He is the subject— She is the other.
Simone de Beauvoir
In the Global Risks Report 2022 of the World Economic Forum, cybersecurity failure was ranked as the seventh place most pertinent global risk in the horizon for the next two years. Cybersecurity failure is one of the risks that has significantly worsened during the COVID-19 pandemic. Even though many countries and industries were able to adapt quickly to new forms of human interaction and remote work, it came at the expense of increased vulnerability to cyber threats.[1] This rather alarming development is exacerbated by a growing skills shortage in the cybersecurity field, which is projected to reach a global deficit of approximately 1.8 million cybersecurity professionals this year.[2] So overall, we’re not only threatened by cybercrime, we also don’t have the means to fight it.
Providing a cybersecure world is shaping up to be a crucial global challenge for the next few years. We need as many resources and capacity as we can muster to control, fight and prevent cybercrime, including cyber abuse and cyber harassment. This goal can only be met, however, by considering the bigger picture and disengaging from the masculine stereotypes that have been dominant for many years.[3] These stereotypes have had a major influence on women in cyber from two different points of view: first, on women’s portrayal as victims of cybercrime and technological bias, of having their needs ignored by cybersecurity measures and discussions, and second, on women as professionals in cyber. Addressing both perspectives is paramount to be well-equipped to face the challenges ahead and providing a cybersecure world—for everyone.
Part II – Female professionals in cybersecurity
Cybersecurity is gender-biased with regard to who it employs: Women’s representation in the cyber workforce is low.[4] In 2018, globally, only 11% of cybersecurity professionals were women.[5] Since then, that number fortunately has grown and by 2021, about a quarter of cybersecurity professionals worldwide were female.[6] Even though this is a good development, women are still greatly underrepresented. And specifically speaking, employing more women in cyber would help a great deal to counter the projected skills shortage. So, with gender equality being one of the 17 Sustainable Development Goals of the United Nations[7] and advantages of implementing this goal for cybersecurity: Why is there a gender gap in the cybersecurity profession?
The answer to this question is two-fold: For one, the number of women entering the field is low. For another, the retention rate of women after joining is not high enough.
Barriers for entry begin with the marketing of cybersecurity jobs. Terminology and images used in job descriptions are not gender-inclusive; they overrepresent men. As a result, they prevent women from seeing themselves doing the job, and subsequently from applying. A second mechanism withholding women from applying for a job in cyber is that they tend to feel less confident regarding their skills. (This perception stands against the backdrop of women in cyber actually being likely to be better qualified; regarding their level of expertise as well as their width of expertise.[5]) And, unlike men, they are less likely to apply for positions for which they do not feel completely qualified[8]—much like the so-called Paula Principle, describing the phenomenon that women often are held in positions below their level of competence while men are promoted to positions beyond their level of competence (Peter Principle).[9] A third problem is that the profession of cybersecurity is heavily stereotyped towards young, white, loner-type males working all night.[7],[10] These images of the “typical” cyber professional cause managers to be more likely to hire persons fulfilling the stereotypes instead of (married) women (with children, of any colour, and of all ages), even when the woman’s qualifications are superior. And of course—the mere fact of men being overrepresented in cybersecurity itself poses a hindrance for women to enter.[7]
Let’s assume women have overcome these obstacles and entered the field of cybersecurity, then what happens? They’re actually more likely to leave again than men, which accounts for the lower retention rates. A basic problem is that women, who indeed did cope with stereotypes and discrimination during the hiring process, after all cannot leave them behind while in their jobs. On the contrary: they still have to overcome stereotypes and discrimination on an everyday basis for a career in cybersecurity.[4],[5],[7] Another difficulty, especially in the early years of a woman’s career, is the lack of work-life-balance: a work environment expecting staff to be available 24/7 is particularly hard for women when they oftentimes are also expected to simultaneously take care of household and (little) children. On top of all that, women—being in a men’s world—face more difficulties in finding a mentor and building a network of peers. Both, however, are essential to establish trust within a company, to being able to challenge superiors in cases where perspectives diverge, and to generally successfully navigate corporate settings.[4]
Overall, women are underrepresented among cybersecurity professionals. To facilitate gender equality and face future challenges, women need to be more involved in cybersecurity. How? Read Women in Cyber – Part III: Empowering women in cyber.
Contact us for more information on the project and further updates, sign up for our newsletter and follow us on Twitter, LinkedIn, and Youtube.
References [1] World Economic Forum, The Global Risks Report 2022, 17th Edition, 2022. [2] Deloitte AG, 24 January 2022. https://www2.deloitte.com/ch/en/pages/risk/articles/women-in-cyber.html [3] Khan, M. K., Overcoming gender disparity in cybersecurity profession [Policy brief], G20 Insights. https://www.g20-insights.org/policy_briefs/overcoming-gender-disparity-in-cybersecurity-profession/ [4] Bagchi-Sen, S., Rao, H. R., Upadhyaya, S., & Chai, S., “Women in cybersecurity: A study of career advancement”, IT Professional, September/October 2009, 46-53. [5] Poster, W. R., „Cybersecurity needs women”, Nature, Vol. 555, March 2018, pp. 577-581. [6] (ISC)², Cybersecurity Workforce Study, 2021, 2021. [7] United Nations, Department of Economic and Social Affairs, „Sustainable development—the 17 goals“. https://sdgs.un.org/goals (31 January 2022). [8] James, S., The underrepresentation of females in the United States cybersecurity workforce: A multiple-case study [Doctoral dissertation], 2019. [9] Grimwood, C. & Popplestone, R. Women, management and care. The Macmillan Press Ltd, 1993. [10] Corneliussen, H., What brings women to cybersecurity? A qualitative study of women’s pathways to cybersecurity in Norway [Conference article], EICC 2020: Proceedings of the European Interdisciplinary Cybersecurity Conference, Reims, France, 18 November 2020.
Author:
Dr Agnes Hoechtl
University of Applied Sciences for Public Services in Bavaria - Department Police