primarily perceived as a male-dominated field. Popular media, such as Eliot Alderson in the Mr Robot TV series, reinforces this image by depicting cyber activities as being performed by young geeks in hoodies working late at night in a dark room lit only by their computer screen. While it may make for compelling television, this stereotype is inaccurate and off-putting to many women, contributing to gender disparities in the workplace inadvertently.

While cybersecurity does have technical aspects, it is not solely a technical industry. As with any growing industry, there are numerous job opportunities that require human skills.

These include analytical, communication, management, and interpersonal skills, all of which are critical to the organization’s success and have a positive impact on the industry.

Problem #2 is that young women are underrepresented in STEM programs.

One reason why so few women apply for cybersecurity jobs is that they are underrepresented in STEM-related programs. However, there is no reason why women should be put off by the technical aspects of a career in cybersecurity.

In fact, standardized math tests for fourth, eighth, and twelfth graders show a slight difference in scores between male and female students. However, one of the drivers of the gender gap in technology fields, according to MIT WIM (Women in Mathematics), is not ability but “stereotype threat.”

This occurs when a person is concerned about confirming negative stereotypes, which causes women to conform to gender expectations by performing worse on assessments and decreasing their interest and persistence in STEM fields.

Pervasive gender biases, a lack of female role models, incorrect beliefs about technology being a male-dominated industry, and, sadly, teachers and parents who steer girls away from technology studies have all conspired to undermine the confidence of many young women who would otherwise be well-suited to pursue a STEM-related degree.

This is a global problem, with women earning less than 20% of all STEM degrees. According to Yale University, women earned only 18.7 percent of computer science degrees in the United States. Women make up less than one-fifth of computer science graduates in the United Kingdom and 35 other European countries.

In South and West Asia, women hold only 18.5 percent of STEM positions, while East Asia and the Pacific have 23.4 percent. This bias manifests itself early in their college careers. During their first year, 49.2 percent of women who intend to major in science and engineering switch to a non-STEM major.

Problem #3: Bias in cybersecurity hiring

We cannot solve the gender gap in STEM overnight. As a result, organizations must reconsider the composition of their cybersecurity staff. Many hiring managers—as well as human resources—see individuals with backgrounds in computer science, engineering, and other STEM fields as the most qualified cybersecurity candidates, often overlooking those with degrees in other fields.

However, if they want to build successful cybersecurity teams, they must broaden the range of backgrounds they look for when hiring new employees.

However, the problem extends beyond hiring. The reality is that women in cybersecurity roles are promoted at a slower rate than men, a phenomenon known as the “first rung” problem.

“Men are four times more likely to hold executive roles than their female counterparts, nine times more likely to have managerial roles than women, and [on average] they’re paid 6 percent more than women,” says Fortinet CISO Renee Tarun. Furthermore, women leave the field at twice the rate of men, citing gender bias, discrimination, and harassment as reasons.

5 steps to a more diverse and inclusive cybersecurity workforce

In addition to the primary objectives of the UN’s Sustainable Development Goals (goals four and five), which call for gender equality and equity, organizations must seriously consider how to integrate their DEI (Diversity, Equity, and Inclusion) objectives into their equally important digital innovation strategies. Because the evidence is clear: companies that implement gender equality practices throughout their organization experience increased profitability and productivity.

Given the rate at which digital innovation is transforming organizations (and cybercriminals’ efforts to exploit those digital acceleration efforts), now is the time to challenge our cybersecurity stereotypes.

We must work together to remove the bias that cybersecurity is a gender-specific field and change the perception that it is purely a computer science discipline.

Technology is only one of the silver bullets required to eliminate cyberattacks in cybersecurity. People, Products, and Processes are the three critical components of an effective cybersecurity strategy. However, if we continue to hire the same people—same gender, same educational background, same point of view—we are unlikely to develop strategies that will put us ahead of our cyber adversaries. For example, it is not a stretch to say that failure to rethink security strategies—beginning with who makes up our cybersecurity teams—played a role in the nearly 1100 percent increase in ransomware attacks experienced by organizations worldwide last year.

To change this perception and stay ahead of the cybercrime crisis that we are all facing, we must increase the number of voices, perspectives, and diversity on our cybersecurity teams.

Here are five fundamental principles to follow as we work to improve our cybersecurity teams and strategies:

1. Highlight the contributions of women in cybersecurity in our classrooms and businesses, identify and promote positive role models and examples, and actively encourage our young women to pursue a variety of career paths, experiences, and job functions.
2. Encourage young women to pursue STEM degrees and careers from an early age.
3. Create and/or participate in mentorship programs at all levels, beginning with basic technology classes in elementary schools and continuing through girls’ higher education and professional careers.
4. Implement more inclusive work environments by identifying and eliminating bias in hiring practices, training all employees (not just executives), and actively making every employee feel involved, valued, and respected. Furthermore, we must ensure that women, particularly women of color, are treated fairly and are fully integrated into the workplace.
5. Remove “first rung” barriers by actively promoting more women to leadership positions at all levels of the organization, starting with roles as project and team leads and first-tier managers.

This must be a commitment that we can all make. On this day, we reaffirm our commitment to promoting gender diversity, equity, and inclusion within Fortinet by assisting in the recruitment of more women into the cybersecurity industry through concrete action across the aforementioned strategies.