Only 17% of respondents to the ISC2 Cybersecurity Workforce Study were women, showing a continued struggle for workplaces to recruit and retain women in this industry. This year’s report shows positive trends as well, with younger women finding paths into cybersecurity careers. ISC2 provided a detailed look at the state of women in the workforce, as well as tips for how to attract and retain diverse talent.
ISC2 surveyed 14,865 cybersecurity practitioners in North America, Europe, Asia, Latin America, the Middle East and Africa between April and May 2023. Forrester Research, Inc. collaborated with ISC2 to collect the data.
ISC2 estimated that 20% to 25% of people working in the cybersecurity field are women, with that number expected to rise to 35% by 2031.
When it comes to team composition (Figure A), on average, 23% of security teams include women. Notably, women reported more women on their teams: 30% of women said there were other women on their teams, as opposed to 22% of men. ISC2 said this suggests women tend to work at organizations with other women on the team.
Figure A
Cloud services, automotive and construction sectors reported the highest percentage of women on their teams (28%), but that number isn’t much higher than the sectors with the fewest percentage of women on their teams, which are the military and utilities sectors at 20%.
Cybersecurity salaries are slightly higher for men than for women (Figure B), averaging $148,035 for men and $141,066 for women in the U.S., or $115,003 for men and $109,609 for women globally. For people of color, the average cybersecurity salary in the U.S. is $143,610 for men and $135,630 for women.
Figure B
Of the people surveyed, 29% of women reported being discriminated against at work, compared to 19% of men. Additionally, 36% of women said they felt they could not be authentic at work, compared to 29% of men.
These numbers could vary widely based on country: women of Black or African descent in Canada, the U.K. and Ireland faced the most discrimination overall (53%), followed by men of Black and African descent in the same countries (42%).
People who face discrimination at work find it “harder to take risks, propose new ideas, or raise concerns,” noted McKinsey’s 2023 Women in the Workplace report.
Women and men report getting into cybersecurity for about the same reasons. The top reasons for why people pursue a cybersecurity career reported by ISC2 were career advancement opportunities (26% of women and 27% of men), the ability to solve problems (24% of women and 22% of men) and a high demand for cybersecurity skills (24% of women and 25% of men). Some additional differences between the two groups surveyed are:
Both groups report high job satisfaction when taking into account careers overall: 76% of women and 70% of men surveyed said they were satisfied with their cybersecurity job.
SEE: These strategies, methods and technologies can help you build an effective cyber threat hunting team. (TechRepublic Premium)
Women report fewer cybersecurity staffing shortages at their jobs compared to men (62% vs. 68%), from which ISC2 concluded that organizations that successfully attract diverse candidates solve their staffing problems slightly more effectively. Organizations women respondents work at tend to:
Recruiting more women and ensuring every member of the team feels comfortable in their work environment can go a long way toward filling open positions in the in-demand but still under-staffed field of cybersecurity. ISC2 offers the following suggestions for organizations that want to increase the number of women in cybersecurity and increase job satisfaction for those women already in the field:
“The benefits of an inclusive culture, especially in cybersecurity are plentiful — and critical,” said Clar Rosso, CEO of ISC2, in an email to TechRepublic. “Organizations that commit to inclusion bring problem solvers, analytical and critical thinkers, and diverse skill sets and backgrounds to the table to solve challenges and build opportunities.”