Female representation in UK cyber drops amid growing skills demand

The number of women working in the UK cyber security industry has decreased, sparking concerns that efforts to improve diversity in the space are falling flat. 

A report from the UK government on cyber security skills across the labor market found that only 17% of the cyber sector workforce is female, marking a decrease from 22% last year and on par with 2021 and 2020 statistics. 

The study found that just 14% of senior roles are filled by women across the industry, a figure that’s risen steeply since 2021’s result of just 3%, but one that still underlines a clear imbalance of power.

The report noted that the proportion of women in the cyber workforce has remained “broadly consistent” in recent years. The results from 2021, for example, showed that 16% of the cyber workforce was female, indicating only a very small improvement in the space of two years.

“Although there were signs of an upward trend last year, this has not been sustained,” it said. 

The dip in female representation comes at a critical time in the cyber security space, with demand for skills rising steeply in recent years. 

The report said there is an estimated shortfall of 11,200 people in the industry, and while this does mark a dip from 14,100 in 2021, this is largely due to slower growth in the sector. 

Around 50% of all UK businesses were found to have a “basic cyber security skills gap” while one-third (33%) have an “advanced” security skills gap. 

This aligns with previous estimates from 2022 and 2021, and highlights that firms across the country are still contending with an acute skills shortfall amid a period of rising threats. 

An analysis of cyber security job postings in the last year shows that firms are seeking to bolster security-related skills within their workforce.

160,035 job postings were recorded last year, but 37% of these vacancies were reported as “hard to fill” by businesses, the report said. 

What’s being done to improve diversity?

The report noted that businesses are accelerating efforts to improve workforce diversity. 

Nearly half (40%) of cyber firms said they had taken action to “adapt their recruitment processes or carried out specific activities” to attract and encourage applications from diverse groups. 

38% also said they have accelerated efforts to recruit more women and bolster gender diversity within the workforce.

Across all “diverse groups” - which spans women, people from ethnic minority backgrounds, neurodiverse, and physically disabled people - women were “slightly more likely” to have been targeted in recruitment drives.

Amanda Finch, CEO at The Chartered Institute of Information Security (CIISec) said that her organization’s own research shows firms can still do more to attract female talent and encourage women to enter the industry. 

“Often the security industry is stereotyped as something of a ‘boys only club’. CIISec’s latest state of the industry report highlighted the progress the industry still needs to make on this,” she said. 

“38% of organizations have not implemented development programs to attract women to join the profession or promote those already in it, and a further 5% have tried but failed.”

Alternative routes into cyber

Employers also revealed they are exploring alternative routes into the cyber workforce for diverse groups. However, the report noted that this is typically focused on entry-level roles. 

“Hiring through non-degree routes” was identified as a key approach among many, with ‘capture the flag’ tests used to “identify raw talent”. 

Similarly, firms revealed they are also working with third-sector organizations to improve support for diverse groups within the workforce talent pool.