According to the Department for Science, Innovation and Technology (DSIT), only 17% of the UK cyber sector workforce is female, and this is down from 22% in 2022. To make matters worse, we’re fighting a losing battle against an ever-increasing cyber skills gap. In fact, there’s a shortfall of over 11,000 people to meet the demands of the UK workforce. This issue isn’t exclusive to the UK, however, with ENISA reporting a 300,000 person shortfall in Europe.
Plugging that gap is essential to protecting consumers and building digital trust but it needs to be done so thoughtfully and with diversity in mind. Leading and building the workforce is not just a matter of filling seats. We can’t afford to wait for change; we must actively pursue it.
Breaking Barriers: Dispel the Myths, Celebrate Diversity
How do we get there? We need to celebrate role models who will inspire people from underrepresented groups to overcome the obstacles they face. We need to dispel stereotypes that stand in the way of equality. The ways of thinking that lead to significant innovations—curiosity, ambition, conceptual thinking, and, most importantly, the unyielding belief that you can do it—come about from the way you learn to think. We must make sure that the next generation understands that gender plays no role in anyone’s ability to be an innovator or a leader.
Urgency in Action: The time of change is now!
School curriculums must reflect the world we want to live in. As we know, the cyber sector is a male-dominated space, and therefore women aren’t necessarily presented with the same opportunities. For instance, they might shy away from applying to a cybersecurity role unless they match every single piece of criteria.
This apprehension starts as far back as school years. Current school curriculums and broader societal gender norms wrongly position technology and cybersecurity as male industries. Schools should be doing more to encourage more women into the industry by teaching young girls that they have the same career opportunities and paths to follow as boys. Children need to be aware of all the options available to them, and part of that requires dispelling myths and stereotypes around industries that have historically been perceived as ‘male’ or ‘female’.
Businesses need to offer training opportunities
The responsibility to diversify the cybersecurity space doesn’t solely lie with schools, however. Businesses have a role to play in attracting and retaining female staff by ensuring that their working environments reflect the needs of everyone. For instance, businesses would benefit from offering inclusive policies such as flexible working, adequate maternity leave, or even help with childcare. At the same time, is the cyber industry appealing to career switchers or people returning to work? Is there anything that can be used to incentivise women to work in the cyber sector? These are the questions that businesses need to be asking themselves.
Demanding Change: Action Speaks Louder Than Words
People follow people. Prominent female role models and leaders are crucial when it comes to making cyber more attractive for women. Businesses should forefront their female leaders and ensure that they have diverse recruitment systems in place when looking for the next wave of talent.
By hiring staff from different walks of life and with varying degrees of experience, the industry will benefit from a wide range of skill sets and personality types, from the extremely technical side to the communication skills needed to explain complex topics to those unfamiliar with cyber. Nobody should be stopped from going into cyber if they have the willingness to learn and potential to succeed.
Organisations need to start making changes, as the current picture simply isn’t good enough. In its ongoing efforts to address the cybersecurity skills and gender gap, ISACA has recently partnered with SHE@CYBER to empower women in the sector by offering training. This collaboration supports ISACA’s involvement with other organisations like ECSO, utilizing ECSO’s Women4Cyber initiatives alongside ISACA’s One In Tech foundation’s SheLeadsTech program. These efforts aim to create a new wave of diverse talent for businesses. We need to arrive at a place where women feel empowered and able to train for a career in cyber and join the workforce to close the gap. Without a full and diverse pool of talent, businesses are at risk of increased cyberattacks, leading to damaged customer relationships and ultimately, a breakdown of digital trust.
