The arms race between criminals and experts seeking to protect sensitive information, systems and infrastructure continues to heat up. However, the growing security skills shortage poses a challenge to both private and public sector organisations.
In order for Australian organisations to be resilient, we need to tap into a group of talented workers greatly underrepresented across information technology generally and cyber security in particular. It is time we encouraged more women to join the cyber security industry.
The increasing digitisation of services and the increasing use of sensitive personal and financial information pose a challenge for cyber security professionals. The value of this information to malicious activities such as identity theft is such that criminals are tireless in devising new technical and socially-engineered ways of capturing it.
According to the federal government’s cyber security strategy, cyber crime is estimated to cost Australians about $1 billion per year. However, the same document notes that “worldwide losses from cyber security attacks are estimated to cost economies about 1 per cent of gross domestic product per year. On this basis, the real impact of cyber crime to Australia could be around $17 billion annually [and] these costs are expected to rise.”
Where are the women?
The cyber security strategy acknowledges that the field “suffers from low participation from women – which means we are not harnessing the full potential of our talent pool.” It pledges to address this imbalance “through a range of integrated actions developed with the private sector and research community.” These actions will complement an increased focus on cyber security for all students across every level of education.
These actions can deliver a considerable upside − according to the 2015 (ISC)2 Women in Security Study, women made up only 10 percent of the information security workforce, unchanged from 2013.
So why the low level of participation by women? There are many reasons, primarily tied to legacy views and structures in Western culture about the role of women and the professions they are suited to. For example, according to the Australian government’s National Innovation and Science Agenda, women only make up a quarter of the country’s science, technology, engineering and mathematics (STEM) workforce.
There appears to be a lack of role models to encourage women to commit to STEM-related careers such as cyber security, while inflexibility in working hours and gender pay inequity also potentially contribute to the disparity. In addition, unconscious bias (including judging based on stereotypes and favouring people from a particular background) continues to impede the development of diversity and tolerance in male-dominated fields such as cyber security.
Why should we tackle these issues to encourage women to undertake careers in cyber security? The obvious answer is that it’s the ‘right thing to do’ to encourage gender diversity in the field. But this is just one reason. Recruiting more women into cyber security will help overcome what Symantec predicts will be a global shortfall of 1.5 million information security workers by 2019 (in Australia alone, the government is reportedly seeking an additional 900 positions across multiple departments to combat cyber crime, while Australian demand for cyber security services is forecast to grow by at least 21 per cent over the next five years).
In addition, the (ISC)2 research points out that where women are involved in information security, they are making a positive difference to the field. “Our analysis of the data from the past two (ISC)2information security workforce surveys show that women are quickly converging on men in terms of academic focus, computer science and engineering and, as a gender, have a higher concentration of advanced degrees,” says Michael P. Suby, Stratecast VP of Research, Frost & Sullivan.
Suby also points out that women are making strong headway in governance, risk and compliance, with one in five identifying the area as primary functional responsibility (compared to one in eight men in information security). This is important, he adds, as information security is increasingly evolving to focus on business risk management.
At BAE Systems, we believe training and skills development is also crucial in encouraging women to take up cyber security careers. We are working with the Box Hill Institute to deliver a cyber security course that will provide female graduates to help meet growing demand. Our own business focuses heavily on diversity and inclusion: the prestigious Times newspaper has listed us as in the Top 50 UK companies in which women want to work.
We recommend that all businesses and government departments concerned with cyber security engage with programs that encourage women into the field and move quickly to address issues such as lack of role models and mentors, inflexible working hours and unconscious bias. Otherwise the shortfall in cyber security professionals may increase to a point where our information and systems are placed at an unacceptable risk.
Michelle Weatherhead is general manager of commercial solutions sales at BAE Systems Applied Intelligence and a supporter of Australian Women in Security Network, a not for profit organisation which aims to connect women in security across Australia and overseas, support women in the industry stay and grow, collaborate on common projects, and inspire the next generation of women to pursue a career in security.