Why Aren’t More Women in Cybersecurity?

In the 1995 movie, The Net, Sandra Bullock portrayed a computer programmer who uses her skills to thwart a cyberterrorist attack. More than fifteen years later, in The Girl with the Dragon Tattoo, Rooney Mara depicted the computer hacker, Lisbeth Salander, with a fringe specialty in deciphering old data and information. Between those two poles and in the years following them, however, women have appeared in few noteworthy roles as coding specialists. In this sense, the fictional world of the movies reflects the real world of cybersecurity, in which women have little representation.

Research suggests that even with more than 200,000 cybersecurity jobs going unfilled, women comprise only 11 percent of the total cybersecurity workforce. This tracks a broader trend in the technology industries, in which 92 percent of software developers are men. In part, these numbers are explained (although not justified) by a very real gender bias in the coding industry. Other research shows that coding suggestions made by women are accepted more frequently than those made by men, but the acceptance rate drops significantly when the coder is revealed to be a woman.

Further, notwithstanding advances that women have made in other professional fields and society’s growing awareness of disparate treatment of women, female coders and hackers alike report that they are the objects of sexist assumptions and harassment in the cybersecurity and hacking industries. Anecdotal reports reveal that women attendees at security conferences are dismissed or ignored, or are the targets of gropes and grabs.

The answers to this imbalance are apparent. For starters, salary inequalities between men and women in the cybersecurity industries should be erased. A study conducted by the National Center for Women and Information Technology showed that 47 percent of all men in the information Technology industries reported earning more than $120,000 per year, but only 41 percent of women reported that salary threshold.

Further, as long as women continue to simultaneously fulfill personal roles with their families and professional roles in cybersecurity, employers should examine more flexible job options, including job sharing and alternative working hours. Eliminating scantily-clad booth models at trade shows will also go a long way toward increasing a sense within the cybersecurity industry that women should be accorded better treatment. Ongoing efforts to attract more women into science, technology, engineering, and math (STEM) majors at colleges and universities will also help to increase women’s profile in the industry.

Within the cybersecurity industry, cyber protection insurance came to the forefront after cyberdefense firms had already developed technology to protect networks from unauthorized incursions from hackers and cybercriminals. As a later entrant, cyberinsurance has been more welcoming and accepting of women, and top cyberinsurance have many women in leadership positions. As the cyber protection industry expands, opportunities for women in that industry will expand with it.

Cyberinsurance provides essential coverage for all sizes of businesses that are exposed to the modern world of cyberthreats. Hackers target businesses in an attempt to steal customer financial data, to shut down the business’s networks with ransomware until a bounty is paid, or to take control of critical systems to pursue ill-conceived “hacktivist” motivations. A business might incur tens of thousands of dollars in expenses to recover lost data and systems, and hundreds of thousands of dollars in liabilities to third parties whose personal information is compromised when a network is hacked. For a small or midsize business, cyberinsurance coverage can mean the difference between staying in business and being forced to close down when losses cannot be recovered and liabilities cannot be satisfied.

Cyberinsurance companies will continue to offer solid opportunities for women in the broader field of cybersecurity, and to give their clients the necessary assurances that the businesses will not be hampered by the growing risks of cyberattacks.