Empowering women can help fix the cybersecurity staff shortage

A lack of agency, rather than a lack of access, is what is primarily hampering women in cybersecurity careers.

A lack of agency, rather than a lack of access, is what is primarily hampering women in cybersecurity careers. Image: Kelly Sikkema/Unsplash

Leila Hoteit
Managing Director, Senior Partner, BCG
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:


Listen to the article

  • The global cybersecurity workforce – short some 3.5 million workers in 2021 – is only 25% women, according to Cybersecurity Ventures.
  • A worldwide survey of 2,000 female STEM students underscores the hurdles to making cybersecurity a viable career focus for women.
  • The findings reveal surprising opportunities for significant progress in both increasing participation and filling the shortfall of women in cybersecurity.

Organizations around the world are increasingly vulnerable to cyber threats. In 2020 alone, cybercrimes created a trillion-dollar global business loss. The problem will only escalate: 57% of organizations report unfilled cybersecurity positions, and the global cybersecurity workforce is short some 3.5 million workers in 2021, according to Cybersecurity Ventures. Concern over the dearth of tech talent, in general, is coming to a head as organizations increasingly rely on digital. With cybercrime on the rise, the shortfall in cybersecurity is particularly urgent.

It’s also true that some 75% of today’s cybersecurity workers are men.

It might seem, then, that there’s a simple solution to the staffing shortfall: hire women in cybersecurity to fill the empty positions and bolster problem-solving and innovation through gender diversity.

Have you read?

But as the extreme gender gap suggests, any such solution cannot be applied easily or quickly. It requires understanding and addressing a foundational stumbling block: long-standing obstacles have kept many women from entering and pursuing careers in STEM disciplines, including cybersecurity. Women make up 39% of the overall workforce, but account for 38% of those in STEM jobs in general and just 25% in cybersecurity, according to Cybersecurity Ventures.

Solving both of these cybersecurity challenges – the staffing shortfall and the gender-based inequity –begins with opening STEM doors to women and girls and then helping them advance in the field.

Women and cybersecurity worldwide

BCG undertook a global survey of 2,000 female STEM undergraduate students in 26 countries spanning six regions – one of just a few studies on this topic to include a global sample. We regarded our survey as an opportunity to test the conventional wisdom about women in STEM and cybersecurity.

Our survey corroborated some traditional thinking – but refuted other key, long-held hypotheses:

  • It’s important to engage girls in STEM early. Our research confirmed this hypothesis. A majority – 78% – of our respondents said that they had first developed an interest in STEM in middle school or high school.
  • Women are aware of cybersecurity. There’s a perception that awareness of cybersecurity is low among women. We found the opposite to be true: 82% of survey respondents said they had some or a lot of knowledge of cybersecurity.
  • Women have access to cybersecurity education. Another perception: low participation of women in cybersecurity because they lack access to cybersecurity education. Our survey indicated otherwise. Specifically, 58% of respondents said they had access to cybersecurity education, and 68% had already taken a cybersecurity-related course.
  • Role models and senior encouragement are critical. That’s what anecdotal evidence suggested, and our survey validated the hypothesis. Of our survey respondents, 70% of those who have some or a lot of knowledge of cybersecurity said that they had a role model who encouraged them to learn more about the field.
  • Some women have negative perceptions of cybersecurity as a career choice. The top three priorities for women in choosing a job are contributing to society, earning a high salary and having a good work-life balance. However, 37% of respondents regard cybersecurity as a field where achieving that balance is difficult.
  • Women with low awareness of cybersecurity have negative perceptions of people who work in the field. We found that women with little knowledge of cybersecurity regard those working in the field as “nerds” or “hackers”. Conversely, women who have greater awareness of cybersecurity have a more positive perception of such workers, thinking of them as “cool coders”. These are extensions of broader perceptions of the field itself. Some people associate it with the military and intelligence operations that were historical entry points into cybersecurity. And another reason for few women in cybersecurity is that it’s often regarded as a “boys’ club”.

Our survey also explored the reasons why some women said they did not want to pursue a career in cybersecurity (see below). A subset of these respondents cited a lack of information or technical knowledge – which suggests an opportunity to attract a greater proportion of women to cybersecurity by making information and technical capabilities more widely available. Also, 47% of women simply said they were not interested in a career in cybersecurity. But when we asked them to elaborate, some cited that “I hadn’t thought of it” and “I have never been exposed to this field”. This suggests that there’s an even larger opportunity to attract women to the cybersecurity field through internships, projects and other cybersecurity-related experiences.

Reasons for fewer women in cybersecurity field.
Reasons for fewer women in cybersecurity field. Image: BCG

A cyclical framework for women in cybersecurity

To create a framework that would support women in cybersecurity careers, we broadened our view from cybersecurity and STEM to include other socio-economic and political factors. Access, such as greater awareness or increased cybersecurity education, is not the primary reason why women are not pursuing cybersecurity careers. The true difficulty lies in agency: the ability to control resources and make decisions about their use. Social or cultural norms may constrain a woman’s choice of what she can study, and unpaid home responsibilities may limit a woman’s ability to enter or succeed in a cybersecurity career.

It’s important for employers, governments, educators and individuals to consider access- and agency-related barriers across a woman’s entire career life cycle.

Our framework recognizes the need to address the issues that women will confront across that life cycle: pipeline, recruitment, retention and advancement. (See below.)

A new framework to support women in cybersecurity aims to create a virtuous cycle
A new framework to support women in cybersecurity aims to create a virtuous cycle Image: BCG

In our framework, the stages are cyclical, not linear, recognizing the value that women at each stage hold for women at the other stages. In particular, women who are leaders in cybersecurity (who have reached the advancement stage of the journey) will bolster women who are newcomers to the field, inspiring those at the pipeline and recruitment stages and mentoring women at the retention stage.

Attracting women to cybersecurity would do more than fill the empty chairs. It would:

  • Broaden and strengthen cybersecurity capabilities by bringing diverse perspectives to problem-solving and innovation.
  • Improve business performance. Diversity pays dividends; companies with a gender-diverse board typically have higher returns on assets, and companies with a gender-diverse employee base tend to have financial returns that better national industry averages.
  • Strengthen and diversify national economies by encouraging women in cybersecurity careers, which is a well-paying, highly productive, and future-proof industry.
Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Related topics:
CybersecurityEquity, Diversity and InclusionEconomic Growth
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

Tinder Swindler: How 'romance fraud' became a multi-billion dollar cybercrime

Robin Pomeroy and Sophia Akram

May 24, 2024

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum