Women form just 7% of European cybersecurity workforce, while the region shows highest gender pay gap in the world, study finds
March 2017 by (ISC)²
The largest-ever survey of over 19,000 cybersecurity professionals, commissioned by (ISC)2’s charitable arm, the Center for Cyber Safety and Education™ (the Center), has revealed a chronic shortage of women working in the cybersecurity amid a widening skills gap, with women forming just 7% of the European cybersecurity workforce, amongst the lowest proportion anywhere in the world. The report calls for corporations to create more inclusive workplaces and to end gender pay inequity with the cybersecurity skills gap projecting a global shortfall of 1.8 million workers by 2022.
Part of the eighth Global Information Security Workforce Study (GISWS), the Women in Cybersecurity report surveyed 3,694 cybersecurity professionals in Europe. It revealed that the cybersecurity work force in Europe has a higher gender pay gap for cybersecurity than other regions, which sees men earning 14.7% more than women (approx. £9,100).
This pay gap exists despite a greater proportion of women respondents holding managerial positions, with 51% of women in Europe holding managerial positions compared to 47% of men. European women are also more educated, with 63% of women in cybersecurity holding postgraduate degrees compared to 52% of men.
The findings also suggest that women could be inadvertently ‘screened out’ by employers’ hiring criteria, following last month’s GISWS study on Millennials which revealed that 43% of companies in Europe, say they prioritise candidates with a cybersecurity or related degree. However, 56% of female professionals in Europe have never studied a computing degree.
Adding to this, 93% of European employers prioritise job candidates with ‘previous experience’, yet women predominate among the most inexperienced candidates. Twenty-three percent of European women are under 35 compared to 17% of men.
Gender pay gap
The research has found that women in the European cybersecurity industry is subject to the worst gender pay gap of any region in the world. European male cybersecurity professionals earn 14.7% more than women (approx. 10,500 Euros). While the survey indicated that a higher proportion of women work part time than men, 11% of women and 4% of men work under 35 hours in Europe, female professionals in Europe work on average only around 2 hours less than men per week.
The education divide
The findings highlight the fact that European employers tend to prioritise people with technical experience and qualifications, inadvertently favouring men and filtering out women because they are less likely to study STEM subjects. Forty-five percent of organisations state that they look for a technical degree while 44% of women have studied these degrees compared to 51% of men.
Women out-climbing men on the career ladder
Despite the low proportion of women in the workforce, there are signs that those in the industry are outpacing men in progressing up the career ladder. 51% percent of women are in managerial positions, compared to 47% of men in Europe. There are also signs that a greater percentage of those now entering the industry are women. Across Europe, 23% of the female workforce is under the age of 35 compared to just 17% of men, indicating a younger workforce.
Holly Rostill, Ethical Hacker at PwC: “At school I had no context about what my interest in maths and science could lead to and ended up working in cyber security by chance. We can’t take this risk with future generations and need to show more young people the range of exciting jobs in technology and how they can apply their skills and education in a real-life environment. Recent research from PwC shows that young girls are being put off tech careers as they don’t know what they involve and they don’t think they’re creative enough. There is a huge education gap that we as an industry can help to fill by providing young people with access to as many role models working in cyber security as possible.”
Adrian Davis, European MD at (ISC)2: “These results highlight that the infosec profession is missing out on the talents and skills of 50% of the (working) population: women. The issues of the pay gap, overt discrimination and focus on ‘techie’ skills and qualifications make our profession highly unattractive to women. Yet, if we are to succeed and thrive as a profession in an age where our skills and knowledge are in high demand, we must address these issues urgently and constructively: doing so will future-proof our profession and enhance our skills and reputation.”
Lucy Chaplin, Manager at KPMG’s Financial Services Technology Risk Consulting: “As the findings show, female cyber security professionals come from a far more diverse educational background than men and are less likely to have previous experience. By prioritising computing degrees and industry experience in their hiring checklists, employers are erecting a barrier to female recruits. We have managed to buck the industry trend and achieve near 50-50 gender parity among new graduate hires to our cyber security division by recruiting just as many people with non-STEM degrees. Employers have to start recruiting outside STEM subjects, which women are less likely to study, if they want to bring more women into the profession.”
Carmina Lees, Vice President, Security UK & Ireland at IBM: “The results of (ISC)2’s research illustrate in a clear and quantitative way the workforce situation we encounter every day. Highlighting the huge gender disparity in roles at all levels in the Information Security industry, especially as we move towards the C-level and managerial positions is crucial. This information is necessary to form a constructive strategy for change, ensuring we work together towards an equitable and fair mix of genders in the industry that includes pay levels that reflect position and responsibility. Exploring the regional differences shown in this report, it is heartening to see there are many places where inequality is being successfully addressed. I look forward to examining these figures more closely and seeing what lessons can be learned.”