Ctdit23 1125 125 website image.jpg

Key steps for elevating women in cybersecurity

Key steps for elevating women in cybersecurity

What the industry needs to do to improve the diversity and therefore the quality of the UK's cybersecurity sector

The cybersecurity sector contributes over £10 billion to the UK economy and is a key industry globally - in fact, the UK is now the third-largest exporter of cybersecurity services with exports more than doubling since 2018. Despite this, the sector still faces a skills gap of around 14,100 people at the government's most recent estimate.

Closing this gap will require an investment in cybersecurity resources, not only to strengthen the cybersecurity of UK businesses but also to encourage economic growth in the sector. As part of this, attracting an increasingly diverse workforce which taps into talent with a wide range of skills and experiences across demographics will be crucially important.

According to the DCMS/Ipsos MORI 2021 report into cybersecurity skills in the UK labour market, the cyber sector workforce continues to lack diversity relative to the rest of the digital sectors. Relatively few cyber businesses have adapted their recruitment processes or carried out any specific activities to encourage applications from diverse groups, including gender diversity.

In the UK, 48% of the total workforce is female. However, in digital sectors women make up only 28% of positions. In cybersecurity specifically, only 22% of roles are held by women. Senior roles in cyber fare even worse, with only 13% of roles occupied by women.

The UK Cyber Security Council's recent Elevating Women in Cyber Symposium was held to explore these issues and discuss solutions with voices from right across the cybersecurity sector. The key takeaways from the discussion aimed to highlight what the industry needs to do to improve diversity and therefore the quality of the UK's cybersecurity sector.

Barriers to recruitment

A common problem with increasing the number of women in cybersecurity roles highlighted through the symposium is that there are comparatively few applications from women; a DCMS report found that only 12% of undergraduate students studying cybersecurity courses are female. In 2021, a DCMS/KPMG report found that many employers believed that there "was little they could do to improve diversity in cyber teams," noting a general lack of applications from female candidates.

The same DCMS/KPMG report also found that word-of-mouth recommendations were preferred methods for recruiting. In an already male dominated industry, this style of recruitment could perpetuate gender biases, particularly for senior roles. Ensuring hiring practices are as open as possible is key to encouraging more women into roles in cybersecurity.

From the symposium discussion, it was clear many felt that ensuring HR was involved in the recruitment process, with official job postings that avoided falling into the trap of being laden with jargon, was key to creating the open and inclusive recruitment processes needed to help encourage greater diversity.

Implementing this kind of approach can help avoid a "closed loop" scenario where job roles are filled via word of mouth from existing networks, creating a barrier to new entrants from different backgrounds and sectors who may not have established contacts in the industry.

What also became clear from the discussion is that the opening up of job opportunities to wider demographics also needs to be paired with greater education about the vast range of opportunities available in cyber to attract more women into the industry.

There is also an important role for showcasing successful women in the industry, creating role models for others, and demonstrating that it is possible to forge a successful career in cyber as a woman. The history of cyber has no shortage of extraordinary women, including Ada Lovelace, Hedy Lamarr, Joan Clarke and Parisa Tabriz, and it is important to elevate women in cyber roles to inspire the next generation.

From a Council perspective, one of the proactive steps being taken by the organisation to remove barriers to entry for women in cyber is through a policy of blind recruitment, which aims to help eliminate unconscious bias within the recruitment process.

The Council has also recently relaunched the Cyber Career Framework, the Certification Framework and Career Mapping Tool. These have been created to help both individuals and employers learn more about diverse pathways into cyber and the range of different opportunities available in cyber across a range of different skill sets.

The Council's chartered programmes have also been created to provide people interested in a career in cyber with clear routes into a range of different specialisms. By providing a clear route into the sector as part of a chartered programme recognised by the Council, these programmes help simplify the journey for new entrants into the industry and help provide clarity around the wide range of opportunities available for people from a whole range of different backgrounds.

Challenging stereotypes

The symposium discussion also highlighted the issue of stereotypes around cyber and how these too can hinder progress being made in terms of gender equality.

Marketing imagery and materials may not seem like a barrier to diversity, but by perpetuating perceived stereotypes of the industry, intentionally or otherwise, they can reinforce the idea to those outside the sector that a career in cyber isn't suited to them.

Another way in which stereotypes reproduce themselves is through non-inclusive language and terminology. Inaccessible jargon can create a barrier to entry. This is a particular problem when the cyber sector is home to many non-technical roles for which many people outside of the industry may be ideally suited.

Changing the way cybersecurity is marketed to be more inclusive, through gender diverse imagery and clear, jargon-free information, is a relatively simple change which could have a significant impact in increasing interest in cyber roles among women and other under-represented groups.

In reality, cyber is a fast-paced, exciting and vital industry where real differences can be made and a wide range of skills and experiences are required. Consistently sharing that message with the public is important if the industry is to attract the diverse range of talent it needs to be truly world leading.

As we look forward, the Council is committed to working with stakeholders from across cyber to help further elevate women and create an increasingly diverse, multi-talented sector. Whether that be through the Council's own initiatives, or encouraging businesses both large and small to collaborate to share learning and best practice, the Council will play an active role in facilitating a more diverse, inclusive sector.

Doing so will be crucial to ensuring the UK's cyber sector fulfils its potential and makes good on the government's ambition to make the UK the safest place to live and do business.

Helen Clarke is marketing and communications lead at the UK Cyber Security Council Join us for the Women In Tech Festival 2023

You may also like

Tech isn't as meritocratic as you think
/feature/4334521/tech-isnt-meritocratic

Leadership

Tech isn't as meritocratic as you think

And relying on graduates to fill vacancies isn’t working

Long reads: Why do so many women experience imposter syndrome?
/feature/4331535/long-reads-women-experience-imposter-syndrome

Leadership

Long reads: Why do so many women experience imposter syndrome?

And is it always a bad thing?

DEI non-profit Tech Talent Charter to close
/news/4324634/dei-profit-tech-talent-charter-close

Careers and Skills

DEI non-profit Tech Talent Charter to close

After a decade of driving diversity and inclusion across the tech sector