Light Dark
September 5, 2024 By Jennifer Gregory 3 min read
Intelligence & Analytics

The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.

The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.

Pay gap between men and women

One of the most concerning disparities revealed by the study is a persistent pay gap. The study found that U.S. male cybersecurity professionals are paid higher on average than females of the same level. The results show an average salary of $148,035 for men and $141,066 for women. A pay gap also exists globally, with the average global salary for women being $109,609 and for men $115,003.

ISC2 also found a gender pay disparity among people of color in the U.S. The study found that men of color earned an average of $143,610, and women of color earned $135,630. However, the study wasn’t able to compare salaries for people of color on a global basis.

Lack of women in cybersecurity

The study also showed a gap between the number of men and the number of women who work in cybersecurity. Based on the results, ISC2 found that only 20% to 25% of people working in the cybersecurity field are women. Because the percentage of women under 30 years of age in cybersecurity was 26% compared to 16% among women between 39 and 44, the report created optimism that more younger women are choosing cybersecurity as a career.

Interestingly, teams with women on them seemed to have a higher proportion of women than of men, illustrating that women likely seek out teams and companies that have other women working in cybersecurity. Women reported a higher number of women team members (30%) compared to men (22%).

However, 11% of security teams were found to have no women at all, with only 4% saying that it was an equal split between men and women. The industries with the highest number of no-women security teams included IT services (19%), financial services (13%) and government (11%). Mid-sized organizations with 100 to 999 employees were most likely to have security teams with no women.

However, the report also found several areas of concern regarding women’s experiences working in the cybersecurity field:

  • 29% of women in cybersecurity reported discrimination at work, with 19% of men reporting discrimination
  • 36% of women felt they could not be authentic at work, with 29% of men reporting this sentiment
  • 78% of women felt it was essential for their security team to succeed, compared to 68% of men
  • 66% of women feel that diversity within the security team contributed to the security team’s success, compared to 51% of men

Using hiring initiatives to increase women on security teams

The gaps in cybersecurity — both pay and gender — won’t be resolved without a focused effort by industry and companies. Many companies are seeing results by adopting specific DEI hiring initiatives, such as skills-based hiring, and using job descriptions that refer to DEI programs/goals.

The ISC2 report found that businesses using skills-based hiring have an average of 25.5% women in their workforces compared with 22.2% for businesses using other methods. By including DEI program goals in job descriptions, companies can also increase the number of women on their security teams, with 26.6% for those using these types of job descriptions vs. 22.3% for women at those that do not.

Lack of perspectives hurts cybersecurity teams

Without women on cybersecurity teams, security teams lack the wide range of experience and perspectives needed to reduce security risks. Organizations can improve their security by focusing on increasing the number of women on their team, which also means eliminating the pay gap.

“Broader than cybersecurity, there’s a body of research that says the more perspectives you bring to the table, the better off you will be at problem-solving,” Clar Rosso, CEO of ISC2, told Dark Reading. “In cybersecurity, which is a very complex, growing threat landscape, the more perspectives that we bring to the table to solve problems, the more likely we will be able to impact our cyber defense.”

 |  |  | 
Jennifer Gregory
Cybersecurity Writer

More from Intelligence & Analytics
August 21, 2024

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

February 21, 2024

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

December 19, 2023

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature