One week later and International Women’s Day is still fresh in our minds. There is still some way to go but every day that we challenge the stigma and bias that impact women in the workplace. Obrela Security Industries have launched a campaign to celebrate women in the cybersecurity industry. You can read their blog here
The persistent cyber skills shortage is getting worse. Despite gender representation generally improving over the past 5 years, there is still a significant lack of women entering and staying in the industry. With less than a quarter of C-level positions being filled by women, cyber organisations are susceptible to group think due to a homogenous workforce. And, ultimately, making unchallenged decisions can lead to less thorough security throughout an organisation making them weaker to vulnerabilities.
Why? Threat-actors are constantly evolving and growing in sophistication. If no new minds are employed to fill the skills gap within the sector, mistakes will be made and vulnerabilities overlooked. The threat-landscape continues to expand, and, as a result companies of all sizes, hospitals and schools continue to face the risk of being targeted and suffering immense damages.
The gender gap in cyber
Unfortunately, many people are still blind to the reality of the gender gap within the cybersecurity industry and don’t believe it is an issue. The main problem is not only that the industry is male-dominated but that it is perceived to be highly technical and, as such, only suited for men. This is exacerbated by the highly competitive nature that is often present within tech companies, which curates a negative and undesirable environment for women to thrive in. Women already often feel intimidated to join cybersecurity roles due to a lack of support and flexibility along with the negative stigma surrounding their place in the industry. What’s more is, job adverts typically use gender-coded words or phrases associated with gender stereotypes, that discourage women from applying from the get-go.
This gender gap is the result of women experiences little to no exposure to opportunities within the cybersecurity field. Highly technical career paths are mainly catered toward men in schools and universities and in some cases the perception that women don’t belong in the field persists, reducing the chances that young girls will choose to pursue their interest in anything technology related.
The Covid-19 pandemic only made the situation worse as job losses were 1.8 times higher for women than they were for men. Statistics from February 2021 showed that 5.4 million women lost their jobs in tech. This only emphasises that women are seen as more disposable in technical positions, when this couldn’t be further from the truth. It also fuelled the fire that positions in technology aren’t a safe and respectful environment for women to work in. As such, women have struggled to re-enter the field after taking losing their job, because the existing attitude hasn’t experienced a large enough shift.
The stigma that women can’t perform in male-dominated cyber or technology careers is down to a cultural bias. This view can be shifted with improved and increased education around what the industry can offer to women and how it can help them grow.
There are several things that organisations can do in order to bridge the gender gap in the industry, which will simultaneously improve their diversity of thought and overall security.
- Encourage in-person and online training: There are a plethora of resources on cybersecurity readily available online. Organisations should be encouraging both online and in-person training, although the former is a safer, more inclusive alternative to acquiring the skills needed to join the cyber industry.
- Create more opportunities for women to enter cyber – internships/apprenticeships/better benefits packages: By creating programmes that women can join to get a taste for the industry with the opportunity to remain working in cyber, organisations are increasing the chances of recruiting and retaining women in the field.
- Support women: This includes listening to women’s needs and working to overcome any barriers they face. Employers should be providing flexibility in the workspace with regards to maternity leave, family emergencies and the dynamics of their work environment and home life and building a relationship based on trust to allow women to feel safe and respected in the working environment.
- Share achievements: In order to encourage women to break into the field, it is vital to share the accomplishments of women already working within it. Organisations should be empowering women role models and showcasing their impact on the industry and their company. In order to do so, employers could provide platforms for women to speak at recruiting or industry events or share their talents and achievements on social media for other young women to see.
- Build a pipeline: Organisations have the power to build a pipeline by expanding K-12 education and funding the recruitment and retention of women in cyber. Beyond this, educational facilities should make coding and other technology courses accessible to all students in order to demonstrate that this career path isn’t limited to only one gender.
These are but a few straight-forward actions that organisations can take to make their organisation more inclusive to all genders, which in turn can strengthen their overall security posture.
The prevailing cultural bias needs to be eradicated from the bottom up. More education is needed to teach young students about the opportunities that can be found within the cyber community. Innovation cannot happen without diversity, and businesses must surround themselves with more diverse employees in order to encourage new and original ideas. Organisations must work toward eradicating unconscious bias by making conscious efforts to pick women as candidates for both positions in leadership and more technical fields. Ultimately, greater diversity will lead to more effective technology teams who can collaborate and challenge each other in order to outsmart evolving threat-actor techniques. This will work toward strengthening the cybersecurity culture within organisations and help protect them from looming threats.