Getting more women into cybersecurity is not just a recruitment issue…

We need more women in cybersecurity.

With cyber attacks and data breaches hitting our headlines almost on a daily basis, every organisation whether public or private, small or large, is vulnerable to an attack. Although there is no denying that organisational awareness is on the rise, those behind the attacks are finding new and creative ways to bring an organisation to its knees.

It is worrying, therefore, that recent research by ESG found that in 2018 over half of IT and cybersecurity professionals across a number of industries claimed their organisation had a problematic shortage of cybersecurity skills.

So Why are we Facing such a Shortage?

A shortage of talent in cybersecurity roles is predominantly down to a lack of awareness of the opportunities that exist and an often flawed perception that you need to be technical to work in cybersecurity.

And these misconceptions are mainly seen by women.

After all, with women making up half of the UK population, the nation cannot afford to miss out on a huge group of talent in cybersecurity positions.

Whether its school workshops or women’s networks in the workplace, the UK needs to do more to address the balance and to foster female talent in the security industry both early on and throughout their careers.

Fostering Talent Early On

As the future leaders of the UK, we need to ensure we are investing in children at an early age by developing the right skills to support the future digital economy.

Despite a study from Unifrog finding a higher percentage of girls are taking A-levels in science, technology and maths, many are still avoiding going on to study the same subjects at university.

See also: Diversity in tech begins at home

With girls tending to lose interest in STEM subjects at the age of 15, according to a survey from Microsoft, policymakers, public and private organisations, and especially parents need to band together to raise awareness of the unique opportunities that come with working in industries – such as cybersecurity – early on.

The good news is that there are already a number of initiatives in place to communicate just how exciting cybersecurity roles can be.

For example, last year the government announced that schoolchildren in the UK will be offered lessons in cybersecurity in a bid to find the future leaders that will overcome the skills shortage currently undermining our confidence in the UK’s cyber defences.

And more recently, GCHQ’s National Cyber Security Centre ‘CyberFirst’ scheme plans to train 1150 children in skills such as cracking codes, securing IT networks and protecting friends from hacks this summer.

In short – organisations – both private and public – that fail to foster talent in the crucial childhood years will prevent the UK from adequately safeguarding itself against attacks now and in the future.

Facilitating an Inclusive Workplace

Whilst it’s of course vital that we start building a pipeline of young talent to protect the UK against cyber threats and breaches in the future, organisations are still a long way off from seeing those children reach the workplace.

In the meantime, there is a lot of work to be done to encourage women already in the workplace.

A fundamental factor preventing more women from holding cybersecurity roles is a pipeline problem within an organisation.

The first step to addressing this is to drive recruitment of women at graduate and apprentice levels.

But it doesn’t stop there. It is easy enough to put in place initiatives where half of a company’s cybersecurity graduates employed are women, but this is not just a numbers game.

Through building a female-inclusive culture and the provision of flexible working to support women throughout their career lifecycle, organisations need to facilitate an environment in which people are encouraged to be completely themselves.

For this, women’s networks can be a critical tool for providing peer support and advice, and to amplify the voice of women, leading to positive change in organisations.

And it’s the responsibility of the senior team to take the lead by championing gender parity within their organisation and showcasing female role models.

Addressing the Balance to get more Women in Cybersecurity

Whether this is through workshops at school or women’s networks in the workplace, women need more role models and support if we are to close the widening cybersecurity skills gap.

Industry conferences and events need more female representation and speakers. A great example of this was the recent BAE RESET conference, which was the first all-female cyber security conference. The aim was to ‘reset’ the balance by having female speakers who are expert practitioners and leaders in their fields.

Another great way to readdress the balance is to retrain and upskill workers to enter cybersecurity. This can include professionals looking for a new career path, or parents and carers looking to re-enter the job market following a break.

That’s why a new government-backed scheme, launched by Protection Group International (PGI) and supported by Hawker Chase to run a 10 week cyber-academy to encourage more women into the industry, is a hugely positive move.

Of course this is not just about women, this is about encouraging all types of diversity and making the industry as inclusive as possible to not just reduce the skills gap but to strengthen the capability. Indeed, it was a McKinsey report which found that companies with the most ethically/culturally diverse boards worldwide are two-fifths (43%) more likely to experience higher profits.

However, it’s disappointing to see that many minority groups, not just women, are still grossly underrepresented, with a report by (ISC)2 found that only a quarter (26%) of those in cybersecurity employment were from a minority group.

With attackers becoming more creative and savvy in their approach to cyber-attacks, a more diverse and inclusive cybersecurity team will be key in facilitating a broader range of ideas and perspectives about how to prevent an attack from taking place.

And it is only by engaging a diverse array of people in cybersecurity that we can hope to adequately defend the UK from attacks.