RMIT University has released new research examining the under-representation of women in Australia’s cyber security workforce and exploring the reasons for their departure from the sector.
The study, commissioned by the Australian Women Security Network (ASWN), delved into the experiences of women with more than five years of experience in cyber security roles through in-depth interviews and a comprehensive literature review. This follows an earlier report, Gender Dimensions of the Australian Cyber Security Sector, which revealed women make up just 17% of the cyber security workforce and tend to leave the industry after four years.
Founder and Executive Director of ASWN, Jacqui Loustau, highlighted the necessity of understanding these trends: “This study is important to better understand the reasons why women have left the workforce, particularly those over the age of 40 years. We wanted an academic study to understand how Australia compares to other countries and sectors in what they are doing to address this challenge, and to ensure that AWSN and the cyber industry are working on all facets of changing the number of people from where it is now, 17%, to increase this into the future.”
Professor Matt Warren, Director of RMIT’s Centre for Cyber Security Research and Innovation, noted barriers for women in the sector, particularly in technical and leadership roles. “Unsurprisingly, the study found women are over-represented in administrative and clerical roles, which are lower paid compared to technical and managerial roles. There is a 24/7 culture in cyber security. Job design and work commitments continue to make it difficult for women with domestic or child rearing responsibilities to achieve work-life balance, which is both a barrier for entry and a reason women may leave the sector – although not the only one,” said Professor Warren.
The study identified several critical challenges, such as insufficient organisational support for women returning from maternity leave, pay discrepancies among genders, and prevalent organisational gender barriers to career progression. Many women expressed dissatisfaction with the slow pace of change and the pressure to conform to a predominately male culture, including frequent micro-aggressions, bullying, harassment, and discrimination. Some participants also reported self-doubt regarding their capabilities in this male-dominated field.
Women in cyber security were generally opposed to gender quotas but supported more flexible work arrangements and professional development opportunities. Many women acknowledged the benefits of subsidised training and mentoring programmes, some with male mentors. Participants also agreed on the need to encourage interest in cyber security among young girls to combat gender stereotypes from an early age.
Associate Professor Lauren Gurrieri, a gender inequality researcher and study co-lead, stressed the importance of change at the organisational level. “A growing wealth of research points towards the need to change systems, cultures and conventions, rather than place the onus on individual women to ‘fit in’ or adapt to a biased system,” she said.
The report includes 14 key recommendations, among them gender inclusivity training, initiatives to promote cyber security to women and girls, and educational programs at primary and secondary school levels. It advocates for gender pay gap audits and the publication of gender equality indicators and retention statistics.
RMIT’s Associate Professor Lena Wang commented on the necessity of workplace changes to improve retention and recruitment of women: “While many companies have existing initiatives to reduce gender disparities in cyber security, we found these could be scaled and adopted by more organisations. In particular, more work could be done around workplace culture and practices such as reducing gender pay gaps, improving gender inclusive culture, and redesigning jobs away from a 24/7 setup. Recruitment enablers, such as increased disclosure of gender equity and gender-neutral language, would also help.”