There’s a chronic shortage of women in information security

A survey of over 19,000 cybersecurity professionals has revealed a chronic shortage of women working in the cybersecurity amid a widening skills gap, with women forming just 7% of the European cybersecurity workforce, according to (ISC)2’s charitable arm, the Center for Cyber Safety and Education.

shortage women infosec

Male and female cybersecurity workforce composition, by region

Gender pay gap

The research has found that women in the European cybersecurity industry is subject to the worst gender pay gap of any region in the world. European male cybersecurity professionals earn 14.7% more than women (approx. 10,500 Euros).

While the survey indicated that a higher proportion of women work part time than men, 11% of women and 4% of men work under 35 hours in Europe, female professionals in Europe work on average only around 2 hours less than men per week.

“These results highlight that the infosec profession is missing out on the talents and skills of 50% of the (working) population: women. The issues of the pay gap, overt discrimination and focus on ‘techie’ skills and qualifications make our profession highly unattractive to women. Yet, if we are to succeed and thrive as a profession in an age where our skills and knowledge are in high demand, we must address these issues urgently and constructively: doing so will future-proof our profession and enhance our skills and reputation,” said Adrian Davis, European MD at (ISC)2.

The education divide

The findings highlight the fact that European employers tend to prioritise people with technical experience and qualifications, inadvertently favouring men and filtering out women because they are less likely to study STEM subjects. Forty-five percent of organisations state that they look for a technical degree while 44% of women have studied these degrees compared to 51% of men.

“As the findings show, female cyber security professionals come from a far more diverse educational background than men and are less likely to have previous experience. By prioritising computing degrees and industry experience in their hiring checklists, employers are erecting a barrier to female recruits. We have managed to buck the industry trend and achieve near 50-50 gender parity among new graduate hires to our cyber security division by recruiting just as many people with non-STEM degrees. Employers have to start recruiting outside STEM subjects, which women are less likely to study, if they want to bring more women into the profession,” said Lucy Chaplin, Manager at KPMG’s Financial Services Technology Risk Consulting.

shortage women infosec

Average North American cybersecurity salary gap in 2015 and 2017, by organizational position

Women out-climbing men on the career ladder

Despite the low proportion of women in the workforce, there are signs that those in the industry are outpacing men in progressing up the career ladder. 51% percent of women are in managerial positions, compared to 47% of men in Europe.

There are also signs that a greater percentage of those now entering the industry are women. Across Europe, 23% of the female workforce is under the age of 35 compared to just 17% of men, indicating a younger workforce.

“The results of (ISC)2’s research illustrate in a clear and quantitative way the workforce situation we encounter every day. Highlighting the huge gender disparity in roles at all levels in the Information Security industry, especially as we move towards the C-level and managerial positions is crucial. This information is necessary to form a constructive strategy for change, ensuring we work together towards an equitable and fair mix of genders in the industry that includes pay levels that reflect position and responsibility. Exploring the regional differences shown in this report, it is heartening to see there are many places where inequality is being successfully addressed. I look forward to examining these figures more closely and seeing what lessons can be learned,” said Carmina Lees, Vice President, Security UK & Ireland at IBM.