Study finds unconscious bias and ‘micro-aggressions’ are holding female security industry workers back

More than half of women in infosec are treated unequally to male colleagues due to blatant sexism in the workplace

Women in information security face ongoing sexism and discrimination, and more than half believe it will be 10 years or more before they are treated equally to their male colleagues.

This is according to new research about the issues women face in the infosec industry, released ahead of International Women’s Day 2021 (March 8).

The Chartered Institute of Information Security (CIISec) found that 57% of female cybersecurity professionals felt they were not treated the same as their male colleagues. A further one in five respondents believe that true equality may never happen.

The study found that half of women in the sector have “experienced or observed” blatant sexism, whilst 46% said they were paid less than their male colleagues.

Half of the women polled have held positions where they were the only female in their organization, and 48% said that they felt they worked in an unwelcoming “boys’ club”.

A further 42% felt they had been denied promotion due to their gender.

Nina Paine, global head of cyber stakeholder and government engagement at Standard Chartered, and Amanda Finch, CEO of CIISecCall for change: Nina Paine (left), head of cyber stakeholder and government engagement at Standard Chartered, and Amanda Finch, CEO of CIISec

Held back

The women polled in the study highlighted a perceived lack of role models, insufficient training and progression, and poor work-life balance as key issues that are holding women back in the cybersecurity workspace.

According to Amanda Finch, CEO of CIISec, the industry needs to work harder to eliminate discrimination.

“If 47% of women have seen blatant sexism, that is not a great advert for people coming in,” Finch told The Daily Swig.

“Women are saying they lack confidence. [And] there is still the perception that the industry is a boys’ club.”

READ Infosec pro Vandana Verma on improving diversity and helping to grow the Indian security community

Finch argues that attitudes towards women working in the cybersecurity industry – one that is dominated by men – also need to change.

“We need to look at areas like unconscious bias and micro-discrimination,” she said.

She added that more senior security industry professionals might themselves not receive the training and support to make them effective managers who can counter discrimination.

Necessary steps

Finch argued that initiatives to encourage more girls and young women to consider careers in cybersecurity are delivering results.

But she warns that the industry needs to do more. This could include more diverse recruitment, as well as better career paths, support, and training for those already working in the sector.

“Doing this will help make a real difference in encouraging women into the industry,” she said.

“The fact that the industry continues to face a skill shortage makes it alarming that the industry is struggling to attract and retain diverse talent,” said Nina Paine, global head of cyber stakeholder and government engagement at Standard Chartered, a financial services firm.

“It is clear that there is still work to be done by leaders to make inclusion and diversity a natural given within organizational cultures – and this means embracing individuals from a variety of backgrounds.”

YOU MAY ALSO LIKE ‘In security, every problem is different’ – Offensive Security’s Ning Wang on training the next generation of infosec pros