SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
3 signs your company could do more to promote women in cybersecurity
Thu, 31st Mar 2022
FYI, this story is more than a year old

The business case for diversity is stronger than ever; the latest research by McKinsey proves this: companies that are more diverse outperform their less diverse peers financially.

According to the study of more than 1,000 large companies across 15 countries, “Companies in the top quartile for gender diversity on executive teams were 25% more likely to have above-average profitability than companies in the fourth quartile.

What's more, the greater the representation of women, the higher the likelihood of outperformance.

Beyond the financial benefits, diversity expands the talent pool and fosters creativity and innovation when teams consist of people with different perspectives and skillsets.

Yet despite a universal recognition that diversity is good for business, technology companies, and specifically cybersecurity companies, remain laggards when it comes to gender inclusion. Of all publicly traded cybersecurity companies globally, fewer than 10% have a woman at the helm.

So, what can cybersecurity companies do to drive real progress in gender inclusion? Here are three areas that present opportunities for improvement.

  • Broken rungs. We tend to think of diversity in leadership, but if you want diversity at the top, you must pay attention to every rung on the ladder.

For decades we've talked about women hitting a “glass ceiling” that prevents them from reaching senior leadership positions. But the reality is, women start to fall behind at the first potential promotion up to the management level.

Research by Lean In finds that “for every 100 entry-level men promoted to manager-level roles, only 72 women are promoted—despite the fact that women and men ask for promotions at similar rates.

This “broken rung” leads to an ever-widening gap: although women make up almost half of the entry-level workforce, they hold only about a third of manager-level roles and less than a quarter of C-suite positions.”

There are several reasons for this phenomenon, including unconscious bias, limited access to senior leadership, and lack of opportunity for women to work on high-profile and challenging business problems to gain the skillset and exposure they need to climb the rungs.

  • Promotion transparency. During the more than five years I hosted “Women of Washington” on Federal News Network, I interviewed hundreds of senior women, many of whom worked for the federal government.

When asked about their views on what the government did right regarding gender diversity, they consistently pointed to a system of career ladder promotions based on merit, which is well documented.

The skills and accomplishments required to move to the next level are widely understood, so it is no surprise that the public sector does better than the private sector for women in leadership roles.

The latest numbers from the Office of Personnel Management show that women hold 34% of the federal government's more than 7,100 Senior Executive Service positions.

While there is obvious room for improvement, representation of women is far greater than in the cybersecurity sector. Transparency in employee promotion leads to less subjectivity or unconscious bias, which helps give all candidates equal footing as they move from one rung up to the next.

  • Bias awareness. To combat unconscious gender bias, you must first become conscious of it. Examples include:  
  • Hiring someone you've known for a long time who's a great performer. Instead of engaging in an inclusive hiring exercise, this perpetuates the status quo.
  • Assuming a woman may not want a job that requires extensive travel because she has a young family. If the job description accurately represents the requirements and she applies, you can trust she has thought this through.
  • Promoting someone or giving them a high-profile, challenging assignment because they are like-minded or have a similar approach. Again, this perpetuates a non-diverse environment and can short-change the business by not fostering new ways of thinking.
  • Discussing business challenges and plans outside of the business environment. Unless all the same people that would be invited to a meeting can be on the golf course together, this becomes a closed discussion and, by definition, not inclusive.
  • Seeking counsel about business strategy from trusted friends. Part of diversity is going out of your comfort zone, which includes seeking advice from those with different backgrounds, perspectives and approaches.

None of these scenarios sound discriminatory on their own, but they demonstrate exclusivity and are examples of unconscious bias.

Given the research, it's clear that many cybersecurity companies have a huge opportunity to improve gender diversity in the work environment. It's also clear that diversity is good for business on many levels, so no company should want to be left behind.

As the economy ramps back up, now's the time to double down on our efforts to eradicate unconscious bias and promote gender inclusion.