Why Diversity in Cybersecurity Matters
Updated November 16, 2022
Reviewed by
Credit: Thomas Barwick / Stone / Getty Images
The cybersecurity field has lacked diversity since IT companies began cropping up in the late 1980s. More women and people of color of all genders have entered the field in recent years, but these groups are still underrepresented in cybersecurity.
Some people say poor diversity in cybersecurity is a failure of the education system. Some think stereotypes about the industry discourage people from entering it. Others point the finger at tech companies for not prioritizing inclusion and diversity.
Opportunities in cybersecurity are growing more quickly than companies can fill positions. Plus, many cybersecurity roles pay salaries that are far higher than average. This leaves many wondering why more BIPOC, women, and people from other underrepresented groups aren't entering the field.
Benefits of a Diverse Workforce
Before taking a closer look at the factors at the root of disparities in cybersecurity, it's important to understand why diversity matters in the first place.
- Diverse teams avoid more errors. Research shows diverse teams make better decisions than homogenous ones. When a team lacks diversity, oversights become more likely. For example, the first facial recognition software struggled to identify women and people with darker complexions. This was due to engineering teams' failure to test the software on a variety of facial structures and skin tones. If these teams included more women and BIPOC with darker skin tones, they might have avoided this error.
- Diverse companies make more money. A study from McKinsey found that "companies in the top quartile for gender diversity on executive teams were 25% more likely to have above-average profitability" than companies in the bottom quartile. The same applies for ethnic and cultural diversity. The report found that companies in the top quartile for ethnic diversity outperformed the least diverse companies by 36% in profitability.
- Diverse companies have less turnover. Cybersecurity has a retention problem. A study from the Kapor Center estimated that turnover costs the tech industry $16 billion a year, in part due to stereotyping and harassment in the workplace. Creating more diverse work environments could help counteract this effect. In fact, three-quarters of employees and job-seekers said workplace diversity was important to them. More than one-third said they wouldn't apply to a company where people of color reported dissatisfaction.
Benefits of Diversity to the Future of Cybersecurity
Now let's talk about how diversity can benefit the cybersecurity sector, specifically.
- Bringing Different Perspectives: Cybersecurity's field and scope must constantly evolve to keep up with hackers and security threats. Successful cybersecurity companies benefit from building creative, multi-faceted teams, according to Diedre Diamond, founder and CEO of cybersecurity staffing firm Cyber SN and nonprofit Secure Diversity. With 25 years of experience in tech, Diamond is a thought leader in inclusion and diversity.
- Decreasing Income Disparity: Women have long outnumbered men in higher education. Still, women make less money than men, in part because women pursue lower-paying careers where they feel more welcome.
- Closing the Employment Gap: According to data from (ISC)², the international association of certified cybersecurity professionals, the cybersecurity field must add 2.7 million employees to fill its international workforce gap. A recent study found that 57% of cybersecurity professionals said the shortage impacts the organization they work for. That's why it's crucial for companies to start casting wider nets when it comes to hiring.
"The bottom line is the breaches and the things that we're trying to prevent [come from] all cultures, all genders, all ages, all over the world," Diamond told CyberDegrees. "We are supposed to be able to think like attackers, but we can't understand every culture… So, in cybersecurity more than anywhere, we have to have diversity. If we don't bridge these gaps — if we don't become security-minded citizens, nevermind business people — then we will lose the digital war, if you will."
According to data from (ISC)², the international association of certified cybersecurity professionals, the cybersecurity field must add 2.7 million employees to fill its international workforce gap.
"Income is a big piece. We have to get that message out there, that there's money here," Diamond said. "The other 51% of the population deserve to be involved."
Tech is currently one of the highest-paying and fastest-growing fields in the country. It also has a fairly low barrier to entry. Many cybersecurity jobs only require an associate degree to start. Even so, many women and people of other marginalized genders are put off because cybersecurity is overwhelmingly populated by white men.
"Our current need for women in cybersecurity is no different from when we needed women to work in what were then considered to be stereotypically male roles during WWII," Diamond wrote in an article for TechBeacon. "... We are again in a time of war — this time cyber war — and our adversaries know we are understaffed."
Cybersecurity Demographics
The following sections break down current demographics in cybersecurity compared to all jobs and to science, technology, engineering, and math (STEM) fields.
Employment by Race and Ethnicity
The table below shows representation of racial and ethnic groups in the general U.S. workforce, STEM jobs, and computer-related occupations.
Note that Black and Hispanic groups are underrepresented in all STEM jobs and computer-related roles, compared to the general workforce. These identity categories are not comprehensive.
| Race of Employees | % of All Jobs | % of All STEM Jobs | % of Computer Science Jobs (including cybersecurity) |
|---|---|---|---|
| White | 63 | 67 | 62 |
| Asian | 6 | 13 | 20 |
| Black or African American | 11 | 9 | 7 |
| Hispanic or Latino | 17 | 8 | 8 |
| Other | 3 | 3 | 3 |
Employment by Gender
The tech industry has seen some improvements in gender parity. Still, women face significant barriers in the field.
The percentage of women in STEM at large has slowly climbed from 8% of the workforce in 1970 to 27% in 2019, according to the U.S. Census Bureau. But women's representation in cybersecurity lags slightly behind. This is because STEM careers encompass social sciences and some healthcare positions, where women are more prevalent.
Note that the U.S. Census Bureau only provided this data for people who identify as men and women, excluding nonbinary genders.
| Gender of Employees | % in STEM Careers |
|---|---|
| Man | 73 |
| Woman | 27 |
| Gender of Employees | % in Cybersecurity Careers |
|---|---|
| Man | 76 |
| Woman | 24 |
Other Demographics
Over the decades that researchers have been tracking STEM employment data, the spotlight has stayed mostly on race and gender inequality. But similar challenges exist when analyzing disparities among other demographic categories, such as identities within the LGBTQ+ and disability communities.
Limited data exists on LGBTQ+ people and people with disabilities working in cybersecurity. But we do know these groups face particular challenges in STEM.
According to a recent study, LGBTQ+ professionals are more likely to experience social exclusion, harassment, and career limitations than other STEM workers. They are also more likely to plan to leave the industry.
People with disabilities also face obstacles. Research on science and STEM workers shows that people with disabilities, especially those early on in their careers, are likely to fear disclosing their disability to a potential employer. Additionally, many companies don't provide accessible technology that people with disabilities need to work.
Efforts to Improve Diversity in Cybersecurity
Organizations like Diamond's Secure Diversity have made headway in breaking down the barriers of entry to cybersecurity for underrepresented groups.
Diamond and her colleagues founded their nonprofit out of frustration from seeing so few women in the industry. The few who were present at tech conferences were usually "booth babes," which refers to women hired to work at tech conferences dressed in sexually suggestive or body-revealing uniforms.
"I was like, let's train them, not exclude them," Diamond said. "Let's teach them about the products — and we've got all these jobs. We need them."
Organizations like Secure Diversity have helped many women and others from underrepresented groups start careers in cybersecurity. But some lingering influences are slowing down progress.
Obstacles to Overcome
Multiple intertwined factors are at the root of disparities in STEM, and especially in cybersecurity. This makes it difficult to overcome such disparities, creating a cycle that perpetuates barriers for underrepresented groups.
Contributing factors include:
Lack of Role Models: Cybersecurity lacks representation of diverse groups, meaning many students don't have relatable figures in the field to look up to. Girls' interest in STEM nearly doubles when they have role models in the field, according to a European study of girls and young women ages 11-30. Three-fifths of respondents said they would feel more confident choosing a STEM career if the field had more gender equity.
Societal Norms: Cultural stereotypes create another barrier. Gender roles and racial stereotypes persist in society, meaning children are raised to see certain careers as for men or for women. This can condition children who are BIPOC and girls to believe they are less capable of success in STEM careers. This phenomenon is known as the expectancy effect.
Girls' interest in STEM nearly doubles when they have role models in the field, according to a European study of girls and young women ages 11-30.
The Pipeline Problem: Some companies say their workplaces lack diversity because there aren't enough BIPOC applicants. However, "there are many more Black and Hispanic students majoring in computer science and engineering than work in tech jobs," according to The New York Times. These students may be changing paths before finishing their programs or even after starting their careers. Experts often refer to this trend in STEM as falling out of the pipeline.
How to Increase Diversity and Inclusion in Tech
Underrepresented groups face significant challenges in STEM, but not these challenges are not insurmountable. The following actions can help achieve diversity in cybersecurity.
Educate: A major reason cybersecurity companies struggle to attract people from underrepresented groups is because of industry misperceptions. Many believe all cybersecurity jobs require advanced programming skills.
In reality, some positions don't require coding skills at all. Cybersecurity encompasses all types of roles, including compliance, defense, research, and sales.
"Some roles are highly technical, but some of them are not," Diamond said. "Many people in management are not technical at all. I'm the CEO of a tech company, and I'm not technical. I'm tech savvy. We're really missing how to sell these jobs because of that coder hunched over a keyboard in a hoodie [stereotype]."
Meet Recruits Where They Are: Rather than simply waiting for applicants to submit their resumes, companies can make the first move to connect with potential recruits. For example, they can forge partnerships with historically Black colleges, women's colleges, and schools with prominent LGBTQ+ communities. Companies can also communicate with learning institutions about participating at job fairs.
Continued Mentorship: Mentorship programs aren't just for the benefit of young career professionals. They also help companies retain women and BIPOC employees. Research shows that mentoring programs significantly boost management-level representation of employees from historically excluded groups.
Resources for Cybersecurity Students
Below are some helpful resources for cybersecurity students and professionals. This is not an exhaustive list, but it's a good place to start if you intend to build a future in cybersecurity.
- Cybersecurity & Infrastructure Security Agency: CISA offers a training guide that helps professionals make a career plan and identify skills to build on based on their goals.
- (ISC)²: You can join your local chapter to build your professional network or earn an (ISC)²'s certification like the well-known CISSP. (ISC)² also offers scholarships for women.
- U.S. Department of Homeland Security: Who better to teach about cybersecurity than the federal executive department's security team? The DHS offers various free online courses and training materials.
- Stanford University: Stanford, one of the most prominent engineering universities in the U.S., offers free cybersecurity webinars and videos to the public.
Resources for Cybersecurity Professionals
- Secure Diversity: Deidre Diamond founded this nonprofit to help underrepresented groups forge careers in cybersecurity and to raise awareness about the lack of diversity in the field. The organization offers events, mentoring, and professional development opportunities.
- CyberSN: Check out CyberSN to find out about different niches in cybersecurity, recently posted jobs, and salary data. The website will also launch a job-matching feature in 2022.
- Blacks in Cybersecurity: This organization provides a community specifically for Black professionals in cybersecurity. It offers resume revamp services, training programs, mentorship, digital resources, and information about local meet-ups.
- Women in CyberSecurity: WiCys is a nonprofit membership organization for women. It organizes events and provides networking opportunities.
More Questions About Diversity in Cybersecurity
Why does cybersecurity need a more diverse and inclusive workforce?
First and foremost, underrepresented people should have equal opportunities to succeed in profitable fields like cybersecurity. Second, diversity is proven to improve companies' results. And third, the shortage of entrants to the field necessitates companies hire a more diverse pool of candidates.
What are some examples of diversity in the workplace?
A diverse workplace includes people of different races, ethnicities, ages, and cultures. It also includes people of different religions, sexualities, genders, and disability statuses. Companies should also strive for diversity throughout different levels of the organization — especially in leadership.
Are there fewer women in technology than men?
While strides have been made in increasing the percentage of women in tech, they are still not equally represented. According to recent data, 27% of the STEM workforce are women. But cybersecurity has lagged slightly behind, with 24% women.
Is diversity in the tech industry a problem that can be solved?
Diversity in cybersecurity can be achieved with a multi-pronged approach. This means educating students about cybersecurity, equipping them with the necessary skills, and creating inclusive work environments.
Reviewed by:
Angelique Geehan
Angelique Geehan works to support and repair the connections people have with themselves and their families, communities, and cultural practices. A queer, Asian, gender binary-nonconforming parent, Geehan founded Interchange, a consulting group that offers anti-oppression support. She organizes as part of several groups, including the National Perinatal Association's Health Equity Workgroup, the Health and Healing Justice Committee of the National Queer and Trans Asian and Pacific Islander Alliance, QTPOC+ Family Circle, and Batalá Houston. Angelique Geehan is a paid member of the Red Ventures Education freelance review network. Page last reviewed Feb 10, 2022