The relevance of women in cyber security
Isabel Baptista - 15.03.2022
According to the
Global Information Security Workforce Study (
VVAA, 2017), women represent only 11% of the cyber security workforce and the downside is that this number has not grown in the last five years. In Portugal, according to the AP2SI survey, supported by the Cyber Security Observatory of the National Cyber Security Centre (CNCS), in 2019, 9% of the professionals in this area were women and, in 2021, the figure is 14% (
AP2SI, 2021).
In this sense, ENISA - the European Agency for Cyber Security has intensified its efforts and reinforcement of its cyber security capacities to protect the digital society, the economy, and democracy, taking diversity and gender balance as a premise. ENISA cooperates with initiatives such as the European Commission's "WOMEN in DIGITAL Programme" and ECSO's "Women in Cyber". These initiatives aim to increase awareness and gender balance in cyber security roles, IoT cyber security, health cyber security, transport, defence, among others. In Portugal, according to the Society 2021 Report of the CNCS Cyber Security Observatory, the percentage of women enrolled in higher education courses in cyber security and information security is still low, although it has increased by 1 pp in the 2020/2021 academic year (from 7% to 8%) (
CNCS, 2021).
Goal: to increase the number of women in cyber security At the national level, CNCS has been working to increase these figures, stressing that it is a continuous work and in partnership with national and international organisations.
Every year, the "Girls in ICT" is celebrated, an initiative whose main goal is to inspire future generations to bridge the gender gap in the sector. Reducing this disparity necessarily involves raising awareness and informing women of the opportunities in the educational and professional sector of Information and Communication Technologies. For this work of awareness raising to be effective, it must be widely articulated through the various communities that make up the sector.
The "Cyber Security Challenge PT" is a national initiative that selects the student team that represents Portugal in the "European Cyber Security Challenge" and in the "International Cyber Security Challenge" and encourages the participation of young female students. The relations between schools, companies, associations and public organisations are the key component for the success of this inclusion.
The importance of diversity In an era when diversity and equality are the order of the day, it is necessary that this diversity and gender equality occurs in organisations and in countries' strategic guidelines, also in the area of cyber security.
Cyber security may be faced as a specific and highly specialised area in the world of Information Technologies or as a totally transversal and holistic area in society. I focus on the second hypothesis: cyber security as being transversal to society.
In order for us to look at cyber security in a holistic way, it should act in a preventive perspective, acting on the following components:
• empowering people through education and awareness-raising;
• empowering organisations through benchmarks of good practices and certifications;
• national and international cooperation, putting all key organisations for cyber security in liaison;
• regulation and supervision, ensuring that public and private services considered essential for the well-being of society and citizens present a high level of cyber security;
• promoting a situational panorama that provides the community with the necessary indicators for a judicious and structured action;
• and, in a reactive perspective, bringing communities closer to the response to cyber security incidents - which aims at assisting victims in the recovery from cyber-attacks, criminal investigation and judicial prosecution - with the further purpose of identifying the authors of those cyber-attacks and bringing them to justice.
Inspiring for a career in this fieldOnce the full spectrum of cyber security is presented, we can imagine an interesting and rewarding career. We know that there are already several talented and inspiring women in this career, however, there are not enough of them. Due to the fact that the number of women in the area of cyber security is not very expressive, many times female students who are in the process of deciding their academic area do not consider pursuing studies in the area of cyber security, nor later have a career therein.
Pursuing the objective of diversity and equality, we should aim to increase the number of women in the cyber security career path.
Note:In Europe, 7% of those working in cyber security are women (
ENISA, 2019).
At the CNCS, we have a representation of around 42% women (I personally feel proud to be able to contribute to this figure).