SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
IWD 2023: Connecting the Dots - True Crime and Women in Cyber
Wed, 8th Mar 2023
FYI, this story is more than a year old

As women, many of us seem to be drawn to the 'true crime' genre of media - books, podcasts, documentaries, films, and more. According to a University of Illinois study, 70% of reviews of true crime books on Amazon are by women. Similarly, Michael Boudet, host of popular true-crime podcast Sword and Scale, notes that 70% of his fans are women between the ages of 25-45. It appears that a large proportion of women take more than a passing interest in mysterious and unsolved crimes and, more importantly, in the who, why, and how of these crimes - the same questions that cybersecurity professionals try to answer in their efforts against cybercrime.

Both true crime enthusiasts and cybersecurity professionals often engage in activities that require analysing complex information, identifying patterns, and solving puzzles. Women who are passionate about true crime may find the challenge and intrigue of cybersecurity appealing and may excel in roles that require attention to detail and creative problem-solving. This got me thinking recently - could this hint at an untapped pool of potential practitioners who combat cybercrime?

Women in Cyber: The Current State of Play

The latest statistics on women's participation in the field of cybersecurity paints a concerning picture. A report by CyberSecurity Ventures reveals that women held only 25% of cybersecurity positions globally in 2022. The discrepancy is even more acute in APAC, where women represent less than 10% of the cybersecurity workforce - a gap that continues to contribute to a dearth of valuable gendered perspectives that inform cybersecurity. The question arises: why is there such a significant lack of female representation in the cybersecurity industry? 

There has been a surge in the popularity of college majors such as Computer Science, and positive steps to encourage female enrolment through initiatives such as Girls Who Code have helped encourage more women to enter the cyber industry. However, differences in gender representation in STEM fields remain very pronounced - with women making up only 16% of bachelor's degree recipients in computer and information sciences, 21% of bachelor's degree recipients in engineering and engineering technology, and 38% of bachelor's degree recipients in physical sciences. 

This underrepresentation could be attributed to the absence of female role models in STEM or even the widespread perception that fields such as cybersecurity are male-dominated, discouraging female graduates from pursuing careers in this area.

Further, the cybersecurity and tech industries are not exempt from The Motherhood Penalty. Many employers still have the belief that women will be less committed to their work after taking maternity leave and hesitate to promote them to higher positions as a result. Furthermore, the responsibilities of childrearing often have a proportionally larger impact on mothers than on fathers, which can further impact their careers. With their fair share of motherhood and work responsibilities to handle, many women often hesitate to join companies that do not have adequate flexible work arrangements in place for their employees. According to a CNBC article, this lack of flexibility is causing businesses and companies to miss out on 70% of job-seekers, including those seeking jobs in the tech industry. 

Women have the potential to thrive and contribute to the cybersecurity industry. In such a male-dominated industry, they bring diverse perspectives and problem-solving skills to the table. This is crucial in a field that requires both creativity and innovation to stay ahead of ever-evolving cyber threats. Recent research shows that diversity enables greater innovation in the workplace - according to the World Economic Forum, companies with above-average diversity scores drive 45% of average revenue from innovation, while companies with below-average diversity scores drive only 26%. As such, cultivating a diverse workplace increases the potential to drive greater innovation in cybersecurity, enabling companies to handle cyber threats with greater efficiency to "out-innovate" cyber attackers.

Most importantly, we need more women in cybersecurity to serve as role models for future generations of girls and women in tech. The assumption that cybersecurity - and tech in general - is a male-dominated field needs to be challenged in order to give women a chance to grow and develop in this interesting and ever-changing industry.  

Driving Systemic, Industry-Wide Change

Equally troubling is the possibility that the awareness of the challenges encountered by women in the cybersecurity industry may itself have a discouraging effect, deterring some women from pursuing careers in this field. Unfortunately, this likely contributes to a negative feedback loop and vicious cycle that perpetuates the underrepresentation of women not only in cybersecurity but also in the broader tech industry. To solve this problem, we need to create incentives that make it easier for women to join this exciting field and eliminate the barriers that are stopping them. Organisations such as FS-ISAC offer scholarships for women pursuing careers in cybersecurity with its Women in Cyber Scholarship Program. Internships or apprenticeships involving rotations among different departments in a company can also help enable women who are starting out in the tech industry to find their ideal career path. 

To promote a sense of community and belonging among women in the cybersecurity industry, companies should offer mentorship and networking opportunities. These events allow women to connect and support one another, ensuring that their voices are heard and that they feel visible within the company. 

As previously mentioned, Flexible Work Arrangements (FWAs) are vital for women, particularly mothers, to balance their caregiving responsibilities while focusing on their careers. In this era of hybrid work, FWAs have become more popular among companies. However, more can be done in terms of childcare benefits for both men and women in order to promote greater work-life balance and support the return of mothers to the workforce. For example, in countries like Sweden, improved childcare benefits such as paid parental leave and childcare subsidies have been linked to a significant increase in women's future annual income. A study conducted in Sweden found that for every month of parental leave taken by the father, the mother's annual income can increase by 7%.

Getting more women to work in cybersecurity is important for more reasons than just gender equality. It can also help address the growing tech talent shortage, particularly in cybersecurity. As more industries continue to digitise, the demand for skilled cybersecurity professionals rises accordingly. However, the current talent pool is struggling to keep up with that demand, resulting in a shortage of qualified professionals. Indeed, while the cybersecurity workforce in APAC in 2022 grew 15.6% over the previous year, the chasm between the available cybersecurity workforce and the number of professionals needed in the region increased by 52.4% or 2.16 million workers. In other words, the number of cybersecurity professionals is slowly growing, but it is still nowhere near enough to fill the gaps that already exist. This problem is felt most in APAC.

Studies have also shown that diverse teams are more innovative, creative, and effective in problem-solving. By getting more women involved in cybersecurity, we can make it a more diverse and inclusive field that is better able to deal with the growing complexity of the problems it faces. Hence, it's important to fix the problem of women's underrepresentation in cybersecurity and encourage diversity in the field if we want to build a strong talent pool for the future. 

If women's interest in true crime can translate to a passion for cybersecurity to scratch that same itch, then we should look towards embracing it. Cybersecurity professionals work to protect individuals and organisations from cyber threats, including data breaches, hacking, and ransomware attacks. By preventing these crimes, cybersecurity experts play a crucial role in creating a safer digital world. 

Ultimately, we need more women in cybersecurity precisely because of the unique perspectives and skills they can contribute to the industry, and wider representation can only bring greater improvements to the field.