Women in Cybersecurity: Our Team Reflects on Five Significant Stats and Their Impact

As we celebrate International Women’s Day, it’s crucial to spotlight the strides and struggles of women in various fields, especially in sectors traditionally dominated by men. Cybersecurity is still one such field where gender diversity is not just a matter of equity but also a key to unlocking innovative solutions and growth. Yet, despite significant progress, women’s representation and experiences in cybersecurity tell a story of achievements and challenges.

This year, our team has decided to delve into the realities faced by women in cybersecurity, guided by five significant statistics that underscore where we stand—and where we aim to go. From representation in the workforce to the pay gap, educational achievements, funding for women-led initiatives, and leadership roles, each figure sheds light on the landscape women navigate in cybersecurity.

In the spirit of reflection and action, members from across our team have offered their insights, blending personal experiences with professional observations. Through this collective lens, we aim to not only present a nuanced picture of women’s status in cybersecurity but also to celebrate their resilience and contributions.

Representation in the Cybersecurity Workforce

According to a recent report from (ISC)2, women constitute just 24% of the cybersecurity and infosec workforce globally—a figure that, while showing progress, underscores the existing gap compared to the 30% representation across all digital sectors. This statistic paints a relatively uninspiring picture of gender diversity, particularly given the sector’s growing skills gap. A reported 3.5 million roles will remain unfilled in the industry by the end of 2025.

Gillian Welch, Head of Projects & Operational Improvements at ISMS.online, reflects on this disparity: “Looking back on initiatives like ‘Girls in Tech’ and ‘Girls Who Code’ since their start in 2007, it’s clear progress has been made, but not quickly enough. Could it be due to a lack of visible role models or exposure?”

The sector has indeed been actively addressing the gender diversity imbalance within its workforce for some time. As Gillian highlights, various initiatives have been created to:

• Offer mentoring, training, and networking opportunities to help women advance their careers in the infosec and cyber sector.
• The industry has partnered with training and education providers to encourage more women to study cybersecurity-related courses.
• Scholarships and grants are available for women interested in cybersecurity and information security.
• Universities are supported to provide more resources to support women in the field.

This suggests that Gillian’s point about the lack of visible role models could be a crucial missing piece of the puzzle. Seeing successful women and women who reflect your lived experience actively achieving in cybersecurity will inspire and encourage more young women to pursue cybersecurity and information security careers. The power of relatable mentors and role models is statistically proven, with research showing that “role models have an amplified benefit for women due to the gender biases, institutional barriers and negative stereotypes women have long had to contend with across a wide swathe of professional domains. In short, seeing is believing.”

Gillian also emphasises, “While expertise in the technical aspects of cybersecurity and information security is valuable, we also need to value diverse backgrounds and transferable skill sets; there is a place for everyone to provide value in cybersecurity.” Ultimately, what defines a good cybersecurity and infosec professional is how they approach problem-solving and other soft skills, such as verbal and written communication, presentation skills, leadership and logical reasoning. One thing successful cyber operators tend to have in common is a willingness to keep learning.

This sentiment is echoed by Aga Grabacz, Partner Marketing Manager at ISMS.online, who shares her perspective: “Things seem to be moving in the right direction, but I feel like more awareness is needed to help other women envision themselves growing as leaders in this sector. Speaking from my personal experience, I think the industry is incredibly accepting, not just for women but also for people from different ethnic backgrounds, educational levels, or cultural diversities. There is such a wide range of opportunities, offering real potential for women to join the cybersecurity sector and work towards making significant contributions in the field.”

Aga’s experience underscores the importance of breaking stereotypes and increasing awareness about the diverse opportunities available in cybersecurity. By showcasing the various roles and paths women can take within the industry, we can encourage more women to explore careers in this field and work towards closing the gender gap.

Gillian points out, “As the cybersecurity industry grows, it’s essential to encourage more women to join us.” By actively promoting diversity and inclusion and highlighting women’s achievements and contributions in cybersecurity, we can inspire the next generation of female professionals to join this dynamic and rewarding field.

Educational Achievements of Women in Cybersecurity

The second statistic we looked at highlights the impressive educational achievements of women in cybersecurity. According to (ISC)2 Workforce Study, 46% of women in the field hold advanced degrees, compared to 32% of their male counterparts. While this statistic underscores the high level of dedication and expertise that women bring to the industry, it also raises questions about why women need to pursue higher education at a greater rate than men to compete in the sector.

While advanced degrees provide individuals with valuable expertise and can open doors to leadership positions, it’s essential to recognise that women should not have to work harder than men to prove their worth in the field. The cybersecurity industry must address the systemic barriers and biases contributing to this disparity and create a more equitable environment where women can succeed based on their skills and experience rather than their gender.

To support women in cybersecurity, organisations must continue creating inclusive workplace cultures, providing mentorship and sponsorship opportunities, and actively working to eliminate bias in hiring and promotion processes. By taking these steps, the industry can create a more level playing field where women can thrive and advance their careers without needing to overcompensate with additional degrees.

The Gender Pay Gap

The third statistic we discussed sheds light on the persistent gender pay gap in the cybersecurity industry. On average, women earn 15% less than men in similar roles. This disparity indicates that there is still work to be done to achieve gender equality in the field. Interestingly, the recent (ISC)2 Workforce Study also highlighted that millennial women in cybersecurity are, for the first time, earning, on average, the same as their male counterparts. Still, this parity does not extend to all women in the sector.

Julia Heron, Head of Enterprise and Partner Sales at ISMS.online, shared her perspective: “It’s really positive to see that millennial women in cybersecurity are earning considerably more than any other generation of women in the sector. However, the gap shouldn’t exist for the same job role, in the same organisation type/size, and where the qualifications and experience are the same.”

The narrower pay gap for younger (millennial) women than older women suggests progress is being made. Still, it also highlights the fact that age discrimination may be compounding the issue of gender inequality in the industry. Julia raises essential questions about the factors contributing to the pay gap, such as differences in qualifications, organisational size, and women’s self-advocacy.

“The bigger problem, in my experience, is that many organisations are still not transparent in their pay structure. Women typically don’t know when they are getting less pay than their male counterparts,” Julia points out. “If an organisation has nothing to hide, why not publish the pay grade for that role, along with bonuses or incentives for over performance, and the career path and prospects ahead.”

The need for continued efforts to close the pay gap is evident. Organisations must take responsibility for ensuring that their compensation practices are fair and transparent and that women are valued equally for their contributions. Women in the industry can also advocate for themselves and share information with their peers.

Julia offers valuable advice for women in cybersecurity: “I encourage us all to connect with others in our industry. Share experiences and ask for testimonials where we have provided exceptional service. Don’t be afraid to promote yourselves, and let’s not be afraid to ask where we sit in the pay scale for our role in the company.”

Funding for Women-Led Cybersecurity Companies

The fourth stat we explored is positive, highlighting the growing support for women-led cybersecurity companies. According to recent data, these companies have received eight times more funding than they did just three years ago. This significant increase in investment is a testament to the value and potential that investors see in women-led ventures in the industry.

Gillian reflects on this encouraging trend: “It’s great to see positive steps towards funding female-led companies, but there are still too few companies that exist.” Despite the progress made in recent years, there is still a significant underrepresentation of women in leadership roles within the cybersecurity sector.

The impact of increased funding on innovation and growth in the industry cannot be overstated. With more resources at their disposal, women-led cybersecurity companies can invest in research and development, hire top talent, and scale their operations to meet the growing demand for their products and services. This, in turn, can lead to the development of new and innovative solutions to address the ever-evolving cybersecurity threats facing businesses and individuals alike.

Moreover, the success of women-led companies can inspire other women in the industry, encouraging them to take on leadership roles and start their own ventures. Gillian emphasises the importance of diverse leadership: “Diverse leadership, including women, has been proven to correlate with higher performance directly. Numerous studies highlight how companies with women in leadership roles tend to attract top talent (EY) and enjoy higher levels of customer satisfaction (Women in Business Census) as well as generally make more money.”

These findings underscore the business case for investing in women-led cybersecurity companies and promoting gender diversity in leadership positions. By creating a more inclusive and supportive environment for women entrepreneurs and executives, the industry can tap into a broader pool of talent, ideas, and perspectives, ultimately driving innovation and growth.

Women in Leadership Roles

The fifth stat highlights that despite the increase in funding for female-led cybersecurity organisations, women are still under-represented in top leadership positions within the cybersecurity industry. As of 2023, women held only 17% of CISO roles at Fortune 500 companies, indicating their barriers to advancing to high-level decision-making positions.

This is despite studies showing that gender diversity can improve cybersecurity outcomes. For example, a report by McKinsey & Company found that companies with more gender diversity were more likely to have better financial performance and more significant innovation. Additionally, diverse teams can better identify and address blind spots in cybersecurity.

According to a report by the National Cybersecurity Institute, organisations with more diverse workforces were also found to have a lower risk of cyberattacks. Organisations with at least 30% women in their cybersecurity teams experienced 40% fewer security incidents.

As Gillian notes, there are many reasons this disparity still exists in leadership roles, from “women being more likely to be caregivers, work less than full time and/or do more unpaid work” to “challenges like imposter syndrome and confidence gaps,” with studies showing these often hinder women’s willingness to put themselves forward for promotions or ask for internal support to progress into senior roles.

To support women’s career advancement, organisations should implement flexible work arrangements, provide mentorship programs, and actively promote diverse candidates for leadership roles. Challenging societal norms and supporting self-empowerment can also help create a more inclusive community.

Unlocking Gender Diversity in Infosec

As we reflect on the five significant statistics and the insights shared by our team members, it’s clear that while progress has been made in advancing gender equality in the cybersecurity industry, much work remains to be done. The challenges women face in this field are complex and multifaceted, ranging from underrepresentation and pay disparities to barriers to career advancement and leadership opportunities.

However, highlighting these issues and engaging in open, honest discussions can drive positive change and create a more inclusive and equitable industry for all. The stories and experiences shared by our team members serve as a powerful reminder that behind each statistic, real women are facing real challenges and working tirelessly to overcome them.

As a community, we have the power to make a difference. Whether you are a cybersecurity professional, an industry leader, or simply someone who believes in diversity and inclusion, we urge you to join us in taking action. This can mean advocating for fair pay and promotion practices in your organisation, mentoring and sponsoring women in the field, or speaking out against bias and discrimination when you see it.

Together, we can create a cybersecurity industry that genuinely reflects the diversity of our world and harnesses all its talents’ full potential. It won’t be easy and won’t happen overnight, but with dedication, collaboration, and a shared commitment to change, we can build a future where women thrive and lead in equal measure.