What organizations must do now to advance women to cybersecurity’s upper echelons

Did you know only 20% of the Chief Information Security Officer roles are filled by women? And 50% of women with a technical education leave the workplace at the midpoint of their career [1]—double the rate of their male colleagues in similar roles [2]. Concerned by the under-representation of women in top cybersecurity positions, the Accenture Cybersecurity Forum Women’s Council (ACF Women’s Council) decided to dive deeper into why this deficit exists and what organizations can do to close it.

The ACF Women’s Council is comprised of 75 women in leadership positions from 68 companies in seven countries. We meet regularly as a group to discuss technical security challenges, professional development, and inclusion and diversity topics.  Individually, the members have experienced the loneliness that comes from being the only woman in the room throughout their rise to the top, but we have also received support from strong male allies and sponsors who have helped us achieve greater professional heights. Collectively, the ACF Women’s Council set out to explore what gets in the way at the mid-point of women’s careers in cybersecurity and what has made the difference, to continue to stick with the profession and rise to the top.

What we learned about the barriers to getting women to the top positions in cybersecurity and the recommendations for organizations to address them is detailed in the report: Jumping the Hurdles: Moving Women in Cybersecurity’s Top Spots.

With the widening talent gap in cyber skills, the rising costs to organizations from turnover, and the need for greater innovation—organizations should view advancing women to the top echelons of cybersecurity as an imperative.

Some challenges include:

  1. Lack of women leadership role models
  2. Not enough men in leadership positions willing to advocate for and sponsor women
  3. A sense of isolation among women in cybersecurity
  4. Lack of clear career paths
  5. Desire to avoid professional risk associated with top spots, especially for CISO positions
  6. Too few opportunities to develop the full scope of skills required to be promoted to leadership positions in cybersecurity

The report recommends specific actions in four key areas for companies and public organizations to act upon to help improve their pipeline of women for leadership positions in cybersecurity:

  1. Invest in developing future women executives.  With CISOs predominantly male, women can easily feel isolated. Men that currently hold leadership positions can help by advocating for and sponsoring women and by providing them with Board exposure opportunities.
  2. Provide flexible work arrangements.  Women often believe they must choose between personal or professional commitments or are limited by assumptions rooted in their past, very real, experiences. Along with flexible work options, cultural shifts can help—such as performance reviews that evaluate the outcome, impact, learning and growth or creating an assumption-free promotion and succession planning process that holds leaders accountable for how they identify future leaders.
  3. Decode the ‘route to equal’ with metrics.  The basics of equality, including pay, continue to be a problem for many organizations. More transparent metrics will show where gaps may exist, helping women advance to higher positions and ultimately leadership roles.
  4. Reward responsible risk-taking. Women tend to underestimate their qualifications and are less likely to take the risk of a stretch opportunity. This matters even more in cybersecurity where some executives can be faced with personal humiliation in the event of a breach. Organizations should hire for the future growth of the organization and based on the forward-looking potential of the individual rather than purely on previous experience.

By implementing recommendations from the report, organizations can help close the gender gap at the leadership ranks of cybersecurity—something that is more important than ever before. With the widening talent gap in cyber skills, the rising costs to organizations from excessive turnover at the midpoint of women’s careers, and the need for even greater innovation to tackle this burgeoning area of risk—organizations should view advancing women to the top echelons of cybersecurity as an imperative. Furthermore, COVID-19 has increased cyber risk for all organizations, making this an ideal time to attract, develop, retain and advance a gender-balanced cybersecurity workforce. That’s just one of the reasons Accenture has committed to 50/50 gender equality within our company at all levels by 2025 [3].

If doing the right thing isn’t enough, just consider the improvements in security, innovation and business results—and then get to work. We need to embrace this as a shared responsibility, and I believe it’s an attainable goal for any size organization that is ready to commit to it. I have already started embracing these solutions to implement the change I want to see in the teams I lead—join me in this business imperative.