Women in Digital and Cybersecurity - Careers

Industry bias

If a CISO can say in the 21st century that women are “too emotional”, that is only the tip of the iceberg of industry bias. It was only last year that the largest US cybersecurity firm, Palo Alto Networks, was forced to apologize after staging women models with branded lampshades obscuring their faces at a Las Vegas conference. Olivia Rose, a former CISO and executive advisor, expressed the disgust of many in a LinkedIn post: “So we women are nothing more than props to you?”

Numbers in the programs I teach also reflect the notable absence of women practitioners in the field: in the five years I have been teaching IMD’s flagship digital program, which typically draws participants from 16 different countries, the number of women has never once exceeded 10%. Women make up an even smaller proportion of other tech transformation and AI programs. If that’s a measure of interest and women in digital leadership, that’s concerning.

Workforce opportunity

The industry bias and lack of inclusivity that deter women from entering or remaining in the cybersecurity field is a cybersecurity risk and a business problem. And the exclusion of women is not limited to cybersecurity: this is a pattern across tech. A study of pull requests on the open-source program-sharing service GitHub found that women’s code submissions were accepted at a higher rate (78.6%) than men’s (74.6%), but only when gender was not known. When gender was known, women’s code submissions had a lower acceptance rate than men’s. This suggests that gender biases can limit team effectiveness when diversity is not encouraged.

But I would like to focus on the opportunity: gender-balanced tech teams are more productive than all-male teams because they create products to suit all of society. User experience is paramount: diversity of all types helps teams create more marketable products and services. The award-winning book Invisible Women by Caroline Criado Perez offers many strong illustrations of this across many industries. One example is that of crash test dummies, which for years were based on average-sized male bodies, leading to car designs that were less safe for women. Studies found that women were 47% more likely to be seriously injured in car crashes than men. When dummies modeled on average-sized women were introduced, researchers discovered different injury patterns, leading to improved car safety for all. Gender-diverse teams, especially in engineering and design, can drive better, more inclusive solutions.

What can I do?

1 – Follow the change-makers: Women Cyber Force and Women 4 Cyber both promote women in the field. Check out the impressive women who are active in these groups and follow them on LinkedIn. Cybercrime Magazine had a list of 50 more women in cyber groups, many with regional affiliations: see if there’s one near you. Another great resource is this list of the best training programs for women in cyber from WomenTechNetwork, which empowers women in tech through networking, leadership development, career growth, and mentorship opportunities.

2 – Help influence the next generation: We know that the lack of interest – a sense that “computer science isn’t for girls” – starts as early as five or six years old. While the general trend in the field is a (very) slow increase in girls studying computer science, a study at Kings College London last year found that the percentage of girls pursuing computer science for their first level of secondary school exams had more than halved since 2015. Among the suggestions of the report’s authors, was “changing the current narrative around computing to focus beyond male tech entrepreneurs.” Less Musk, more Lovelace.

3 – Check your bias: Firms persistently underestimate the potential of their female employees. In this analysis of data on 29,809 management-track employees from a large North American retail chain, researchers Alan Benson (University of Minnesota), Danielle Li (MIT, NBER), and Kelly Shue (Yale, NBER) find that women receive substantially lower potential ratings despite receiving higher job performance ratings. The researchers noted that the women subsequently outperformed male colleagues with the same potential ratings, both on average and on the margin of promotion. Particularly if you are the leader of a division or an organization, forcing yourself to be aware of the lack of women in cybersecurity would make a big difference. In my experience, men acknowledge the divide in 1:1 conversation but are less willing to take a stand in a group. Don’t normalize. Be a public ally!

4 – Ask: Do we have a diverse enough group? As late as the 1970s, the top five US-based orchestras had fewer than 5% women in their ranks. Today, they’re closer to a third. This change was purely down to the adoption of blind auditions in the 1970s and 1980s. First-round candidates played from behind a screen (some orchestras are blind throughout the hiring process), meaning that they were judged on merit alone. Even when limited to the initial stage of interviews, blind auditions make it 50% more likely that a woman will advance to the final round. Hiring must be done on merit, but if you have multiple candidates, positive discrimination can be a viable option. Why can we not adopt gender-blind reviews of CVs?

The gender gap in cybersecurity is not just an equity issue; it’s a strategic business risk. The industry thrives on anticipating and mitigating threats, yet it continues to overlook its blind spots – biases that exclude half the talent pool and weaken resilience. The challenge is not in women’s capability but in systemic barriers that persist. Addressing these obstacles isn’t charity – it’s a competitive advantage. The question is not whether we can afford to bring more women into cybersecurity, but whether we can afford not to.