Why women struggle in the cybersecurity industry

The workplace experiences of women in cybersecurity are dramatically worse than men across virtually every category, according to a WiCyS and Aleria survey.

Previous studies have illustrated that the representation of women in cybersecurity is much lower than it should be, but can’t explain why or how we can improve matters.

Women confront exclusion at higher rates

Women encounter exclusion at twice the rate of men, signaling a pressing need for industry-wide cultural and procedural changes to enhance inclusivity. The report also highlights that women are five times more likely to report exclusion from direct managers and peers, pointing to a critical area for organizations to address in creating a more supportive and inclusive work environment.

“Previous research has consistently shown a distinct underrepresentation of women in cybersecurity, but we’ve been in the dark about the root causes and the solutions,” said Lynn Dohm, Executive Director of WiCyS.

“This study changes that narrative. Armed with hard data and compelling firsthand accounts, we’re shedding light on the specific obstacles that women face. For the first time, we’re equipped with both the quantitative data and qualitative stories necessary to identify and dismantle the systemic barriers that hinder the recruitment, hiring, retention and advancement of women in cybersecurity,” added Dohm.

Top four categories of exclusion

The top four categories of exclusion faced by women are respect, career and growth, access and participation and recognition, signaling critical intervention points. Women report 350% more exclusion in recognition and 250% more in respect than their male counterparts.

The exclusion index for women is substantially higher across all categories, with distinct disparities, especially in recognition (450% higher) and respect (250% higher).

The data shows a glass ceiling effect, with 48% of women experiencing issues related to career and growth, significantly more than the 26% of men who report similar experiences.

Individuals with (dis)abilities and those with intersectional identities experience levels of workplace exclusion comparable to, or even exceeding, those related to gender, emphasizing the compounded impact of multiple differing identity traits.

Inclusive practices increase employee satisfaction, productivity, engagement and loyalty by significant margins, concurrently enhancing organizational revenues and retention while reducing costs and risks.

“This report underscores the tangible impact of inclusive policies. Organizations have a clear opportunity to significantly boost their financial results and employee satisfaction by addressing these disparities. Our analysis suggests that a company with $1 billion in revenue could be losing approximately $23 million annually due to differential treatment of women and people of color. This highlights the critical financial incentive companies gain from an inclusive workplace,” said Paolo Gaudiano, Chief Scientist of Aleria.

The report highlights the crucial significance of WiCyS’s mission and initiatives, which are focused on promoting a more inclusive and equitable cybersecurity environment. It recognizes that diversity goes beyond mere metrics and serves as a major competitive advantage that directly influences economic success.

The State of Inclusion Benchmark in Cybersecurity assessment was completed by collecting data from just over 1,000 employees including approximately 35% men and 65% women, representing more than 20 different organizations.