A 2020 survey of infosec professionals found that U.S.-based male respondents take home an average annual salary of $91,000, while female participants earn an average of $62,000 per year.
The findings, shared with SC Media in advance of official publication, further illustrate the stark gender-based pay gap that exists in the cybersecurity industry, and highlight the importance of new or up-and-coming programs aimed at ending this inequity.
Security company Exabeam gleaned the data from its 2020 Cybersecurity Professionals Salary Skills and Stress survey, published last October. On Thursday, Exabeam will revisit the study in an upcoming new blog post that looks more closely at gender pay trends.
In the post, which SC Media previewed, Exabeam security strategist Samantha Humphries says that it’s the ever-widening cyber skills gap that necessitates the closing of the gender pay gap – especially if companies attract the best available personnel.
“How… can organizations in the U.S. hope to attract top female cybersecurity talent against the backdrop of widespread and egregious pay inequality?” Humphries writes. “While momentum and awareness of gender pay inequality is certainly building, the key question is: How quickly will employers act to close the salary gaps and deliver fair employment opportunities for all?”
“Given the chronic skills shortage affecting the cybersecurity sector, gender-based pay inequality is akin to an industry shooting itself in the foot,” she continues. “By achieving gender pay equality, the cybersecurity industry in the U.S. has the opportunity to show leadership for an issue that remains in place across the economy.”
Clar Rosso, CEO of the cyber training and certification non-profit organization (ISC)2 , agrees. “Women respondents to the (ISC)2 2020 Cybersecurity Workforce Study cited elimination of the pay and promotion gap as one of the best methods for increasing the presence of women in the field,” said Rosso. “As we work to address the workforce shortage in cybersecurity, eliminating pay disparities related to gender, race and ethnicity should be a key objective for all organization, and will be one of the most demonstrable ways to affect change.”
Conducted last August, Exabeam’s survey involved 351 security pros in the U.S., Australia, Germany, the U.K. and Singapore. The pay gap is even larger in Australia, where male respondents make an average of $131,000 per year, compared to women respondents who earn $95,000. Median salaries for men and women were generally the same in the U.K. and Germany. Only in Singapore did female respondents report earning more than their male peers.
The relatively small sample size must be factored into the analysis. However, other leading women in cybersecurity who were presented with the findings indicated that they were not surprised by the data. But at least there are a number of new initiatives in the works designed to turn such discouraging numbers around.
Last month, Katie Moussouris, founder and CEO of Luta Security, officially announced the launching of the Pay Equity Now Foundation. (Moussouris actually foreshadowed her announcement in an interview with SC Media as part of its annual Women in Security coverage.) According to a recent press release penned by Moussouris, the privately funded organization’s mission is “to strengthen women’s ability to be paid fairly, ensure fair class action litigation pathways, and help legally hold violators accountable when they fail to pay equitably.” The foundation’s first donation will go towards the creation of a gender and economic equity law center, which will open on the grounds of a U.S.-based university.
“Organizations should take the Pay Equity Now Pledge, and stop making excuses for what is a problem that can be solved if those in power decide to take action,” Moussouris told SC Media. “Women are currently projected to achieve pay equity with white men between 50 to 205 years from now. That means no female children alive today will be paid what they are worth, unless we fix it.”
Meanwhile, in 2021 the (ISC)2 will launch a Diversity, Equity and Inclusion initiative in 2021, Clar Rosso told SC Media.
“Unfortunately, findings like [Exabeam’s] about the gender pay gap are all too common, and are not unique to cybersecurity,” said Rosso. “Our own 2019 research found that women in cybersecurity globally earn 21 percent less than their male colleagues, which almost exactly matches the U.S. average across industries.”
Despite the sizable pay differences noted in the Exabeam survey, the participating men and women reported having very similar salary satisfaction levels: 88 percent of women reported being satisfied or very satisfied, compared to 86 percent of men. The question is: Is that a case of female cyber pros settling for less when they don’t have to?
In her upcoming post, Humphries says it’s critical that employers in cybersecurity begin taking urgent measures to address pay disparity, including forming internal diversity, equity and inclusion councils that can make business leaders aware of any problematic practices within their organizations.
“Female professionals already working in roles should expect to see pay gaps corrected and the recruitment process for open positions must operate with a level playing field for candidates of comparable skillset and experience,” writes Humphries. Additionally, “Women should feel 100 percent comfortable asking at the time of interview whether an organization has put a program in place to ensure pay equality. And having such programs should not be seen as an employee benefit, but as a fundamental ethos.”
But the responsibility to speak up can’t be only on women, noted Moussouris. “The onus is constantly placed upon women to fix a pervasive, systemic problem they didn’t create, by asking and hoping their employers do the right thing. Men must demand pay equity for all genders and races too. Businesses and government should refuse to do business with organizations that have not done the work to correct pay inequity.”