Cyber security sector gender balance shows modest signs of improvement

Female cyber security worker with glasses sitting at a workstation in an office environment.
(Image credit: Getty Images)

The number of women entering the cyber security industry is growing at a promising rate, according to new research from ISC2.

Analysis from the cyber security industry body shows that women now make up a larger percentage of new entrants to the field and are increasingly taking on leadership positions and hiring responsibilities.

While the average representation of women on cyber security teams stands at 23%, the figures for different age groups shows things are improving. Female practitioners in the ‘under 30’ age bracket now account for one-quarter security team headcounts.

ISC2 chief executive, Clar Rosso, said the research highlights an incremental - but still positive - upward trend in the number of women joining the cyber security industry.

"It’s great to see incremental progress of younger women entering cyber security; however, it’s not enough and more needs to be done," she said.

"We must continue to build a culture for all women that creates a sense of belonging that results in the retention of women in cyber security careers."

Only 11% of the workforce study participants said they had no women on their security teams.

The most equal gender mix was found in cloud services, automotive, and construction, where 28% of cyber security staff were female; military and utilities had the least equal, with just one-in-five.

Nor were salaries equal, with women earning an average of $109,609, compared with $115,003 for men.

Almost one-in-three women reported feeling discriminated against in the workplace, compared with 19% of men - with that figure rising to 53% for women of Black or African descent in Canada.

Diverse cyber security teams deliver value

According to the ISC2 report, having more diverse teams appears to improve the performance of an organization. 


Women reported lower cyber security talent shortages at their organizations than male participants - 62% versus 68% - with their organizations sourcing talent from other departments, implementing job rotations, and hiring those without cyber experience at higher rates.

Two-thirds of women said diversity has contributed to their security team’s success, and 78% believe an inclusive environment is essential for the team’s success.

Six-in-ten said DEI will continue to become more important for their security teams over the next five years, compared with 55% of men.

"Research reveals that the most engaged women in cyber security work at organizations that invest time and resources into diversity, equity and inclusion (DEI) initiatives such as offering competitive pay, hosting mentorship programs and establishing an inclusive culture that fosters professional development opportunities," Rosso said.

Unsurprisingly, women take the need for greater diversity more seriously than men. More than three-quarters of women saw it as important, compared with just 63% of men.

These figures echo recent research from recruitment firm Nigel Frank International, which found that most men don't think the tech industry is sexist: four-in-five believed men and women were treated equally in their workplace, with only 6% disagreeing.

Emma Woollacott

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.