Why are many women leaving the cybersecurity sector?

Many women over-represented in administrative and clerical roles in sector: report

BY Dexter Tilo 05 Dec 2024

A new study has unveiled the ongoing barriers that contribute to the underrepresentation of women in Australia's cybersecurity sector.

Women represent only 17% of the country's cybersecurity workforce, and they tend to leave the industry after four years, according to a 2023 study from RMIT and the Australian Women Security Network.

A follow-up report carried out this year found that gendered workplace segregation is among the reasons for the underrepresentation of women in the workplace.

"Unsurprisingly, the study found women are over-represented in administrative and clerical roles, which are lower paid compared to technical and managerial roles," said Professor Matt Warren, co-lead of the study, in a statement.

The nature of the cybersecurity industry also makes it difficult for women to achieve work-life balance, which could lead to them departing the industry.

"There is a 24/7 culture in cybersecurity. Job design and work commitments continue to make it difficult for women with domestic or child-rearing responsibilities to achieve work-life balance, which is both a barrier for entry and a reason women may leave the sector – although not the only one," said Warren, who is also Director of RMIT's Centre for Cybersecurity Research and Innovation.

Bullying, harassment in cybersecurity sector

According to the report, women also reported "commonly experiencing professional disrespect, bullying, harassment, and discrimination" in the workplace.

They also believe they were not equally paid compared to their male colleagues.

"Whilst there have been some advances, with the representation of women increasing in recent years, the pace of change was characterised as unsatisfactory overall, with true equality yet to be achieved," the report read.

The findings come as an earlier report warned that Australia is "woefully short" of cybersecurity talent.

"Our estimate of 10,000 technical cybersecurity pros is woefully short of what's needed to combat modern cybersecurity threats," said Ajay Unni, StickmanCyber CEO and founder, in a previous report.

Driving inclusion for women in cybersecurity

In order to improve inclusion for women in the cybersecurity sector, the report advised employers to:

Review and ensure organisational policies are gender neutral and target improving workplace culture and organisational practices
Review recruitment practices to reduce unconscious bias and create a fairer hiring environment – including anonymised resumes/CV screening and diverse hiring panels
Provide greater flexible work arrangements
Implement formal mentoring programs specifically for women and encourage women to pursue professional development opportunities, especially relevant to management or leadership

For the government and peak industry bodies, the report suggested implementing the following:

Gender inclusivity training
Programmes to promote women and girls' interest in the cybersecurity profession
Primary and secondary school level education programmes
Support for organisations to conduct internal gender pay gap audits
The collection and publication of gender equality indicators and retention statistics across the profession.

"While many companies have existing initiatives to reduce gender disparities in cybersecurity, we found these could be scaled and adopted by more organisations," said Associate Professor Lena Wang, co-lead of the study, in a statement.

"In particular, more work could be done around workplace culture and practices such as reducing gender pay gaps, improving gender-inclusive culture, and redesigning jobs away from a 24/7 setup. Recruitment enablers, such as increased disclosure of gender equity and gender-neutral language, would also help."