Cybersecurity professionals are more in demand than ever before, but a new report finds the number of women in the field hasn’t grown.
Women represent just 10 percent of the cybersecurity workforce, according to a report released today by (ISC)², a nonprofit specializing in information technology and Booz Allen Hamilton. This figure has remained unchanged for two years.
Despite the disappointingly stagnant numbers, the report finds that great potential for women in the industry exists. Women make up 20 percent of all information security workers in governance, risk and compliance roles, an area of the industry that has been increasing heavily since 9/11. The survey additionally found that women are perceived to be stronger at balancing business objectives and risk management, a skill increasingly valued in the sector.
From Target to Sony, high-profile hacks have brought the topic of cybersecurity to the main stage. But as threats from foreign governments to hackers at home increase, the number of people training for roles isn’t keeping up with the demand. Additionally the increasing prevalence Internet of Things introduces new security risks, as the FBI recently warned.
“The information security field is expected to see a deficit of 1.5 million professionals by 2020 if we don’t take proactive measures to close the gap,” said (ISC)² CEO David Shearer in a news release. “Knowing this, it is rather frustrating to realize that we do not have more women working in the industry.”
Women differ from men surveyed in how they think the industry should confront that shortage. So far the industry has primarily resorted to “buying” InfoSec talent, trying to attract talented cybersecurity professionals with increased salaries. But the women surveyed by Frost & Sullivan said this practice is insufficient. They called for a mix of other incentives, such as more flexible work schedules and varied training options. The proposal seems reasonable as top tech companies are testing such practices, such as more lenient parental leave, to attract and retain the best engineers.
The report contends that more can be done to alert girls to career paths in information security early, primarily through education and internship programs.