Workplace bullying, the gender pay gap and a 24/7 work culture are just some of the reasons women in cyber security are leaving the industry, a new study has found.
The study from the Royal Melbourne Institute of Technology (RMIT), commissioned by the Australian Women Security in Network (AWSN), sought to uncover the reasons for women departing the cyber security industry early.
According to a 2023 report from RMIT, Gender Dimensions of the Australian Cyber Security Sector, women represent just 17 per cent of the workforce in cyber security, and they tend to leave the industry after just four years.
The 2023 report was the first in-depth look into the gender make-up of the cybersecurity workforce in Australia, and Jacqui Loustau, the founder and executive director of ASWN, wanted to continue that work in this most recent study.
“We wanted an academic study to understand how Australia compares to other countries and sectors in what they are doing to address this challenge,” Loustau said, “and to ensure that AWSN and the cyber industry are working on all facets of changing the number of people from where it is now, 17 per cent, to increase this into the future.”
What are the findings?
Overall, the women who were interviewed by the researchers at RMIT were not satisfied with the pace of change in terms of gender equality in the cyber security industry. Many were concerned about the gender pay gap and being paid less than their male colleagues for doing similar work, as well as the lack of career advancement options for women to progress in their role.
“Unsurprisingly,” study co-lead Professor Matt Warren said, “the study found women are over-represented in administrative and clerical roles, which are lower paid compared to technical and managerial roles.”
Professor Warren, who is also the Director of RMIT’s Centre for Cyber Security Research and Innovation, said women also noted the around-the-clock culture of the industry, with expectations to meet unreasonable demands that impact their work-life balance.
This is a barrier particularly faced by women returning to the workforce after a period of parental leave: according to the interviewees, they found there was limited organisational support offered to ease them back into the role.
“There is a 24/7 culture in cyber security,” Professor Warren said.
“Job design and work commitments continue to make it difficult for women with domestic or child rearing responsibilities to achieve work-life balance, which is both a barrier for entry and a reason women may leave the sector – although not the only one.”
Other factors that are pushing women out of cyber security include microaggressions, bullying, harassment and discrimination in the workplace.
What are the recommendations?
RMIT’s study gave 14 recommendations to the industry, including gender inclusivity training, programs to promote women and girls’ interest in the cyber security profession and more.
Cyber security workplaces were advised by the researchers to review their organisational policies, recruitment practices, provide greater flexible work arrangements for employees and implement formal mentoring programs specifically for women.
Associate Professor Lauren Gurrieri, RMIT gender inequality researcher and study co-lead, said it’s not the women who need “fixing”, it’s the system.
“A growing wealth of research points towards the need to change systems, cultures and conventions, rather than place the onus on individual women to ‘fit in’ or adapt to a biased system,” she said.
Associate Professor Lena Wang said initiatives that already exist in cyber security companies to champion gender equality can be scaled and adopted by more organisations around the country.
“In particular, more work could be done around workplace culture and practices such as reducing gender pay gaps, improving gender inclusive culture, and redesigning jobs away from a 24/7 setup,” she said.
“Recruitment enablers, such as increased disclosure of gender equity and gender-neutral language, would also help.”