ISC2 Women in Cybersecurity 2024 Research Report

Click Here for the Full Report


Women’s Role in Filling the Workforce Gap

The number of women working in cybersecurity has remained consistent year-to-year. ISC2 has estimated that the percentage of women in the industry is likely in the range of 20% to 25%. While there isn’t one organization tracking this metric specifically, ISC2’s numbers are consistent with Cybersecurity Ventures' Women in Cybersecurity Report, which reported that women held 25% of cybersecurity jobs globally in 2022.

One positive trend is that ISC2 expects this percentage to shift higher as more young people enter the profession. The data showed a higher representation of women within the respondent pool, starting with the age range 39–44 (16%), and the percentage increased as the age decreases (26% in the under 30 age category). 

When respondents were asked how their security teams are staffed, and in particular, what percentage of their security teams are women, the overall global average suggests that 23% of teams are comprised of women. At the extremes, 11% of survey participants said they had no women on their security teams, while 4% said more than half of their security team are women. Interestingly, the average percentage of women team members, as reported by women participants, was significantly higher than by the men surveyed (30% vs. 22%, respectively), meaning women work at organizations with a higher percentage of women on their security teams. Also, significantly more men (21%) did not know in percentage terms the extent of women in their security teams compared to 13% of women participants who did not know.

Of the 11% of participants who said there were no women within their security teams, half worked in the U.S. They also worked in IT Services (19%), Financial Services (13%), and Government (11%), while nearly half worked at mid-size organizations with 100–999 employees. No single sector reported a significantly higher percentage of women within security teams. Security professionals working in Cloud Services, Automotive, and Construction reported the highest percentage (28%) of women within their security teams, while the Military and Utilities had the lowest (20%).

These numbers are still a significant minority, especially given the current need for cybersecurity talent. Increasing the representation of women across every industry is needed to help close the global workforce gap. Organizations should review their cybersecurity recruitment policies and practices to ensure that they get a more gender-balanced pool of candidates and that the women in their teams are also part of the recruitment process.

Women’s Paths into Cybersecurity and Their Roles Within Organizations

Women in our survey have been working in cybersecurity for slightly less time on average than men (nine years vs 11 years for men). However, the data show that their pathways into the profession and motivations for joining are slightly different from men’s common pathways.

When asked why they initially pursued cybersecurity as a profession, women participants had significantly higher rates of pursuing cybersecurity in school (14%) and having a family member or mentor working in the field who encouraged them to pursue it (14%). This was compared to 10% of men who pursued the field in school and 11% who were encouraged by others. Women participants also wanted to work in a continuously evolving field (21%) and one where they could help people and society (16%) at significantly higher rates than men who responded (18% and 14%, respectively).

Regarding formal and continuing education, women respondents hold advanced degrees (Master’s and Doctorate-level qualifications) at significantly higher rates than men. They hold cybersecurity certifications at similar rates and have plans to acquire more certifications at similar rates to men in the industry. When asked why they wanted to pursue a certification, both genders listed the same primary reasons: to improve skills, stay current and for career development. However, women participants indicated they pursued and planned to pursue certifications to get promoted, to apply for jobs or because their organization had a skills gap at much higher rates than men.

Another positive trend we noted is that within their organizations, women appear to hold executive titles at a similar rate to men. We saw higher rates of women holding managerial level roles and lower rates of being individual contributors when compared to men. This also translated to higher rates of women being involved with hiring decisions than men (33% of women to 24% of men). In terms of job titles, more than half (57%) of women participants hold formal security titles like Security Consultant, Security Analyst and Security Engineer, while 43% hold informal titles (e.g., IT Manager, IT Director, VP IT). Men who participated in the study hold formal security job titles at a higher rate (63%).

Does Gender Determine Whether or Not You'll Become a Malicious Insider?

According to IBM’s Cost of a Data Breach Report 2023, data breaches initiated by malicious insiders were the most costly. Meanwhile, Verizon’s 2023 Data Breach Report found that while the average external threat compromises about 200 million records, incidents involving an inside threat actor have resulted in the exposure of one billion records or more. Additional academic research affirms that gender bias impacts managers’ perceptions of who may be an insider threat in the workplace. This is an area that needs to be explored in more detail, but ISC2’s survey showed significant statistical differences between men and women regarding malicious activity. Over a third (35%) of women respondents reported being approached by malicious actors wanting them to act as a malicious insider, compared to just 21% of men who participated.

Malicious insider activity, by gender