International Women’s Day, celebrated on March 8th, is about much more than flowers and an electronic greeting card dropped into your inbox or news feed on social media platforms. It is about women’s rights to economic and political equality, on a day originally organised by socialist parties in the United States and throughout Europe in the early 20th century and dedicated to the cause of working women. A century later, women still face great obstacles to equality in the labour market, and cybersecurity as a sector is no exception.
Companies have a role to play in encouraging women to enter cybersecurity professions by providing a framework for equal opportunities to develop and rise to management positions. This can come in many forms. For example, by providing flexible hours, as suggested by the European Institute for Gender Equality.
This is an acknowledgment that, today, the most qualified women often tend to follow male schedules and have a continuous working career, but male and female career paths differ. Women must reconcile their family and professional lives more often, and adapt their career strategies with part-time work or a choice in favour of activities with more flexible hours.
The next and concrete step to support gender equality is to provide day-care with extended hours and including for those working from home. Intel, Dell Technologies, and Microsoft —to only name a few— are offering various childcare assistance programs to their employees working from home and on-site.
Companies also need to rethink the way they define themselves. The common preconception of the cybersecurity industry is that most people working there are men —often white— with technical backgrounds. This is not to criticise white men with technical backgrounds, but it shows that cybersecurity is perceived as a technical and rather non-inclusive field.
Diversity matters, and not only in terms of gender, ethnicity, sexuality, or disability. It is also a matter of various backgrounds, intellects, and talents, as people with varied life experiences will bring more creative and diverse ways of thinking.
The sector needs diversity, not only for representation and fairness, but also for creativity and innovation. For example, by focusing on the technical aspects of cybersecurity, a big gap remains, since human error leads to over 90 per cent of cybervulnerabilities. Cybersecurity needs to rely on Social Science to understand user behaviour.
According to Nadja El Fertasi, CEO and Founder of Thrive with EQ, ‘Cybercriminals leverage social engineering attacks to manipulate people’s most vulnerable assets—emotions. If we flip this around and transform vulnerable assets into resilient emotional firewalls, the surface attack of cybercriminals will decrease. Hacking a distracted human mind is far easier than hacking a focused human mind with their emotions in check. Mitigating cybercrime goes far beyond technical firewalls, as humanity faces an unprecedented challenge of global recession, depression, and fatigue. By omitting the human factor, we are handing cybercriminals the safety and security of working in the online world on a golden plate.’
Policymakers have a role to play in providing a framework for diversity and inclusion in the cybersecurity sector. The European Cyber Security Organisation’s (ECSO) Women4Cyber foundation aims to promote, encourage, and support the participation of women in the field of cybersecurity.
In that sense, DG CNECT and Women4Cyber have a registry of European women in cybersecurity. The Women4Cyber Registry was created to identify and build the community of professional women in the field of cybersecurity. It brings together women with different profiles and is intended to become a reference point for expert groups, event organisers, media, collaboration, and, potentially, business opportunities. The aim of the registry is to encourage professional women from all backgrounds to come forward, become more active in the field, increase their own visibility, and promote Women4Cyber initiatives.
The field of cybersecurity suffers from a lack of female representation—women make up only 7 per cent of the workforce in Europe, according to the (ICS)² ‘Women in Cybersecurity’ study, and earn less than men. How can organisations start to fill this gap? One way is to encourage more women from various backgrounds to enter cybersecurity through initiatives such as Women4Cyber; another is to give them equal pay, equal speaking opportunities, and equal opportunities to move into leadership positions.
The author, Kayle Giroud, is the Partnership Associate Director at the Global Cyber Alliance. You can follow her on Twitter and connect with her on LinkedIn.
Article written with support from Nadja El Fertasi, CEO and Founder of Thrive with EQ. You can connect with her on LinkedIn.