The number of women working in the UK cyber security industry has decreased, sparking concerns that efforts to improve diversity in the space are falling flat.
A report from the UK government on cyber security skills across the labor market found that only 17% of the cyber sector workforce is female, marking a decrease from 22% last year and on par with 2021 and 2020 statistics.
The study found that just 14% of senior roles are filled by women across the industry, a figure that’s risen steeply since 2021’s result of just 3%, but one that still underlines a clear imbalance of power.
The report noted that the proportion of women in the cyber workforce has remained “broadly consistent” in recent years. The results from 2021, for example, showed that 16% of the cyber workforce was female, indicating only a very small improvement in the space of two years.
“Although there were signs of an upward trend last year, this has not been sustained,” it said.
The dip in female representation comes at a critical time in the cyber security space, with demand for skills rising steeply in recent years.
The report said there is an estimated shortfall of 11,200 people in the industry, and while this does mark a dip from 14,100 in 2021, this is largely due to slower growth in the sector.
RELATED RESOURCE
Teaching good cyber security behaviors with Seinfeld
Overcome the employee engagement challenge in security awareness training.
Around 50% of all UK businesses were found to have a “basic cyber security skills gap” while one-third (33%) have an “advanced” security skills gap.
This aligns with previous estimates from 2022 and 2021, and highlights that firms across the country are still contending with an acute skills shortfall amid a period of rising threats.
An analysis of cyber security job postings in the last year shows that firms are seeking to bolster security-related skills within their workforce.
160,035 job postings were recorded last year, but 37% of these vacancies were reported as “hard to fill” by businesses, the report said.
What’s being done to improve diversity?
The report noted that businesses are accelerating efforts to improve workforce diversity.
Nearly half (40%) of cyber firms said they had taken action to “adapt their recruitment processes or carried out specific activities” to attract and encourage applications from diverse groups.
38% also said they have accelerated efforts to recruit more women and bolster gender diversity within the workforce.
Across all “diverse groups” - which spans women, people from ethnic minority backgrounds, neurodiverse, and physically disabled people - women were “slightly more likely” to have been targeted in recruitment drives.
Amanda Finch, CEO at The Chartered Institute of Information Security (CIISec) said that her organization’s own research shows firms can still do more to attract female talent and encourage women to enter the industry.
“Often the security industry is stereotyped as something of a ‘boys only club’. CIISec’s latest state of the industry report highlighted the progress the industry still needs to make on this,” she said.
“38% of organizations have not implemented development programs to attract women to join the profession or promote those already in it, and a further 5% have tried but failed.”
Alternative routes into cyber
Employers also revealed they are exploring alternative routes into the cyber workforce for diverse groups. However, the report noted that this is typically focused on entry-level roles.
“Hiring through non-degree routes” was identified as a key approach among many, with ‘capture the flag’ tests used to “identify raw talent”.
Similarly, firms revealed they are also working with third-sector organizations to improve support for diverse groups within the workforce talent pool.
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
Anthropic CEO Dario Amodei thinks we're burying our heads in the sand on AI job lossesNews With AI set to hit entry-level jobs especially, some industry execs say clear warning signs are being ignored
-
Women in tech are plagued by imposter syndrome – here are three tips to overcome lingering doubtsNews Imposter syndrome among female tech workers gets worse as careers progress
-
‘Employees aren’t having it’: European workers are pushing back on the US-style ‘always on’ work culture – many are worried about the rise of ‘hustle culture’ and a third would quit if forced back to the officeNews New research shows European workers are pushing back on the 'always on' culture and fear US-style corporate policies creeping into workplaces.
-
Women show more team spirit when it comes to cybersecurity, yet they're still missing out on opportunitiesNews While they're more likely to believe that responsibility should be shared, women are less likely to get the necessary training
-
Imposter syndrome is pushing women out of techNews Men have dominated the tech space, though some evidence suggests that it's beginning to change
-
DEI rollbacks could exacerbate tech talent shortages – nearly half of recruitment leaders worry diversity cuts will impact their company’s appeal and employee retentionNews Finding talent with AI skills has already become a major challenge for enterprises, but with some enterprises shelving DEI hiring practices, research suggests the situation could get worse.
-
Women in tech think the industry has changed for the better, but there’s still more work to be doneNews 84% of female tech leaders in the US believe the industry has changed for the better, but lingering issues still persist.
-
Businesses know they have major skills deficits, but less than half plan on hiring more womenNews Male IT leaders remain complacent about gender diversity despite widespread skills shortages
-
BAE Systems grows cyber and intelligence business, raises profit forecastsNews A worsening threat landscape has prompted many nations to invest in cyber more heavily
