#IWD2023: Retaining and Advancing Women in the Cyber Security Industry: Moving from Theory to Impact by Measuring Inclusion

Written by

Diversity, diversity, diversity

Getting women into the cyber industry has been spoken about at great lengths, yet organizations are still struggling with unfilled positions and a lack of diverse teams.

The (ISC)2 2022 Cybersecurity Workforce Study projected a global cybersecurity workforce gap of 3.4 million people, and this gap is growing at twice the pace of the global workforce. Of the organizations that completed the (ISC)2 survey, 57% cited that they invest in diversity, equity, and inclusion (DEI) initiatives as part of an effort to prevent or mitigate talent shortfalls. But, what do these initiatives look like and how effective are they at attracting and retaining talent?

The Aspen Institute found that new initiatives and conversations around DEI have fallen flat at companies over the last few years with diversity still lacking in the industry. For example, even though the representation of women in security has slowly increased to 24% overall, when you look at the breakdown of women within security teams they are proportionally underrepresented in nearly half of enterprises.

Jane Frankland, a leading author and subject matter expert on attracting, developing, and retaining women in cybersecurity notes: “Women are being left behind in the cybersecurity industry, and it's time for companies to take meaningful steps to bridge this gap. It's not enough to simply say they want more women - they need to invest and provide tangible incentives that will support the attraction, development and retention of women in cybersecurity.”

She adds, “This isn't just a "nice to have" - it's a critical business need that must be addressed! Companies looking to increase their efforts in supporting and advancing women in cybersecurity should take advantage of the valuable resources that are available.”

It is not a lack of DEI ideas, solutions and recommendations which is compounding the issue with diversity. It is that there is no formal structure or mechanism in place to incentivize organizations to adopt, improve, and measure their current cybersecurity workforce DEI efforts.

Finding the balance between doing nothing versus turning DEI initiatives into a numbers game is critical for understanding the impact increasing diversity can have on the talent pipeline and on an organization’s performance. The challenge then becomes moving from theory to application and from application to impact, which is an area that needs more research and case studies.

Embracing Equity and Inclusion

Women in Cybersecurity (WiCyS), in collaboration with the DEI firm Aleria, has launched a study to measure the state of inclusion of women in cybersecurity and develop a better approach to quantifying the impact of workplace diversity and inclusion initiatives. From studies looking at underrepresented groups in nursing and academia, a sense of belonging is an important variable to consider for recruitment and retention.

Laura Wellstead, President of WiCyS UK Affiliate and cyber workforce development expert says: “Inclusion impacts both top and bottom line. It’s what drives and supports diversity and then influences performance. When an employee feels excluded their productivity declines and team productivity declines, which impacts retention.”

This international women’s day theme is #EmbraceEquity which shines a light on the additional letters in the DEI acronym where Diversity ensures representation, Equity is the leveler and Inclusion contributes towards retention.

“Equality is the goal, and equity is the means to get there.” #IWD2023

As well as organizations making reasonable adjustments to ensure people have equal opportunities, people also have an inherent need to build a community and sense of belonging or inclusion. By defining a formal structure or benchmark to measure the state of inclusion in the work environment, the study by WiCyS and Aleria has the potential to provide more insight into how to measure the progress from application to impact.


WiCyS state of inclusion report: 

The "State of Inclusion of Women in CyberSecurity" report will be released on March 15. For more information visit https://www.wicys.org/initiatives/wicys-state-of-inclusion

Jane Frankland’s Women in Cyber Assessment Tool & Report:

Jane has created a baseline assessment and an in-depth report including seven core strengths an organization needs to successfully attract, develop and retain women in cyber security. To self-assess visit https://jane-frankland.com/attract-retain-women-in-cyber-assessment/

What’s hot on Infosecurity Magazine?