International Women’s Day 2026: why are there still so few women working in cybersecurity?

On International Women’s Day 2026, the number of women in cybersecurity jobs is stagnating. Despite multiple years of initiatives, women still only make up around 22% of the global workforce, according to ISC2. The proportion of women in US cybersecurity jobs is under 20%.

Women earn around 5% less than men in cybersecurity roles. Nearly half of all women in cybersecurity report career and growth challenges and almost one-third feel discriminated against at work.

By 2031, it’s predicted that women will make up one in three of cybersecurity employees. Yet the current level of momentum paints a frustrating picture that makes this seem unlikely.

More than a decade into conversations about gender diversity, the structural picture “has barely shifted”, says Jane Frankland MBE, CEO at KnewStart and founder of the IN Security movement. “At the current pace, the projection that women could represent one in three professionals by 2031 feels like wishful thinking.”

Outdated models

The cybersecurity industry is still “overwhelmingly male and built on outdated models of leadership, performance and career progression”, Frankland says. “Diversity initiatives are treated as a ‘nice to have’, rather than a strategic imperative – and that’s the core problem.”

For years, the narrative has been that there aren’t enough women coming into cyber. But recruitment numbers tell a different story, according to Frankland. “Women are entering technical fields at undergraduate and postgraduate levels in far greater proportions than a decade ago.”

The problem is retaining and promoting them. “When women join cybersecurity, they excel, but then the environment pushes them out before they reach positions of influence,” says Frankland.

This issue is down to the structures of the industry, including how performance is measured and leadership is defined. “These are hostile to sustainable careers for anyone not shaped by the traditional male archetype of leadership,” Frankland says.

In the US, where there has been pressure to roll back diversity initiatives in major markets, things are even worse than the UK. “This has led global organizations to quietly deprioritise equity goals,” says Frankland.

It’s resulting in equity programs getting shelved and progress regressing. “And what happens in the US, echoes around the world,” Frankland warns.

Women still face widespread discrimination

The experiences of women on the ground in cybersecurity tell a bleak tale of unconscious bias and sometimes, overt discrimination.

Carole Reeves, director of security operations at ANS, describes how early in her career, she noticed that speaking up or raising concerns about behavior could be interpreted differently, depending on who was saying it. “When women flag culture problems or inappropriate behaviour, they can sometimes be labelled as difficult, rather than constructive – even when the intention is to improve the workplace for everyone.”

Technical environments are still largely male-dominated, and that can create pressure for women to establish credibility quickly. “I often felt the need to do this to ensure my voice carried the same weight in the room,” says Reeves.

“It takes more than just knowledge and skills to survive here as a woman,” adds Ali Mackenzie-Cooper, senior architect at Axiologik. “We have to be better than the men we work with and held to different standards and behaviors. The words ‘assertive’ and ‘aggressive’ get used differently for each gender. Women have to find a way to challenge while not appearing to undermine our male colleagues.”

This leads to incidents where women report being talked over or dismissed in meetings. Others have stayed quiet while their own job role was explained to them by a male colleague. Mackenzie-Cooper describes a recent meeting in her work place when similar topics were discussed. “It was amazing to see how we've all had similar experiences and we shared some of our toolkits on how to deal with different scenarios.”

As an out gay woman with dyslexia and ADHD, Mackenzie-Cooper has often had to challenge and push the public and society’s views of what is acceptable. “I've been discriminated against many times and we often pick the battles or lines we'll push back on, but not all. It’s sad we still need to do this.”

Ana Vilhete is both a lawyer and recruitment agency owner. She’s seen first-hand how women are intentionally kept out of senior leadership positions – even when they are qualified to occupy them. “The usual suspects? Old boys’ networks. We see a lot of these in constructive unfair dismissal cases,” she says.

Sometimes, work environments are made so intolerable for women that they feel forced to leave. “We’re talking about her ideas being rejected, but then advanced when presented and co-opted by a male colleague,” Vilhete explains. “Being forced to over-explain their decisions, or worst of all being overworked because the team is aware she is eager to win them over after being isolated.”

One in three by 2031

Taking this into account, many say the prediction of one in three women in cybersecurity roles by 2031 is not going to happen.

Ruth Wandhofer, Blackwired's head of European markets tells ITPro this figure is “unrealistic”, even if significant measures are taken.

The challenge is that cyber has a significant portion of unfilled jobs, but tends to reject women, who mainly come in through the education route, via degree. “But the industry prefers certifications, so it’s not an issue with the STEM female pipeline,” says Wandhofer.

She warns that AI could make gender diversity even more challenging when hiring, too. The increasing use of AI in this process is likely to bring “even more problematic outcomes of filtering out the wrong candidates”, Wandhofer points out.

The biggest gender diversity gap is still in the more technical roles, says Kunjal Tanna, co-founder of cyber recruitment business, LT Harper. But interestingly, the number of jobs focused around governance, risk and compliance is decreasing considerably – and this is typically where women have been best represented in cybersecurity, she says. “This has massively contributed to the decline in the percentage representation of women in the industry.”

As another year of International Women’s Day arrives and passes, the cybersecurity industry knows there is still work to be done. “Some of the great things we can do and are working on, is recognizing and promoting the great work women do,” says Mackenzie-Cooper. “For example, coaching and mentoring in the workplace and going out to schools and colleges to meet women interested in the careers we do.”

At the same time, firms should consider employees from diverse backgrounds and adjacent industries – as they will bring a fresh perspective to those who are “trained” in cyber, says Tanna. “Be proactive about where you look for talent. If you’re only looking from competing organizations for people who have already been doing the same role, chances are you’ll struggle to diversify your workforce.”