The gender pay gap in cybersecurity

Businessman standing in work place throwing money in air in front of woman. Gender inequality concept. Vector illustration.

According to the Pew Research Center, women in the U.S. earned 84% of what men earned last year. This gap has remained relatively unchanged over the last decade. Some analysts have explained away this persistent disparity due to variables such as educational attainment, women leaving the workforce at higher rates, occupational segregation and work experience.

While it is plausible that those factors play a role in some data analysis, when we examine the data in cybersecurity by tenure, job function and position, the decades-long gap appears systemic.

Women make up roughly 25% of the cybersecurity workforce, globally earning less than three-quarters (72%) of their male counterparts.

In North America, women earned an average of $22,046 less than men, according to aggregate data from the last three (ISC)2 Cybersecurity Workforce Studies (2019, 2020 and 2021). Although the magnitude of the pay gap differs when the data is sliced further, the salary differential is universally significant.

According to the latest 2021 (ISC)2 Cybersecurity Workforce Study, the industry needs to grow 65% worldwide to meet current global demand. Women are essential to narrowing this gap, plus bringing more women into the profession would benefit organizational innovation and improve problem solving. To attract more women to the profession, we must close the gender pay gap.

The following pay breakdown outlines where pay disparities exist and can help organizational leaders understand where to focus their attention.


The salary gap starts early in cybersecurity: Women with 1-3 years of cybersecurity experience make nearly $19,951 less than men with the same years of experience, according to (ISC)2’s aggregated data.

Job Function

Using the NICE Framework, which describes seven high-level groupings of common cybersecurity functions, the 2021 (ISC)2 Cybersecurity Workforce Study determined that the two most common job functions are Oversee and Govern; and Securely Provision.

Although women statistically earn less than men across all NICE functional areas, the differential is most notable for professionals whose job responsibilities are primarily Securely Provision ($39,885); Analyze ($27,454); Collect and Operate ($23,807); and Oversee and Govern ($22,907) according to 2021 (ISC)2 data.


Representation of women in corporate hierarchy has improved over the years. In fact, previous (ISC)2 research found that higher percentages of women cybersecurity professionals are reaching positions such as chief technology officer (7% of women vs. 2% of men), vice president of IT (9% vs. 5%), IT director (18% vs. 14%) and C-level/executive (28% vs.19%). Despite this progress, pay equality is lacking.

Men make an average of $24,284 more than women in IT Director roles; $24,367 more in CTO roles, $25,239 more in IT Security Manager roles; and $33,236 more in CEO roles, according to the aggregated (ISC)2 data.

This specific analysis calls the question: If role and seniority are the same, why aren’t women and men paid the same?

How Do We Fix This Inequality?

Pay inequality cannot be fixed overnight; it takes a great deal of work and financial investment to complete. However, the long-term rewards are invaluable. Organizations that eradicate pay disparities can attract and retain more diverse professionals, unlock the numerous benefits of having a diverse workforce and improve employee morale, in addition to boosting economies.

To start, organizations must set standards for how pay is determined based on education level, relevant experience, responsibilities, and job performance. Next, they need to audit employee pay and identify pay gaps across roles and job levels. Once an organization understands where disparities exist against pay standards, it’s vital to course correct. This can be done all at once, or over a period of time. Communication with leaders and employees is key throughout this process. Also, pay audits should be performed annually to ensure equality persists, especially as people join and leave the organization.

Often what gets in the way in the workplace is unconscious bias which can influence decisions made during hiring, performance evaluation and promotion processes. Unconscious bias training is an effective way to elevate awareness. As it relates to hiring, job offers always should be weighed against pay standards.

Effective performance evaluations should be supported by clearly defined goals and KPIs. Managers must set measurable and realistic goals with their line reports quarterly or semi-annually and routinely check in on progress made toward those goals. This enables organizations to make salary increase and promotion decisions based on data. Performance reviews also should evaluate individuals on multiple dimensions of performance to ensure a holistic assessment. Similarly, promotion standards should be documented and quantifiable.

When more women succeed in cybersecurity, more women are attracted to the profession. This potential growth would fill an acute need since the cybersecurity skills shortage has reached 2.72 million worldwide. To make significant progress on the workforce gap, we must ensure cybersecurity is a rewarding career—in the sense that it provides job satisfaction and pays well—for all. (ISC)2 encourages all organizations to commit to DEI and close the gender pay gap. Visit the (ISC)2 DEI Resource Center for more information.

By Clar Rosso, CEO, (ISC)2

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.