In 2021 a joint study between the NCSC and KPMG found that women account for only 36% of the cyber security work force in the UK. This is an improvement on the figure from 2020, with the same report finding that women accounted for 31% of the cyber security workforce in the UK. Whilst the number of women in cyber has increased in recent years, we still have a lot of room for improvement when equalling this out. The data illustrated in the two aforementioned reports illuminates the lack of women in cyber, it does beg the question as to why this is? The general consensus as to why this is an issue comes down to two themes: Gender bias and perception of the industry.
Gender bias is something women tend to encounter from an early age whilst still in school. Studies have found male students are actively encouraged to pursue STEM subjects more so than their female counterparts. Studies have found that female student lose confidence in their abilities in typically male dominated fields the longer they stay in school.
An Israeli study from 2015 by the National Bureau of Economic Research found that a teacher knowing the gender of their student effect how stringently they were graded. The study was compromised of a teacher marking the papers, who could see the gendered names on the work; and an external grader marking anonymously. When it came to maths the internal teachers awarded male students higher grades, whereas the external examiner rated the female students higher. These lower marks dissuade female students from pursuing STEM subjects at a more advanced level.
Cyber security is often thought of as being a male dominated field. Whilst this is changing, the perception people sometimes have of the field is a bit of a boy’s club. This type of culture will often not appeal to female potential employees as it is often seen as unsupportive to women. It has been suggested that the colours and imagery used when advertising cyber security roles also has an impact on whether or not women pursue the role. When searching the term cyber security on a search engine you will be presented with an abundance of images of men and binary code with blue tones. Blue is classed as a masculine colour; whilst stereotyping based on gender is very outdated, it is still frequently used in marketing and design. This can lead women to not apply for roles as they think of cyber security as a job for men only. Whilst this incorrect perception of cyber security is happening less frequently and the number of women in the industry is increasing, it does still occur and cause restrictions.
Due to the current gender gap in STEM industries, particularly cyber, current female students looking to pursue cyber have a distinct lack of role models. When people are asked to think of cyber or a cyber professional most will think of some variation of the stereotypical man in a hoody. This is also the case across STEM subjects with studies finding that children draw STEM professionals as men more often than female, this is even the case with female children who are twice as likely to draw a male presenting STEM professional. This idea of cyber and STEM is confirmed by textbooks and pop culture that predominantly feature male STEM professionals.
Bringing more women into the industry is in the interest of everyone, by diversifying the workforce problems are looked at in new ways and new solutions are found. In a UK cyber security council article Dr. Claudia Natanson, The UK Cyber Security Council’s Chair stated: “In addition to worsening the sector’s skills gap, a less diverse workforce can stifle innovation and can lead to intrinsic biases within organisations, which cyber criminals can – and will – take full advantage of.”