An influx of women is slowly but steadily closing Australia’s cyber security gender gap, according to new local research that also found women are more likely than men to have moved into cyber security roles without having formal IT qualifications.

Women comprised just 17 per cent of Australia’s cyber security occupations in 2021, and 16 per cent of the ICT Security Specialist job classification, according to the newly released report – entitled Gender Dimensions of the Australian Cyber Security Sector and co-authored by RMIT University’s Centre for Cyber Security Research and Innovation (CCSRI) and the Australian Women in Security Network (AWSN).

That puts gender equality in Australia’s cyber security industry behind world benchmarks – the most commonly cited figure for women’s representation is the (ISC)2 figure of 24% – yet while this suggests that “the sector is not reaching its full potential,” the report’s authors note, they say it is “promising” that the number of women in Australian ICT Security Specialist roles had grown by a factor of 4 since 2016 while the number of men grew by a factor of 3.

“The cyber security sector is uniquely poised to be able to make greater progress on gender equity than other male-dominated fields,” the report concludes, noting that the sector’s “inherently adaptive, iterative, forward-looking and innovative” nature made it less constrained by “traditions and conventions” that have compromised gender equity in other sectors.

“As a rapidly growing area,” the report’s authors point out, “the cyber security sector has a promising opportunity to take intentional action now to shape its culture to be one that is gender equitable, inclusive and embracing of diversity, and to capitalise on the business benefits of making this shift.”

The report – a watershed analysis that combs ABS job data as well as a survey conducted amongst 660 respondents working in and out of the cyber security industry – offers 40 recommendations for governments, organisational leaders, professional industry associations and other stakeholders.

These include, for example, adding gender equity outcomes to executive KPIs; applying gender equity conditions to procurement policies, grants, funding, and other forms of industry collaboration; establishing frameworks of gender equity measures that organisations can adopt; analysing educational content for gender bias and stereotypes; and supporting initiatives that encourage women to pursue careers in cyber security.

“Despite the rapid expansion of the cyber security workforce, the sector is characterised by a stark under representation of women,” said CCSRI Director Matt Warren as the report was launched.

“To achieve gender equity in the industry we need to understand the factors that deter women from joining or cause them to leave the sector, and commit to fostering a workforce culture that embraces diversity as a strength.”

Recruitment from other industries is working

Significant among the report’s revelations was the finding that only around half of female cyber security professionals have educational qualifications in IT – compared with two-thirds of men.

This suggests that more women than men are entering the cyber security industry through unconventional career paths – business, management, humanities, and creative arts graduates are particularly common – and many did so after taking breaks for family and care responsibilities that had, the report found, had “a disproportionate impact on women’s career continuity.”

Many women make the shift to cyber security for different reasons than men do: fully 52 per cent of women in the survey said they joined the sector because they wanted to make a difference to society, which is well above the 44 per cent of men that said the same.

The figures suggest that recent efforts to address the cyber security skills gap and gender gap by recruiting and retraining workers from other industries – including programs like the State of Victoria’s Microsoft Traineeship Program, cybersecurity training centres at the University of Melbourne and Edith Cowan University, and a $60m government fund prioritising efforts to boost diversity in the cyber security workforce – are producing results.

Yet “although there has been progress in the number of women entering security over the years, it’s not fast enough,” warned AWSN founder and executive director Jacqui Loustau.

“To protect all Australians, the security workforce needs all types of people thinking innovatively, stopping threats, and advocating for security.”