As of 2023, women make up only 20% and 25% of the cybersecurity workforce, according to training body ISC2. New research from Deloitte explores the reasons behind this gender gap, despite the high demand for skilled professionals in the industry.

Half of young working women interested in cybersecurity feel they lack sufficient knowledge of the field to pursue a career in it. Furthermore, 55% of all women surveyed believe the industry could prove intimidating, and 47% are concerned they wouldn’t be taken seriously.

The results, published in “POV Reimagined: Women in Cybersecurity” in October, are based on a survey of 8,000 non-cyber professionals from around the world conducted by Deloitte Global and media company The Female Quotient. They also conducted interviews with global female security leaders and group discussions with adults in and out of the industry.

Emily Mossburg, Deloitte Global cyber leader, said: “The cybersecurity industry is experiencing explosive growth, yet it’s facing a critical shortage of talent. It’s time to challenge the stereotypes and show women that cybersecurity not only offers the job security and growth opportunities they’re looking for, but also a chance to make a real difference in the world.”

Knowledge, inclusivity, and pay concerns deter women from security roles

According to ISC2, 90% of organisations face cybersecurity skills shortages. The global deficit is predicted to reach over 85 million skilled professionals by 2030. In the U.K., 35% of companies are struggling to permanently fill cyber roles, while 75% agree that there is an urgent skills gap.

Despite the opportunities available, young working women still feel discouraged from entering the industry, which female survey respondents attribute to three key limitations:

  1. A perceived need for cybersecurity expertise and a deep technology background.
  2. A great concern that the inclusive culture they crave does not exist within the industry.
  3. The need for fair, transparent compensation.

The second point is underscored by 51% of female respondents indicating that they don’t think there is room for someone like them in cybersecurity, and the same percentage feel they wouldn’t fit in or be able to express their authentic selves in the industry.

A 2023 study found that 83% of female security professionals have experienced exclusion at least once, in areas such as career growth, respect, recognition, access, and in workplace policies.

SEE: Few women hold cybersecurity leadership positions

Compensation is also a valid concern. Cybersecurity salaries are slightly higher for men than for women, averaging $148,035 for men and $141,066 for women in the U.S., or $115,003 for men and $109,609 for women globally, according to ISC2. However, ISC2 researchers say the industry appears to have more pay parity than the broader U.S. labour market.

These three primary concerns do not appear to impact men. While only 23% of working women have considered cybersecurity as a career, the percentage is 35% for men.

But despite the deterrents, women are aware of the benefits of joining the cyber industry. The Deloitte survey found that 48% of working women think there is a lot of growth potential within cyber, and 44% say the industry could offer them a thriving career.

These views are not unfounded, as 57% of women already working in cyber say that they have job security, 53% said they had opportunities to learn on the job, and 52% have a strong sense of purpose.

Bridging the gender gap in cybersecurity

The authors of the Deloitte report say that to dispel the myth that a cybersecurity career requires extensive technical expertise, the industry needs an image overhaul.

“To make cybersecurity feel less niche and technical, we can better frame cybersecurity as an essential element of digital transformation, which is more broad and mainstream,” they wrote. “This will help more women perceive cybersecurity as being familiar and accessible, making it easier to envision themselves thriving in the field.”

Additionally, active steps can be taken to alleviate concerns about inclusivity and pay transparency, which 30% of survey respondents said need to be focused on. These steps include:

  • Attracting and hiring more diverse personnel. For example, do not overemphasise technical skills in job descriptions where they are not important.
  • Offering more and better job positions. These could include internships and reskilling opportunities for career changers.
  • Instating pay equality. Eliminate pay and promotion gaps as well as offering family-friendly benefits like flexible working.
  • Placing women in more leadership positions. Mentorship initiatives provide a good opportunity to uplift women in cyber and create pathways into the industry.
  • Increase awareness of the reality of the industry. For example, promote technical and nontechnical-roles, work-life balance, and women’s achievements in cyber.
  • Creating training opportunities and community-building initiatives. These could include forums and networking events.

Amber Pearson, deputy CISO and executive director of Information Security Policy & Strategy at the U.S. Department of Veterans Affairs, said: “Overall, increasing the presence of women in cybersecurity can strengthen the industry, making it more innovative, resilient, and capable of addressing the complex challenges of the digital age.”

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday