Women still only make up a quarter of the workforce in cybersecurity, a striking gap compared to a 39% participation rate in the general workforce. At the same time, the global cybersecurity workforce would need to grow by 80% to meet current demand, according to a joint study by Boston Consulting Group (BCG) and The Global Cybersecurity Forum (GCF). The report, titled “Empowering Women to Work in Cybersecurity Is a Win-Win,” is based on a global survey of 2,000 female science, technology, engineering, and mathematics (STEM) undergraduate students in 26 countries across six regions, as well as interviews with 20 international experts in the field.

“The demand for cybersecurity professional is getting bigger and more urgent. Closing the gender gap in cybersecurity would not only fulfil the demand in the field but strengthen cyber resilience by bringing in diverse perspectives and improve business performance. However, at the current pace, it will take more than 100 years to achieve gender equality in the industry,” says Isme Oosthuizen, Associate Director at BCG Platinion.

The report highlights key actions that need to be taken to meet this growing gender divide in cybersecurity. Engaging women with STEM subjects at an early stage in their education journeys is key to their participation in cybersecurity: 78% of the global survey respondents developed an interest in STEM in middle school or high school.

“Our survey found that in the sub-Saharan Africa region, fewer respondents than anywhere else developed an interest in STEM in primary school - 7% versus a high of 27% in North America, but then again 73% of sub-Saharan Africans said they had developed an interest in high school - 7% more than in Latin America (66%) and 9% more than in Europe (64%),” says Oosthuizen.

Access to STEM education, although an issue, is not the main stumbling block: 58% of global respondents had access to cybersecurity education, and 68% had already taken a cybersecurity-related course. Around 82% of survey respondents said they had some or a lot of knowledge about cybersecurity.

Challenges include social or cultural norms constraining what women study, home and care responsibilities that affect their ability to enter or succeed in a cybersecurity career  and negative perceptions of cybersecurity as a career choice. About 37% of global respondents think cybersecurity does not offer work-life balance, which is one of the top three factors for women choosing a job, along with good compensation and meaningful work. Respondents from sub-Saharan Africa noted their top three career priorities as the opportunity to make a meaningful contribution to society, having opportunities for promotion and advancement, and having a job that others respect and value.

Escalating threat landscape compounded by workforce shortage

There is a significant escalation of digital threats globally and on the African continent. Interpol’s African Cyberthreat Assessment Report 2021 found that weak networks and security make African countries particularly vulnerable to cyberattacks. The report identified the top five cyberthreats in Africa as online scams, digital extortion, business email compromise, ransomware, and botnets. Cybercrime reduced GDP within Africa by more than 10% and at a cost of approximately $4.12 billion in 2021. Closer to home, South Africa has the third highest number of cybercrime victims worldwide, losing approximately R2.2 billion a year to cyberattacks.

“The escalation in cybersecurity threats and their economic impact make it vital that action is taken to attract more women to the field through outreach efforts and by making information and technical capabilities more widely available,” adds Oosthuizen.

The magnitude of the challenge differs from region to region: 94% of respondents in the Middle East and North Africa (MENA), 89% in Europe, 84% in sub-Saharan Africa, and 82% in Asia-Pacific were interested in pursuing a cybersecurity degree, compared to 77% in Latin America and only 61% in North America.

The MENA region is a standout on several measures: It is a leader in K-12 STEM programmes for girls with 79% of respondents likely to participate in targeted STEM programming in their school education, followed by 72% in Europe, 65% in sub-Saharan Africa, 44% in Latin America, 43% in Asia-Pacific and 42% of North American respondents.

Respondents from the MENA region not only reported the highest interest in cybersecurity education (94%), but the highest awareness of these programmes (88%). They are also the most likely, relative to those in other regions, to take part in targeted STEM (79%) and cybersecurity (91%) programmes.

“The results of this report show us that women are ready and prepared to fill the talent gap in the cybersecurity workforce," says Alaa M. Alfaadhel, general manager of initiatives and partnerships at GCF. "With the right encouragement from a young age, women can not only begin to enter the industry, but can also become leaders in their field. By bringing together the leading voices and minds of the cyberworld at the GCF, we are confident that we can bridge this gap and action impactful change for women in cybersecurity.”

The report recommends a holistic approach, addressing the pipeline, recruitment, retention, and advancement for women in the field. Key initiatives would include targeted STEM engagement of school-age girls; openness to training or reskilling candidates with aptitude; gender- and family-friendly policies; ensuring a good work-life balance; and providing access to mentors, sponsors, and women’s networks dedicated to advancing women into senior leadership roles.

“Our survey found that 76% of sub-Saharan African respondents reported having had a role model to encourage them to learn more about cybersecurity. This is good news as role models and senior encouragement are critical to support efforts to build the talent pipeline and strengthen cyber resilience,” concludes Oosthuizen.

Download the report here.