Diversity in cybersecurity: a crucial issue for the sustainability of the industry

Every 8 March, the place of women in society and in organisations is questioned. This International Women’s Rights Day questions clichés and the understanding of inequalities.

In the cybersecurity industry, the evidence is clear. Yes, there is a worldwide lack of women in the sector, even though cybersecurity is part of everyone’s daily life. I remind you that a cyberattack occurs every 39 seconds[1]. At the same time, the sector has only 24% women worldwide, and less than 11% are in management positions[2]. In France, the cybersecurity workforce is made up of barely 11% women, and only 2% of them are managers.

Yet women have been responsible for major advances in computing, such as Ada Lovelace (who created the first computer program in 1843), Mary Keller (who defended the first thesis in computer science), and Margaret Hamilton (a software pioneer whose program enabled humans to walk on the moon).

Statistics prove that gender diversity is important for success in general. The more different you are, the better you perform! The richness and creativity that comes from diversity actually means better solutions to users’ concerns. In terms of startups, those co-founded by women have a better return. For every dollar invested, funds recovered 0.78 cents for a women’s startup compared to 0.32 cents for a men’s startup[3]. However, access to funding (especially series > B) remains a key issue for women founders or co-founders of startups. Overall, investors continue to favour men’s teams, which represent more than 90% of the funds raised in 2020[4].

What can we do to ensure that in the future, there are more women in cybersecurity, including in leadership and founding positions? Well, it all depends on you, girls and ladies! Many women shy away from science and careers in cybersecurity for fear of lacking the right skills. This fear is unfounded. Asserting your legitimacy and daring to enter this sector of the future with its many challenges and opportunities is one of the keys.

Multi-stakeholder actions relating to education and training, carried out by governments, companies, universities, schools, and associations, are necessary. Activities such as awareness-raising and introduction to coding, from the earliest age to primary and secondary school, are priorities in the fight against stereotypes. The challenge is to change the outdated image of the “geek” and encourage vocations in this “cyber” sector where the unemployment rate is 0%.

In addition to raising awareness among pupils and teachers in schools, it is important that parents and families also take up the subject. They are the main influencers in terms of guidance. We need to repeat to girls that they can go into these professions. Today, only 33% of girls are encouraged by their parents to go into the digital professions, compared to 61% of boys… At the same time, 37% of female high school students are considering going to a computer science or engineering school, compared to 66% of boys^[5].

TEHTRIS, together with its partners, has understood that gender diversity is a guarantee of efficiency and that it only results from competence and merit. TEHTRIS currently has a 31% female workforce, and 75% of the Executive Committee is female. We have a Cyber Academy that enables us to train our workforce, regardless of their background. Often associated with technical attacks, the cybersecurity sector is in fact very vast and everyone can find their place in it. It brings together a variety of skills: technical development, design, legal, HR, sales, marketing, finance, purchasing, planning, analysis, etc. It is also meaningful because we can act by preventing ransomware from happening. In this way, we are working for cyber peace.

The cyber ecosystem—and in particular the associations of which TEHTRIS is a member—have clearly identified this urgent need for gender diversity and the need to promote the presence of women in these professions. The CEFCYS (Cybersecurity Women’s Circle) is doing remarkable work to raise awareness in secondary and higher education. Within the Cyber Excellence Cluster, the ‘Cadettes de la Cyber’ programme—of which I have the honour of being one of the sponsors—has just been created with the aim of supporting women in this sector. At the European level, Women4Cyber, launched by the European Cyber Security Organisation (ECSO), is working to make the sector more inclusive through national Chapters. The European Union is also at work with, for example, the WomenTech EU initiative aimed at supporting women entrepreneurs in deep tech. This list is far from exhaustive.

However, while all these initiatives are necessary to raise awareness among stakeholders, they are not sufficient. It is up to girls, women, and men to act, to dare to go into these fields of the future, and to accompany and support these talents.