Latest News

Women in Cyber Security Believe Equality Will Take at Least a Decade, CIISec Survey Finds

Better support and career progression, and becoming less of a “boys only club”, will have the most positive impact

Research from the Chartered Institute of Information Security (CIISec) sheds light on the worrying state of diversity within the cyber security industry. 57% of women working in the industry believe it will take at least a decade for them to be treated as equals to men, with 20% believing it will ‘never happen’. However, women are clear on what is needed to address the issues; 56% say better support and career progression, 49% say the industry needs to be less of a “boys only club” and 47% say more women in the industry would make a positive impact.

The research also shows women are struggling to progress both due to the status quo of the industry and also not getting the required support. Almost half (47%) have experienced or observed blatant sexism that was not disciplined. Meanwhile, half (50%) say they feel they lack the necessary skills to progress to a new role and 61% say a lack of confidence in their own abilities is holding them back.

“There’s no question that the cyber security industry must become more diverse. This isn’t only a matter of creating a more inclusive and fairer world. Without greater diversity and inclusion, the industry risks stagnating,” said Amanda Finch, CEO of CIISec. “Organisations need to work together to eradicate the “boys only club” culture cyber security has built up over the years. As an industry facing a skills shortage, it can’t afford to drive away valuable new blood that could bring fresh new ideas. We need to encourage a new generation of talent into the industry and give women better support; both to help them progress, and so they want to stay in their careers.”

The survey shows there are some perennial issues that must be addressed:

  • 42% of women have experienced a lack of career progression (e.g. being passed over for promotion).
  • 46% say they have been paid noticeably less than men doing the same job.
  • Nearly half (48%) of women say that they feel unwelcome in a “boys only club”.
  • Over half (51%) have experienced being the only women in the organisation.

To encourage women to join the industry and support those already in it, organisations need to understand what women want in their careers. When asked what was most important to them when considering a role in cyber security:

  • 63% say the opportunity to learn new things.
  • 57% say work-life balance.
  • 54% say career progression.
  • 46% say the challenge of the role.

“Addressing the diversity issue isn’t a quick overnight fix,” continued Amanda Finch. “We need to dig deep into the underlying issues and address them from the ground up to really put this right. Understanding exactly what women are experiencing and need are just the first steps to help make a change. We need to offer clear paths to progression through frameworks and ongoing training. We need to break down barriers and demonstrate the varied roles and career paths within the industry. Doing this will help make a real difference in encouraging women into the industry, bringing with them the new skills we so desperately need to fight against the changing threat landscape.”

Background on the Chartered Institute of Information Security:

The Chartered Institute of Information Security, formerly the IISP, was established in 2006 to act as a focal point for the setting of standards in the information security profession and to promote the availability and growth of talent for government and businesses alike. Unlike many other certifications, the institute does not accredit on knowledge alone but requires professionals to provide evidence that they have successfully performed the required skills in the real world and have a track record of delivering to the highest standards. The institute works with academia to help develop new courses and entry routes into the profession, as well as corporate and government organisations to promote the growth of talent in the workplace.



CIISec surveyed women working in the cyber security industry. The results are based on the 90 women who positively identified themselves as working in the UK.