Women represent just 7% of European cyber-security workforce
Women represent just 7% of European cyber-security workforce

A survey of over 19,000 cyber-security professionals from 170 countries has revealed a chronic shortage of women working in cyber-security amid a widening skills gap.

The survey is commissioned by (ISC)2's charitable arm, the Center for Cyber Safety and Education™ (the Center), and shows women to be forming just seven percent of the European cyber-security workforce, amongst the lowest proportion anywhere in the world.

The seven percent figures has also come down from a 10 percent representation of women in the workforce back in 2015.

The report calls for corporations to create more inclusive workplaces and to end gender pay inequity with the cyber-security skills gap projecting a global shortfall of 1.8 million workers by 2022.

Part of the eighth Global Information Security Workforce Study (GISWS), the Women in Cyber-security report surveyed 3694 cyber-security professionals in Europe, with 1043 from the United Kingdom (UK).

In the UK, the proportion of women stands at just eight percent, significantly less than the proportion of women working in all STEM industries across the UK. The revelations follow the recent pledge to introduce cyber-security into UK schools to help plug a skills gap that the Government says is a “national vulnerability that must be resolved”.

Holly Rostill, ethical hacker at PwC told SC Media UK: “At school I had no context about what my interest in maths and science could lead to and ended up working in cyber-security by chance. We can't take this risk with future generations and need to show more young people the range of exciting jobs in technology and how they can apply their skills and education in a real-life environment. Recent research from PwC shows that young girls are being put off tech careers as they don't know what they involve and they don't think they're creative enough. There is a huge education gap that we as an industry can help to fill by providing young people with access to as many role models working in cyber-security as possible.”

The study revealed that the cyber-security workforce in Europe has a higher gender pay gap for cyber-security than other regions, which sees men earning 14.7 percent more than women (approx. £9,100). This discrepancy is mirrored in the UK, which sees men earning an average of 15.5 percent (approx. £11,000) more than women, in spite of efforts from the Women and Equalities Committee calling on the Government to address the national gender pay gap.

Women are out-climbing men on the career ladder, yet this pay gap exists despite a greater proportion of women respondents holding managerial positions, with 51 percent of women in Europe holding managerial positions compared to 47 percent of men. This is also the case in the UK, with 64 percent of women in these roles compared to 57 percent of men in contrast to the national average where fewer women than men progress to senior positions.

Women are also more educated, with 63 percent of European women in cyber-security holding postgraduate degrees compared to 52 percent of men. In the UK, this figure stands at 50 percent of women compared to 37 percent of men.

When it comes to education specifics, 45 percent of organisations in Europe and 35 percent in the UK stated that they look for a technical degree. Just 27 percent of female workers in the UK have studied computer science, compared to 41 percent of men. In Europe, the figure stands at 44 percent of women compared to 51 percent of men.

Carmina Lees, vice president, security UK & Ireland at IBM told SC Media UK, “Highlighting the huge gender disparity in roles at all levels in the information security industry, especially as we move towards the C-level and managerial positions is crucial. This information is necessary to form a constructive strategy for change, ensuring we work together towards an equitable and fair mix of genders in the industry that includes pay levels that reflect position and responsibility. Exploring the regional differences shown in this report, it is heartening to see there are many places where inequality is being successfully addressed.”

The findings also suggest that women could be inadvertently “screened out” by employers' hiring criteria, following last month's GISWS study on millennials which revealed that 43 percent of companies in Europe and 35 percent of those in the UK, say they prioritise candidates with a cyber-security or related degree.

However, 76 percent of female professionals in the UK have never studied a computing degree, while UCAS indicate 13,000 fewer women than men study computer science in Britain.

Adding to this, 93 percent of European and UK employers prioritise job candidates with “previous experience”, yet women predominate among the most inexperienced candidates. Twenty-three percent of European women are under 35 compared to 17 percent of men, and in the UK, nearly twice as many female professionals are under 35 as men.

Adrian Davis, European MD at (ISC)² told SC: “These results highlight that the infosec profession is missing out on the talents and skills of 50 percent of the (working) population: women. The issues of the pay gap, overt discrimination and focus on ‘techie' skills and qualifications make our profession highly unattractive to women. Yet, if we are to succeed and thrive as a profession in an age where our skills and knowledge are in high demand, we must address these issues urgently and constructively: doing so will future-proof our profession and enhance our skills and reputation.”

Lucy Chaplin, manager at KPMG's Financial Services Technology Risk Consulting said: “As the findings show, female cyber-security professionals come from a far more diverse educational background than men and are less likely to have previous experience. By prioritising computing degrees and industry experience in their hiring checklists, employers are erecting a barrier to female recruits. We have managed to buck the industry trend and achieve near 50-50 gender parity among new graduate hires to our cyber-security division by recruiting just as many people with non-STEM degrees. Employers have to start recruiting outside STEM subjects, which women are less likely to study, if they want to bring more women into the profession.”