Women form just 7% of European cybersecurity workforce, while the region shows highest gender pay gap in the world, study finds

•  Study of over 19,000 cybersecurity professionals finds dramatic shortage of female workers amidst European cybersecurity skills gap
•  Proportion of female cybersecurity workers in Europe among lowest in the world; while gender pay gap is the highest as female cyber professionals earn approximately 15% less than men
•  Recommendations include creation of inclusive work places, increasing job satisfaction and ending pay inequity

      London, 15^th March 2017 – The largest-ever survey of over 19,000 cybersecurity professionals, commissioned by (ISC)²’s charitable arm, the Center for Cyber Safety and Education™ (the Center), has revealed a chronic shortage of women working in cybersecurity amid a widening skills gap, with women forming just 7% of the European cybersecurity workforce, amongst the lowest proportion anywhere in the world. The report calls for corporations to create more inclusive workplaces and to end gender pay inequity with the cybersecurity skills gap projecting a global shortfall of 1.8 million workers by 2022.

Part of the eighth Global Information Security Workforce Study (GISWS), the Women in Cybersecurity report surveyed 3,694 cybersecurity professionals in Europe, with 1,043 from the United Kingdom (UK). In the UK, the proportion of women stands at just 8%, significantly less than the proportion of women working in all STEM industries across the UK. The revelations follow the recent pledge to introduce cybersecurity into UK schools to help plug a skills gap that the Government says is a “national vulnerability that must be resolved”. 

The study revealed that the cybersecurity work force in Europe has a higher gender pay gap for cybersecurity than other regions, which sees men earning 14.7% more than women (approx. £9,100). This discrepancy is mirrored in the UK, which sees men earning an average of 15.5% (approx. £11,000) more than women, in spite of efforts from the Women and Equalities Committee calling on the Government to address the national gender pay gap.

This pay gap exists despite a greater proportion of women respondents holding managerial positions, with 51% of women in Europe holding managerial positions compared to 47% of men. This is also the case in the UK; with 64% of women in these roles compared to 57% of men in contrast to the national average where fewer women than men progress to senior positions. Women are also more educated, with 63% of European women in cybersecurity holding postgraduate degrees compared to 52% of men. In the UK, this figure stands at 50% of women compared to 37% of men.

The findings also suggest that women could be inadvertently ‘screened out’ by employers’ hiring criteria, following last month’s GISWS study on Millennials which revealed that 43% of companies in Europe and 35% of those in the UK, say they prioritise candidates with a cybersecurity or related degree. However, 76% of female professionals in the UK have never studied a computing degree, while UCAS indicates13,000 fewer women than men study computer science in Britain.

Adding to this, 93% of European and UK employers prioritise job candidates with ‘previous experience’, yet women predominate among the most inexperienced candidates. Twenty-three percent of European women are under 35 compared to 17% of men, and in the UK, nearly twice as many female professionals are under 35 as men.

Key Findings:

Gender pay gap

The research has found that women in the European and UK cybersecurity industry are subject to the worst gender pay gap of any region in the world. European male cybersecurity professionals earn 14.7% more than women (approx. £9,100), while in the UK men earn 15.5% more (approx. £11,000) than women. While the survey indicated that a higher proportion of women work part time than men, 11% of women and 4% of men work under 35 hours in Europe, female professionals in Europe and the UK work on average only around 2 hours less than men per week.

The education divide

The findings highlight the fact that European and UK employers tend to prioritise people with technical experience and qualifications, inadvertently favouring men and filtering out women because they are less likely to study STEM subjects. Forty-five percent of organisations in Europe and 35% the UK state that they look for a technical degree while just 27% of female professionals in the UK have studied computer science degrees, compared with 41% of men. The figure in Europe stands at 44% of women compared to 51% of men.

Women out-climbing men on the career ladder

Despite the low proportion of women in the workforce, there are signs that those in the industry are outpacing men in progressing up the career ladder. 51% percent of women are in managerial positions, compared to 47% of men in Europe, and this majority is mirrored in the UK with 64% and 57% respectively.

There are also signs that a greater percentage of those now entering the industry are women. Across Europe, 23% of the female workforce is under the age of 35 compared to just 17% of men, indicating a younger workforce; in the UK, female cybersecurity professionals outnumber male professionals by 2-to-1 in the under-35 age group (21% female vs 11% men).

Industry reaction:

Holly Rostill, Ethical Hacker at PwC:

“At school I had no context about what my interest in maths and science could lead to and ended up working in cyber security by chance. We can’t take this risk with future generations and need to show more young people the range of exciting jobs in technology and how they can apply their skills and education in a real-life environment. Recent research from PwC shows that young girls are being put off tech careers as they don’t know what they involve and they don’t think they’re creative enough. There is a huge education gap that we as an industry can help to fill by providing young people with access to as many role models working in cyber security as possible.”

Adrian Davis, European MD at (ISC)²:

“These results highlight that the infosec profession is missing out on the talents and skills of 50% of the (working) population: women. The issues of the pay gap, overt discrimination and focus on ‘techie’ skills and qualifications make our profession highly unattractive to women. Yet, if we are to succeed and thrive as a profession in an age where our skills and knowledge are in high demand, we must address these issues urgently and constructively: doing so will future-proof our profession and enhance our skills and reputation.”

Lucy Chaplin, Manager at KPMG's Financial Services Technology Risk Consulting:

“As the findings show, female cyber security professionals come from a far more diverse educational background than men and are less likely to have previous experience. By prioritising computing degrees and industry experience in their hiring checklists, employers are erecting a barrier to female recruits. We have managed to buck the industry trend and achieve near 50-50 gender parity among new graduate hires to our cyber security division by recruiting just as many people with non-STEM degrees. Employers have to start recruiting outside STEM subjects, which women are less likely to study, if they want to bring more women into the profession.”

Carmina Lees, Vice President, Security UK & Ireland at IBM:

“The results of (ISC)²’s research illustrate in a clear and quantitative way the workforce situation we encounter every day. Highlighting the huge gender disparity in roles at all levels in the Information Security industry, especially as we move towards the C-level and managerial positions is crucial. This information is necessary to form a constructive strategy for change, ensuring we work together towards an equitable and fair mix of genders in the industry that includes pay levels that reflect position and responsibility. Exploring the regional differences shown in this report, it is heartening to see there are many places where inequality is being successfully addressed.  I look forward to examining these figures more closely and seeing what lessons can be learned.”

About the Center for Cyber Safety and Education’s Global Information Workforce Study

The Women in Cybersecurity report is the second release of data from the 2017 Global Information Security Workforce Study. The first data set, released in February 2017, was the Millennials – the Next Generation of Information Security Workers. This is a new format for the bi-annual study, and The Center will release several additional reports throughout the year with new, previously unpublished information and insights about the global information security workforce.  

The Center for Cyber Safety and Education and the Executive Women’s Forum on Information Security, Risk Management & Privacy have joined forces with several industry leaders to raise awareness of the need for women in cybersecurity. Additional sponsors of the report include: PricewaterhouseCoopers LLC, IBM, Alta Associates, (ISC)² and Veracode. Booz Allen Hamilton sponsored the Global Information Security Workforce Study (GISWS), which provided the data for the report.

About the Center for Cyber Safety and Education^TM 

The Center for Cyber Safety and Education (The Center), formerly the (ISC)² Foundation, is a nonprofit charitable trust committed to making the cyber world a safer place for everyone. The Center works to ensure that people across the globe have a positive and safe experience online through their educational programs, scholarships and research. Visit www.iamcybersafe.org.

About (ISC)²^®

(ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP^®) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 120,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the public through our charitable foundation – The Center for Cyber Safety and Education. Visit www.isc2.org. 

 © 2017 (ISC)², Inc., (ISC)², CAP, CCFP, CCSP, CISSP, CSSLP, HCISPP, SSCP and CBK are registered marks of (ISC)², Inc.  

PR contact:

AprilSix Proof 
  Amita Hanspal 
+44 (0)20 3141 2984 
Isc2@aprilsixproof.com