March is Women’s History Month, and throughout the month, ISC2 will be publishing a series of #WomenInCyber articles based on ISC2 research findings from women working in the cybersecurity profession. The results highlight women’s attitudes and perspectives in cybersecurity roles and how their job satisfaction has been impacted by a variety of factors, including budget pressures and workforce reduction.
The shortage of skills and qualified personnel has long been reported as a top risk to the cybersecurity profession. Until recently, protecting the investment in these teams has, in part, sheltered cybersecurity teams from the full extent of reductions during economically challenging times. However, the most recent ISC2 Cybersecurity Workforce Study revealed that even cybersecurity teams are now being impacted by workforce reductions like other parts of the business. This is affecting the ability to hire and retain all cybersecurity professionals, as well as affecting their happiness and career outlook.
We will be examining the responses from women who participated in the recent ISC2 Workforce Study throughout March as part of our month-long look at women working in cybersecurity roles. Our goal is to understand the views, experiences, challenges and concerns of women working in an industry that remains mostly male.
Where are Women Working in Cybersecurity?
According to all respondents to the study, women account for 22% of security teams on average. This finding is supported by a variety of industry studies, including data from LinkedIn that was gathered at the same time as the ISC2 study, suggesting that across 14 countries surveyed, the percentage of women working in cybersecurity ranges from a high of 26.7% in Italy to a low of 14.6% in Germany. The U.S. stands at 18.3%, Canada at 21.2% and the U.K. at 17.9%, according to the LinkedIn data. This is comparable to the ISC2 findings, with women accounting for 19.2% in the U.S. and 21.6% in Canada. Meanwhile, the Global Cybersecurity Forum’s 2024 Cybersecurity Workforce Report noted that women account for only 24% of the workforce, also a similar finding to the ISC2 data.
This remains illustrative of the scale of the rebalancing needed to deliver gender parity across cybersecurity teams. The challenge is complicated further by 16% of respondents noting that their security teams contain no women at all, while only 5% claim to have parity.
In addition to this, 21% of respondents suggested up to 10% of their cybersecurity teams are women, with a further 19% stating 11-20% - closer to our overall average of 22%.
Looking by organization size, the percentage of women in cybersecurity teams does increase commensurate with the larger size of the organization, but the overall uplift is modest. We see just a 3% variance across smaller organizations (1-499 employees) at 20%, mid-size organizations (500-5,000) at 22% and large organizations (5,000+) at 23%.
Security professionals working in cloud services and construction reported the highest percentage (27% each) of women on their security teams, closely followed by real estate (26%), security software/hardware development and retail (both 25%). Military had the lowest (18%), just behind legal (19%), while education, healthcare, financial services, nonprofits and manufacturing all came in just above legal (20%).
As for the cybersecurity roles that women hold, 55% of women respondents are in managerial or higher positions in their organizations (including 7% in C-Suite roles such as CTO, CISO, and CIO). Furthermore, 53% are also hiring decision-makers. Overall, they have an average of 13 years working in IT roles and nine years working in cybersecurity roles.
In addition to the high percentage holding senior and decision-making roles, women working in cybersecurity come into the profession with a strong educational base. Over a third (38%) hold a bachelor’s degree, many in STEM fields (51% in CIS or cybersecurity, 12% in engineering). Almost half (48%) hold a master’s degree or equivalent (58% in CIS or cybersecurity, 10% in engineering) and 9% hold a doctorate or post-doctorate.
Layoffs and Freezes Impacting Women’s Workplace Happiness and Job Satisfaction
Despite the gender disparity in the cybersecurity sector, women working in cybersecurity roles exhibit a high degree of workplace happiness and job satisfaction, and have consistently retained a higher degree of job satisfaction compared to men over the past three years. Within a focused set of parameters to measure the impact of workplace factors on women cybersecurity professionals, respondents reported that job satisfaction declined amongst women and men working in cybersecurity for the last two years. The study findings revealed that 67% of women respondents were satisfied in their cybersecurity role, compared to 66% of men who participated in the study. These satisfaction figures have declined from highs of 82% for women and 73% for men in 2022, arguably impacted by the economic and workload pressures the sector has faced in the past two years.
Alongside the positive but declining job satisfaction levels, 32% of women respondents overall noted that their organizations experienced security layoffs over the last year. This was higher than men who responded, where 23% noted the same. The occurrence of direct (within the cybersecurity team) and indirect (elsewhere in the organization) layoffs had a direct impact on job satisfaction. Among women participants who experienced layoffs within the cybersecurity team itself, job security fell to 64%. That figure was slightly higher (66%) where wider layoffs in the organization had occurred, while satisfaction rose to 71% amongst women who said they had experienced no layoffs at all in the last year. In comparison, male participant job satisfaction was lower across the board (59% for cybersecurity layoffs, 64% for broader organization layoffs and 70% for no layoffs).
The cybersecurity cutbacks experienced related to a number of issues, but in addition to layoffs, 40% of women respondents experienced cybersecurity budget cuts (compared to 36% of men), 42% experienced hiring freezes (compared to 37% of men) and 36% of women responded that they had experienced cybersecurity team freezes on promotions and pay rises, compared to 31% of men who participated in the study.
Global economic issues have been impacting cybersecurity professionals during the past year. The data shows that the organizations where female participants work have experienced cybersecurity cutbacks at higher rates than male participants. Even though there is a direct impact on job satisfaction from each of these cuts, women have remained broadly more positive about their workplace and personal job situation.
Flexibility in the Workplace
The decline in job satisfaction over the last two years has also been impacted by changes in working practices. In particular, the scaling back of remote and hybrid working at many organizations has translated into differences in workplace contentment. The winding back of remote and flexible working that has happened in the years after the COVID-19 pandemic is occurring despite the positive impact that more flexible working is shown to have on a workforce, especially those who may have additional needs to accommodate such as childcare.
The study found that while only 20% of women respondents were fully remote workers, they had the highest job satisfaction of any respondents based on work location (73%), compared with 70% of men who stated they were fully remote workers.
The latest Future of Work Hub report looking at workforce priorities supports the view that remote and flexible working fosters greater job satisfaction. It reported that 49% of respondents noted that reductions and changes to flexible working policies resulted in a high or significant impact of workforce conflict. Meanwhile, a July 2022 study of over 13,000 global workers by consulting firm McKinsey found that 40% considered workplace flexibility to be a top motivator in whether they stayed in a role, only fractionally behind salary (41%). Over a quarter (26%) said a lack of workplace flexibility was a major factor in why they quit their last role.
Over half (56%) of all ISC2 study participants are in roles with flexible or hybrid work situations. Meanwhile, 23% of women respondents are required to work in-office full-time (vs. 22% men) and 20% work fully remote (vs. 21% men). However, women respondents who are required to work in-office full-time were more satisfied (68%) than their male counterparts (62%). Men and women required to work in-office a set number of days a week were equally satisfied (63%), as were flexible workers who were broadly the same (68% women, 69% men).
Celebrating Women in Cybersecurity
At ISC2, we are celebrating women in cybersecurity during the month of March and publishing a series of articles that encourage the cybersecurity industry to strive for equality and greater inclusivity for all. We will be sharing more research insights along with the accomplishments, career stories and experiences of women members working in cybersecurity roles.
Cybersecurity professionals can hear from leaders around the world during a webinar, From the Inside Out: Increasing Representation and Inclusion of Women in Cybersecurity, on March 13 at 1:00 p.m. ET featuring panelists who will talk about unique partnerships and grassroots programming to increase women’s inclusion in cybersecurity. They will also discuss why increasing representation matters and how individuals and organizations can play a role in making change. ISC2 members receive one CPE credit for attending.
Methodology
The 2024 ISC2 Cybersecurity Workforce Study is based on online survey data collected in collaboration with Forrester Research, Inc., in May 2024 from 15,852 individuals responsible for cybersecurity at workplaces throughout Africa, Asia-Pacific, Europe, Latin America, the Middle East and North America. 14% of these respondents were women. Respondents in non-English-speaking countries completed a locally translated version of the survey.
Related Insights