A significant gender gap exists in cybersecurity, with women occupying less than a quarter of the roles. However, if the number of women working in US cybersecurity did equal that of men, the economic footprint of the industry would increase by $30.4 billion, a Tessian report found.

The problem is much worse in the US, as the majority (82%) female cybersecurity professionals said the industry has a gender bias problem, compared with 49% of those in the UK.

The pay gap in the UK is worse, however, at 19%. The US gender pay gap for cybersecurity is 17%. If women’s salaries equaled men’s salaries in the US, an additional $12.7 billion would be added to the economy, Tessian’s Opportunity in Cybersecurity Report 2020 found.

SEE: IT leader’s guide to achieving workplace diversity (free PDF) (TechRepublic)

Ironically, there is a skills shortage in the cybersecurity workforce; it needs to grow by 145% to meet current global demand, an ISC2 report found.

“Need is the mother of invention. Highlighting the number of open positions and highlighting the fact that there are women with these skills in and outside of the industry is the first step,” said Carolann Shields, former CISO at KPMG, in the report. “The fact is, you’re cutting out 50% of the population when you don’t create an environment for women where they feel they can excel and actually progress their careers.”

Despite the 4 million job vacancies in the US and UK, the cybersecurity industry is still valued at $107.7 billion and €28.7 billion. However, those numbers would jump to $138.1 billion and €41.3 billion if the number of women in cybersecurity equaled that of men.

However, “A lot of this isn’t coming from men and women at the same level doing the same job and being paid a different amount. That’s often like a common misconception about the gender pay gap,” Tessian’s CFO Sabrina Castiglione said.

“What you often see is that women in these industries tend to be in more junior roles or more administrative, or some of the less technical roles that come at lower salaries,” Castiglione said.

A big reason women aren’t in these higher profile roles is because of cybersecurity’s image problem, according to the report.

The cybersecurity image

Some 42% of respondents said that the industry isn’t considered cool or exciting; and, half of women surveyed believe representations of the industry in media need to change in favor of encouraging more women to explore cybersecurity professions.

This image issue is a significant reason many women aren’t entering the cybersecurity landscape. Younger respondents, those ages 25 to 34, said the negative perceptions of cybersecurity are their biggest barrier to entry.

“These aren’t industries that are super attractive to women,” Castiglione said. “Women often come around to them late, since the younger generation polled thought cybersecurity was much less of a cool industry than older people.

“What this means, however, is that people coming into cybersecurity later in their careers have less time to build up that tenure,” Castiglione added. “This is then reflected in levels of seniority and ultimately the pay gaps as well.

“One of the most important things that companies can do is to show that it’s more than a guy in a hoodie, in a basement, sitting on the computer and never seeing the light of day,” she added.

Some 23% of respondents said that a lack of role models was a challenge they faced at the start of their careers, and 26% said more diverse role models would encourage more women into cybersecurity roles, the survey found.

The report outlined a couple ways organizations can remove these perceptions and hopefully attract more women to cybersecurity.

Focus on skills when hiring

“In all [tech] industries, not every job is behind the computer and coding. There are creative skills that are needed to bring these companies together,” Castiglione said. “That diversity, of sorts, within a company is really valuable. Even if someone isn’t on a technical path, there are all kinds of skills that are necessary in the cybersecurity industry.”

Women across work levels cited analytical thinking (45%), creative thinking (24%) and collaboration (21%) as some of the most important skills for thriving in their roles.

By highlighting the non-technical skills necessary for the job, as well as seeking out those skills, organizations can hopefully target more women to join the industry.

Highlight how cybersecurity is future-proof

Another way organizations can bring more women into cybersecurity is by emphasizing the future-proof nature of cybersecurity. Nearly all (93%) of respondents said they felt secure in their jobs, which is critical given how many people fear their jobs being replaced by automation.

Women cited their reasons for joining the industry, which included the ability to work on exciting and innovative projects (63%) and the belief that cybersecurity is one of the most important industries today (56%), the report found.

Highlighting those perks in job descriptions could help encourage more women to apply for cybersecurity jobs, removing the “hacker in the hoodie” mentality.


Tessian commissioned Opinion Matters to conduct the survey. The report surveyed 200 women in cybersecurity (100 in the UK and 100 in the US) to determine the challenges and experiences they’ve had in the industry. Respondents held various cybersecurity professions including CISO, network engineer, security architect, incident response, penetration tester, security analyst, and more.

To find the economic impact of gender equality in cybersecurity, Tessian also commissioned the Centre for Economics and Business Research.

For more, check out 4 key trends to hit the cybersecurity industry in 2020 on TechRepublic.

Also see

oatawa, Getty Images/iStockphoto