If we want more women in cyber security roles, we need to start at school

By Nick Coleman, Chief Security Officer at Mastercard

The challenge we face from cybercrime has never been higher. Last year, the National Cyber Security Centre tackled a record number of cyber incidents, with a 7.5% increase on the previous year[1] and in the last 12 months, 39% of UK businesses identified a cyber attack[2]. Banks are no strangers to these types of threats; the nature of security is changing, and with this, the skills and experience that we need to keep people safe are changing too.

The UK has around 300,000 people working in cyber security[3] – higher than the number serving as either police officers or soldiers. Regardless of this many organisations are struggling to fill their cyber security vacancies, with around seven in 10 businesses saying they had tried to recruit for a cyber role in the last three years but had found it hard to fill them all. In over 40% of cases, it was stated that this was due to applicants lacking the right technical skills or knowledge[4].

I have long been a passionate supporter of developing the profession so find these figures extremely disappointing. Why is it that, despite there being such a vital need to attract more people to the industry, organisations are struggling to recruit candidates? One potential reason is the perception of cyber security as a career. There is often an assumption that working in cyber is a predominantly technical role, where you need a strong background in computer science, engineering, or similar subject area. This is despite 22% of organisations saying a lack of soft skills was also a contributing factor in their struggles to recruit[5].

Another reason is we are not reaching all potential talent which, given that only 15% of the cyber sector workforce in the UK are women and 16% are from ethnic minority backgrounds, shows we have a real opportunity to expand our talent base.

The government estimates that this shortage is affecting approximately 653,000 businesses, which have a skills gap around carrying out basic cyber security tasks. Secondly, we risk stifling growth, progress and innovation by having a workforce made up solely of like-minded people with similar outlooks, all approaching problems in the same way. Analysis during the pandemic shows the benefits of diversity, with S&P 500 companies with strong age and gender diversity among directors financially outperforming their peers[6].

This challenge isn’t something that is limited to the cyber industry but is part of a wider divergence that begins during education. Of all the girls who take GCSEs, only 5% study computer science, dropping even lower at A-level and degree level too.[7] In 2019/20, male computer science graduates outnumbered women four-fold (105,000 compared to 26,000). This gap appears across all science, technology, engineering and mathematics (STEM) subjects, with only 35 in every 100 students studying STEM subjects at university being women[8].

If we’re to combat the challenges we face in recruitment we need to not only change our approach to how we recruit, but also ensure that girls and young women – particularly those from diverse backgrounds – are able to access these subjects and ensure STEM is not seen as a stereotypical male career path, with everyone having an equal opportunity to excel in them at school and university.

I witnessed the need for greater engagement first-hand when I helped lead efforts for the nation’s first national cyber careers fair back in 2018. Events like this give us a way to help people – from all backgrounds – understand the opportunity in the sector and make cyber security professionals more reachable, which helps us to attract diverse talents.

There’s a lot of good work being done to change the perception of the industry within cyber security organisations already. The National Cyber Security Centre for example runs the Cyber First Girls competition, which this year saw more than 7,000 girls and over 130 teams take part to tackle challenges across AI, networking and cryptography, as part of efforts to get more young women interested in a cyber career.

At Mastercard, we have developed the Girls4Tech programme – a global initiative to get more school-age girls interested in STEM subjects from an early age, with the hope that they’ll be inspired to build their technology skills, and even enter a tech-focused career. The programme, which has reached 1.5 million girls so far offers a digital curriculum covering cryptology, fraud detection and big data, while at the same time highlighting that it takes all kinds of interests and skills to pursue a career in STEM. We’ve recently added new partnerships in the US and Canada and expect to have a community of five million girls across 30 countries by 2025.

But there is still much more to do. If we’re to tackle the issues we’re seeing in cyber security, we need to work to tackle perceptions of STEM subjects from an early age. Organisations, including banks and financial services providers, need to champion cyber security as a fulfilling and rewarding career path within their companies and challenge bias by ensuring recruitment processes are open to a diverse range of candidates.

The world is becoming more inter-connected than ever, and as more of us rely on the flow of digital information to live our lives, not least through how we bank and manage our finances, the need for an industry of cyber security professionals, drawn from a diverse range of backgrounds, is more critical than ever. Diversity leads to more innovative, better performing teams, and if we’re to keep people safe from cybercrime we need to ensure we’re drawing on the full talent of the UK.