09 June 2022
We have passed the two year anniversary of Covid-related lockdowns in the UK and businesses have continued operating through a hybrid working environment. Many companies are going back to a full in-the-office mode, while Apple for example announced that employees will return to the office three days a week from April. Cybersecurity issues remain a key focus for all businesses, with increased emphasis for those businesses that will operate partially remotely. Before the pandemic, most workers were on a corporate network, with limited access from a home or public network; during the pandemic, almost all users were on a home network. Now, businesses will have to deal with an almost even split of network access: home, public and corporate. However, when we look at the cybersecurity industry as a whole, the ongoing talent shortage continues to threaten efficient protection for businesses. In fact, according to recent research, cybersecurity reported its highest skills shortage on record in 2021, not to mention that there was a reported shortfall of 10,000 people a year in the UK’s cybersecurity talent pool alone.
One way to address this shortfall is by correcting the evident gender disparity issues that continue to beset the industry. Recent findings showed that only 25% of jobs in cybersecurity were held by women. While there has been some progress made in addressing the disparity, such as initiatives like GCHQ’s CyberFirst Girls Competition that aim to address the issue, fully correcting gender disparity in cybersecurity needs to be a priority for the industry this year.
There’s a common perception that cybersecurity roles involve sitting in a darkened room as a lone ranger, working to stop the “bad guys”. This may not appeal to those who are looking for a career that is more people-oriented and involves creativity, problem solving and being part of a team. Ultimately, in many cases, the gender disparity issues boil down to the industry as a whole not doing a good enough job at explaining how attractive and broad it is for potential employees, especially both early and mid-tenure individuals.
The industry must remedy this. We need to talk about cybersecurity in terms beyond the default “ransomware” and “attacker” elements. Cybersecurity roles involve a range of interesting responsibilities, including; technology architecture and product development, monitoring people’s behaviour/usability, risk management and business impact as well as situation management. Cybersecurity day-to-day behaviour includes brainstorming, problem solving, collaborating, and being part of a team. Successful cybersecurity teams will therefore need to have a broad and diverse set of team members, made up of individuals who bring diverse ideas and experiences. To attract the new talent needed to be successful, we need to address the lack of women taking on roles: we need to change the public’s siloed perception of a security professional.
A lack of representation can also have a knock-on impact on the products that eventually come to market. If there is no diversity in the product life cycle then organisations can fall into the trap of building products that don’t meet what the market needs. Similarly, without diversity of voices in the sector, the industry could be building responses and solutions that are not up to standard in protecting all businesses and consumers. It’s evident that technology will continue to encroach into our daily lives, and the industry must ensure that it is designing, and resolving, security problems that reflect how the general population thinks, works and lives. As highlighted by the World Economic Forum, a lack of diversity blinds us to the ways that cybersecurity attacks can impact businesses, as well as robbing the industry of engagement and talent from key demographics of the world’s population.
If the industry lacks in different perspectives, it will become more difficult to look ahead for future threats. We must make a conscious effort to appeal more broadly to women. This is especially pertinent now, as according to the Allianz Risk Barometer, cybersecurity is becoming one of the greatest challenges of the modern digital era, with cyberattacks in the top 10 biggest risks for businesses globally. Additionally, as UK workers and businesses continue to embrace a hybrid form of working, the possibility of inefficient cybersecurity solutions is a worrying one, as 72% of businesses reported to be fighting to keep up with increased security threats that hybrid working models create.
To truly overcome the issue of gender disparity in cybersecurity and attract the diverse range of talent we need, we must commit to evolving how we are perceived. Cybersecurity professionals need to be visible, be career models, mentors and coaches, so that we can inspire others to join us. Ultimately, cybersecurity needs to promote the variety of roles and responsibilities that are available to anyone considering a career in the industry.