Information security demand is far outpacing the supply of talented cybersecurity professionals—a result, in no small part, of an era where cyberthreats are more pervasive than ever. But the shortage of cybersecurity talent worldwide also creates another challenging issue: an industry that is not diverse and unwelcoming to a large portion of the workforce.
According to the “2017 Global Information Security Workforce Study: Women in Cybersecurity,” a PricewaterhouseCoopers (PwC) survey of over 19,000 information security professionals from 170 nations, women are vastly underrepresented in the cybersecurity industry, where a significant number face gender and pay discrimination.
The study found that on average, women comprised only 11 percent of the global cybersecurity workforce. This percentage was far lower in the Middle East (5 percent) and Europe (7 percent) and higher in North America (14 percent), which had the highest percentage of women cybersecurity professionals worldwide.
While the study did not go into specific regional factors, Sloane Menkes, principal of PwC’s Global Crisis Centre, noted that differences in these areas could be due to many variables, including “fewer challenges and barriers in the workforce and perhaps a less [significant] wage gap.”
Among all those surveyed globally, the majority (87 percent) of women cybersecurity professionals said they experienced unconscious discrimination, while just over half (53 percent) said they experienced an unexplained denial or delay in career advancement. Within North America, more women cybersecurity professionals in the United States (53 percent) said they experienced workplace discrimination based on their gender, ethnicity or cultural group than those in Mexico (44 percent) and Canada (39 percent).
Menkes explained unconscious discrimination in terms of situations where organizations includes “not bringing women cybersecurity professionals into projects and [not providing] them with opportunities, for example, through mentorship or sponsorship.” Menkes noted that discrimination is also involved in organizations “generally missing opportunities to better integrate women” into their teams and culture.
She also stressed how important sponsorship and mentorship are to solving the gender disparity in the cybersecurity industry, pointing to study findings that concluded women cybersecurity professionals were more likely to feel valued in their organization when provided with mentorship, sponsorship or skills development programs.
Menkes knows about these benefits firsthand. She praised some “incredible role models and mentors” she had early on in her career for helping her advance and overcome the challenges of “frequently being the only woman in the room and trying harder to find the right time to insert my voice into the conversation without fear of being undervalued.”
But across all roles, women cybersecurity professionals are still paid less than men. While the salary gap narrowed from 2015 to 2017 for those cybersecurity professionals in director and executive roles to a 3 percent discrepancy between men and women, for nonmanagerial roles, the gap widened from 4 percent to 6 percent over the same period.
Calling pay disparity a challenging problem for professional women “across the board,” Menkes advised companies to help close this gap “by moving to transparent pay structures that are also based on merit and movement through the profession.”
Salary, however, was not the only gender gap the survey found. While more women cybersecurity professionals (51 percent) had graduate degrees than men (45 percent) across the globe, men were more likely to have bachelor’s degrees in computer and information sciences (48 percent to 42 percent) and engineering (22 percent to 14 percent).
This disparity may likely start to fade in the near future when more millennial women enter the workforce, Menkes said. She pointed to a study conducted by the Center for Cyber Safety and Education’s Global Information Security Workforce, which found that slightly over half of women under the age of 29 held a degree in computer science.
“I think that our millennial generation is inspiring me to have a very bright perspective on the future of women in cybersecurity in the workforce,” Menkes said. But she added that organizations with cybersecurity roles still need to take a proactive role in promoting gender diversity in the cybersecurity field. She also called on them to “look at the universities that have the highest percentages of women participating in [cybersecurity or related] program and recruit from these sources.”