By the time they are 15¾, most young women in Europe, Israel, and the US have already decided against a career in cybersecurity. This, according to a new study by Kaspersky Lab, is a major contributing factor to the industry’s continued struggle to attract female recruits, as it attempts to both narrow the gender gap in IT security and also address the growing skills shortage.
Earlier this year, Frost and Sullivan predicted there would be a shortfall of 1.8 million cybersecurity professionals by 2022. The Global Information Security Workforce Study (GISWS), which is conducted by the analyst firm on behalf of (ISC)² and its Centre for Cyber Safety and Education, recently found that the situation is exacerbated by the fact that women comprise only 11 per cent of the current cybersecurity workforce. Now, global cybersecurity company Kaspersky Lab, has released the findings of a new study, in a bid to understand why so few women are choosing to work in the sector.
Cybersecurity’s image among young people needs a revamp, claims Kaspersky Lab, if the industry is going to start encouraging more women into its ranks. The study found the terminology generally associated with cybersecurity roles – such as ‘hacker’ – is considered to have negative connotations and is unlikely to appeal to young women, two in three of whom say they want to pursue a career they are passionate about instead.
Furthermore, a third of young women think that cybersecurity professionals are ‘geeks’ and a quarter think they are ‘nerds’, perhaps also contributing to the fact that 78 per cent of young women have never considered a career in cybersecurity.
Working with industry experts, Kaspersky Lab’s study found that there is a perception problem around cybersecurity careers, and that this, combined with the fact that young women are making their career choices at such a young age, is making it difficult for the industry to encourage women into the sector.
Adam Maskatiya, General Manager at Kaspersky Lab UK & Ireland said, “We are part of a fast-growing and energetic sector, but there are simply too few women in the workforce. Unfortunately, it’s clear from our research that young women do not perceive cybersecurity to be a viable or attractive career option for them, and they are therefore deciding to pursue different options at a young age, making it hard for us to persuade them otherwise.
“Helping women to develop the right skills at an education level certainly has an important role to play in overcoming barriers to entry, and a lot of previous reports into STEM subject uptake have discussed this at length. But we believe there’s also a need to change the industry’s image as a whole, and promote the careers within. An important part of that process is making the roles more visible and more enticing, and debunking the stereotype of IT security geeks sitting in a dark room hacking computers,” Adam continued.
With 42 per cent of young people agreeing it is important to have a gender role model in their careers and half of women preferring to work in an environment that has an equal male/female split, Kaspersky Lab is calling for more female role models from within the industry to step up to the task of promoting cybersecurity careers.
Stuart Madnick, Professor of Information Technologies and founder of the MIT Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity commented on the findings, “As shown in the Kaspersky Lab report, young women are often not aware, do not feel prepared, and do not see relatable role models that motivate them to consider cybersecurity roles. In particular, many individuals have the mistaken belief that cybersecurity is strictly a technical job requiring strong coding skills. Although that is true for some jobs, cybersecurity threats often come from deficiencies in an organisation’s culture and procedures – having “soft skills” can be as, and sometimes even more, important as technical skills in making a difference in an organisation.
“We have found that workers often seek a job that is meaningful, has an impact on something important, and is fun and engaging. Cybersecurity jobs fit these criteria. We just need to rethink and improve how we communicate this,” he concluded.
 Mean average of 15.8 years old