Only 17% of respondents to the ISC2 Cybersecurity Workforce Study were women, showing a continued struggle for workplaces to recruit and retain women in this industry. This year’s report shows positive trends as well, with younger women finding paths into cybersecurity careers. ISC2 provided a detailed look at the state of women in the workforce, as well as tips for how to attract and retain diverse talent.
ISC2 surveyed 14,865 cybersecurity practitioners in North America, Europe, Asia, Latin America, the Middle East and Africa between April and May 2023. Forrester Research, Inc. collaborated with ISC2 to collect the data.
On average, women make up about one quarter of the cybersecurity field
ISC2 estimated that 20% to 25% of people working in the cybersecurity field are women, with that number expected to rise to 35% by 2031.
When it comes to team composition (Figure A), on average, 23% of security teams include women. Notably, women reported more women on their teams: 30% of women said there were other women on their teams, as opposed to 22% of men. ISC2 said this suggests women tend to work at organizations with other women on the team.
Figure A
Cloud services, automotive and construction sectors reported the highest percentage of women on their teams (28%), but that number isn’t much higher than the sectors with the fewest percentage of women on their teams, which are the military and utilities sectors at 20%.
Cybersecurity salaries show gender discrepancies
Cybersecurity salaries are slightly higher for men than for women (Figure B), averaging $148,035 for men and $141,066 for women in the U.S., or $115,003 for men and $109,609 for women globally. For people of color, the average cybersecurity salary in the U.S. is $143,610 for men and $135,630 for women.
Figure B
Women in cybersecurity may face discrimination or struggle with authenticity
Of the people surveyed, 29% of women reported being discriminated against at work, compared to 19% of men. Additionally, 36% of women said they felt they could not be authentic at work, compared to 29% of men.
These numbers could vary widely based on country: women of Black or African descent in Canada, the U.K. and Ireland faced the most discrimination overall (53%), followed by men of Black and African descent in the same countries (42%).
People who face discrimination at work find it “harder to take risks, propose new ideas, or raise concerns,” noted McKinsey’s 2023 Women in the Workplace report.
Why women get into cybersecurity and what that means for recruitment
Women and men report getting into cybersecurity for about the same reasons. The top reasons for why people pursue a cybersecurity career reported by ISC2 were career advancement opportunities (26% of women and 27% of men), the ability to solve problems (24% of women and 22% of men) and a high demand for cybersecurity skills (24% of women and 25% of men). Some additional differences between the two groups surveyed are:
- Interest in working in a continually evolving field: 21% of women and 18% of men.
- Finding personal/emotional satisfaction: 14% of women and 17% of men.
- Exposure to cybersecurity role models who encouraged them: 14% of women and 11% of men.
- Having done some cybersecurity on their own and enjoyed it: 10% of women and 15% of men.
Both groups report high job satisfaction when taking into account careers overall: 76% of women and 70% of men surveyed said they were satisfied with their cybersecurity job.
SEE: These strategies, methods and technologies can help you build an effective cyber threat hunting team. (TechRepublic Premium)
Women report fewer cybersecurity staffing shortages at their jobs compared to men (62% vs. 68%), from which ISC2 concluded that organizations that successfully attract diverse candidates solve their staffing problems slightly more effectively. Organizations women respondents work at tend to:
- Recruit potential talent from within, meaning employees outside cyber or IT.
- Perform job rotation, meaning moving employees between roles.
- Hire people without previous cybersecurity experience.
Fostering an inclusive culture benefits businesses
Recruiting more women and ensuring every member of the team feels comfortable in their work environment can go a long way toward filling open positions in the in-demand but still under-staffed field of cybersecurity. ISC2 offers the following suggestions for organizations that want to increase the number of women in cybersecurity and increase job satisfaction for those women already in the field:
- Create cybersecurity programs suitable for early education, exposing younger people to cybersecurity as a career option.
- Set specific hiring, recruitment and advancement metrics in your cybersecurity recruitment policies and practices related to adding and retaining women in the workforce.
- Pay women equally to men.
- Support women’s career advancement goals, particularly those who want to reach senior positions — seeing women in senior positions could inspire others to follow.
- Focus on the “inclusion” part of diversity, equity and inclusion, creating solid metrics and goals around making sure female employees feel included and authentic at work.
- Make the women already present on the cybersecurity team part of the recruitment process.
“The benefits of an inclusive culture, especially in cybersecurity are plentiful — and critical,” said Clar Rosso, CEO of ISC2, in an email to TechRepublic. “Organizations that commit to inclusion bring problem solvers, analytical and critical thinkers, and diverse skill sets and backgrounds to the table to solve challenges and build opportunities.”