ISC2 Women in Cybersecurity 2024 Research Report

Click Here for the Full Report

 

Job Satisfaction, the Persistent Pay Gap and Ongoing Challenges

Overall, women in cybersecurity like the work that they do — and at a higher rate than men. Some 76% of women reported being satisfied with their jobs compared to 70% of men surveyed. Given that 85% of employees worldwide admit to hating their jobs when surveyed anonymously, both men and women in cybersecurity appear to be doing very well. Women participants rated their overall job satisfaction higher than men for the past five years. That gap grew in the past two years, with a 9% difference in 2022 and a 6% difference in 2023. Women participants intend to stay at their current organizations longer than men who participated. More than half (53%) plan to stay for five years compared to 49% of men in the study.

Satisfaction does not necessarily translate into passion, and women participants reported lower levels of passion for cybersecurity work in general and feeling competent in their roles than men. Women also reported lower levels of satisfaction with their teams and departments. Some 64% of women are satisfied with their teams, compared to 67% of men, while 58% of women respondents said they are satisfied with their departments, compared to 61% of respondents who are men.

Passion for cybersecurity trended positively with tenure in the field, but we saw a dip amongst women respondents with 10 to 15 years of experience. The feeling of competency increased with the length of tenure in cybersecurity, but men and women participants progressed at very different rates. The career growth of men who responded was very linear, with feelings of competency consistently increasing with tenure in cybersecurity. The results for women participants were not so linear.

Feelings of competency dipped amongst women in the 6–9 years of tenure group. The gap increased with tenure (2% difference in the 10–15 years tenure group, 4% difference in the 16+ years tenure group).

ISC2 research also showed that women cybersecurity professionals continue to struggle with fair compensation, an issue that is not unique to the industry. In the U.S., the pay gap has not changed much in the last two decades, and globally, the gender pay gap stands at approximately 20%.

The average global salary of women participants in ISC2's 2023 study was $109,609 compared to $115,003 for the men who participated, a difference of $5,400. The average salary for U.S. women participants was $141,066 compared to $148,035 for men, a difference of nearly $7,000. Additional U.S. Bureau of Labor Statistics data showed that the median salary for Information Security Analysts in 2022 in the U.S. was $112,000. The median salary of all U.S. Security Analyst participants in our survey was $110,000; the median of women participants was $105,000, while for men it was $115,000 ($10,000 more).

The pay disparities grow for U.S. participants of color. The average salary of men of color respondents was $143,610, while the average for women of color respondents was $135,630 – a difference of nearly $8,000. ISC2 does not have an adequate sample yet to compare the salaries of women and men outside of the U.S.

In addition to salary discrepancies, the data showed that women are also struggling to fully be themselves at work. More than one-third of respondents (36%) felt that they could not be authentic at work (compared to 29% of men), while 29% felt that they were discriminated against in the workplace (compared to 19% of men). These answers varied by race, ethnicity, and gender. Overall, women of Black or African descent in Canada, the U.K. and Ireland reported the highest levels, with 53% feeling discriminated against, while white and Black/African American (U.S.) men reported the lowest levels (14% each). The largest gaps existed between Hispanic and East or Southeast Asian men and women.

In terms of not being able to be authentic or “fully yourself,” men of Black or African descent in Canada, the U.K. and Ireland and South Asian women reported the highest levels (48%), while Black/African American (U.S.) and white men reported the lowest levels (26% and 27%, respectively). The largest gaps existed between Hispanic, Black/African American (U.S.), and South Asian men and women.

These are not trivial issues and may help explain the retention challenges surrounding women. McKinsey’s Women in the Workplace report found that women who experienced microaggressions in the workplace are much less likely “to feel psychologically safe, which makes it harder to take risks, propose new ideas, or raise concerns.” The report, now in its ninth year, noted, “The stress caused by these dynamics cuts deep. Women who experience microaggressions – and self-shield to deflect them – are three times more likely to think about quitting their jobs and four times more likely to almost always be burned out.”

Men and women also expressed significantly different feelings about the impact diversity, equity and inclusion (DEI) initiatives have on addressing these issues, as well as the effectiveness of their teams. Women participants felt more strongly than men that diversity and inclusivity impacted their security team performance, viewing security team diversity as important and a contributor to success at much higher rates than the men surveyed.

They also felt that DEI has been increasingly important for their security teams over the past five years and will continue to become more important over the next five.

Women participants tend to work at organizations that are doing more to attract diverse candidates with the goal of mitigating cybersecurity staffing shortages. Their organizations are looking for potential talent from within (employees outside cyber/IT), implementing job rotation and hiring those without cyber experience at significantly higher rates than the organizations that men who participated in the study work for. These initiatives appear to be working as women participants reported lower cybersecurity staffing shortages at their organizations than men (62% vs. 68%).

What Does This Mean for the Industry? Takeaways for Leaders

There are many “why” questions to ask about the data. From a numbers perspective, incrementally increasing the percentage of women in cybersecurity from only a quarter of the workforce can go a long way toward starting to fill the workforce gap.

The International Monetary Fund estimates that emerging and developing economies could boost gross domestic product by about 8% over the next few years by raising the rate of women’s labor force participation by 5.9% and that countries that close gender gaps see substantial returns. Our research revealed encouraging signs that more young women are entering the profession, progressing into managerial-level roles and impacting hiring decisions. 

That said, there are ways to help increase women’s participation and satisfaction in cybersecurity.

  • Address early education. A recent Gallup poll found that Generation Z interest among women in engineering, mathematics and computing is lagging behind men’s interest and that women are exposed to fewer STEM topics in school. Only 14% of our women respondents pursued cybersecurity in school, but exposing women to cybersecurity programs early on can help create a stronger pipeline of candidates.
  • Set specific hiring, recruitment and advancement metrics. Establish targets to help organizations grow and promote a workforce that closely reflects the diversity of the population.
  • Make pay equity a priority. Actively monitor pay equity for all roles within an organization and ensure that salary and benefits are aligned based on role requirements and experience. Adjust as needed.
  • Eliminate inequities around advancement. Support women in defining their goals and ensure they have equal access to development opportunities to reach leadership roles. Greater representation of women in senior positions inspires other women.
  • Focus on the “I” in DEI. Many organizations now understand what diversity and equity means. Inclusion will help address feelings of not belonging and feeling inauthentic and help on the retention front.

When companies commit to and implement them correctly, DEI programs can help address skills shortages.