New Study Exposes the Causes of Women's Exclusion from Cybersecurity

By: GWL Team | Thursday, 30 March 2023

A recent report by Women in CyberSecurity (WiCyS), an NGO devoted to the recruitment, retention, and advancement of women in cybersecurity, sheds light on the obstacles that prevent women from being retained and promoted into the field at the same rate as men as the industry struggles to fill a 3.4 million global job gap.

Women encountered a variety of workplace experiences that contributed to their overall feeling of exclusion and, as a result, their rates of satisfaction, productivity, and retention, according to the "State of Inclusion of Women in Cybersecurity" report, which was conducted in collaboration with the DEI firm Aleria.

The survey claims that women were particularly harmed by a lack of career and advancement prospects as well as by a lack of respect from peers, direct supervisors, and firm leadership. According to Lynn Dohm, executive director of WiCyS, "we know that the percentage of women in cybersecurity hovers around 24%, much below what it should be."

"We were curious to learn why this was the case and was partly but not fully shocked to learn that individuals, not corporate rules, were the main cause of women's sentiments of exclusion. This demonstrates how far we still need to go in terms of embracing women in the cybersecurity sector."

The study found that:

  • 61% of managers, 52% of peers, and 68% of participants acknowledged leadership as the basis of their feelings of exclusion. Comparatively, only 12% of participants cited workplace policies as a reason for exclusion.
  • 83% of individuals reported having experienced exclusion at least once.
  • The two categories that dominated the categories of experiences of exclusion at work were Career & Development (reported by 57% of participants) and Respect (reported by 56% of participants). Additional characteristics that are commonly mentioned include Recognition and Access, which were both mentioned by 41% of participants.
  • Incoming recruits report exclusion rates that are 17% higher than those who have worked for the company for two to five years, while the largest exclusion rates occur after six years.
  • Bigger businesses (those with 5,000 or more workers) appear to be more inclusive than smaller ones.
  • Compared to non-cybersecurity enterprises, cybersecurity firms have a greater level of exclusion. This result is consistent with studies that have found that technology companies, particularly for women, tend to have higher overall exclusion ratings than businesses in other industries.

Over 300 women participated in a series of workshops in February that collected the data for the report. They anonymously filled out surveys about themselves and their jobs, shared uncomfortable workplace incidents, and categorized each incident into common workplace elements like career & growth, respect, and work-life balance. 

Then, an exclusion score was created using the data. This score is a combination of prevalence (the percentage of participants who had at least one encounter), severity (the typical number of experiences shared per participant), and frequency (one-time or recurring).

Women reported events like having male employees watch porn in their presence, getting fewer "pats on the back" than males, and being requested to talk with a man in IT instead of them, out of a total of roughly 500 encounters that were gathered.

According to Paolo Gaudiano, co-founder and president of Aleria, "our study makes it very obvious that executives of any corporation must educate themselves about inclusion and must start considering inclusion as a vital aspect of their business strategy." 

"Understanding the barriers that impede women, who have so much to offer the business, from entering and progressing in the field of cybersecurity is crucial given the dire need for employees in the field. We believe that our study serves as a much-needed wake-up call for corporate leaders to make inclusion a fundamental component of their DEI strategy and objectives rather than just diversity as the main indicator."