Online security

If we want more women in cybersecurity roles, we need to start at school

By Nick Coleman, Head of Security at Mastercard

The challenge we face from cybercrime has never been greater. Last year, the National Cyber ​​Security Center tackled a record number of cyber incidents, with a 7.5% increase over the previous year.[1] and in the past 12 months, 39% of UK businesses have identified a cyberattack[2]. Banks are no strangers to these types of threats; the nature of security is changing, and with that, the skills and experience we need to keep people safe are also changing.

The UK has around 300,000 people working in cybersecurity[3] – greater than the number of police officers or soldiers. Regardless of this, many organizations are struggling to fill their cybersecurity vacancies, with around seven in 10 companies saying they have tried to recruit for a role in cyberspace in the past three years but struggled at all. provide. In more than 40% of cases, it was indicated that this was due to the candidates not having the appropriate skills or technical knowledge.[4].

I have long been a passionate proponent of the development of the profession, so I find these numbers extremely disappointing. Why, despite the vital need to attract more people to the industry, are organizations struggling to recruit candidates? One potential reason is the perception of cybersecurity as a career. It’s often assumed that working in cyber is a mostly technical role, where you need a strong background in IT, engineering, or a similar field. This despite the fact that 22% of organizations say that a lack of soft skills was also a contributing factor in their difficulty recruiting.[5].

Another reason is that we are not reaching all potential talent, which given that only 15% of the cyber workforce in the UK are women and 16% are from ethnic minorities, shows that we have a real opportunity to expand our talent base.

The government estimates that this shortage affects around 653,000 businesses, which have a skills gap in performing basic cybersecurity tasks. Second, we risk stifling growth, progress and innovation by having a workforce comprised solely of like-minded people with similar perspectives, all approaching problems in the same way. Analysis during the pandemic shows the benefits of diversity, with S&P 500 companies with high age and gender diversity among directors financially outperforming their peers[6].

This challenge is not limited to the cyber industry, but is part of a larger divergence that begins during education. Of all the girls taking GCSEs, only 5% study IT, dropping even lower at A level and at university level too.[7] In 2019-20, men with computer science degrees outnumbered women four times (105,000 versus 26,000). This gap appears across all Science, Technology, Engineering and Mathematics (STEM) subjects, with only 35 out of 100 students studying STEM subjects at university being women[8].

If we are to tackle the challenges we face in recruitment, we must not only change our approach to recruitment, but also ensure that girls and young women – especially those from diverse backgrounds – can access to these topics and ensure that STEM is not viewed as a stereotypical male career path, with everyone having an equal opportunity to excel in it at school and university.

I witnessed the need for greater engagement firsthand when I helped lead the efforts of the nation’s first National Cyber ​​Career Fair in 2018. Events like this give us a way to help people – from all walks of life – to understand industry opportunities and make cybersecurity professionals more accessible, which helps us attract diverse talent.

A lot of good work is already being done to change the perception of the industry within cybersecurity organizations. The National Cyber ​​​​​​Security Center, for example, organizes the Cyber ​​​​​​First Girls competition, which this year saw more than 7,000 girls and more than 130 teams participate in challenges of AI, networking and cryptography, as part of efforts to interest more young women in an e-career.

At Mastercard, we’ve developed the Girls4Tech program – a global initiative to get more school-aged girls interested in STEM subjects from an early age, in the hopes that they’ll be inspired to develop their tech skills, and even get into in a tech-focused career. The program, which has reached 1.5 million girls to date, offers a digital curriculum covering cryptology, fraud detection and big data, while emphasizing that it takes all kinds of interests and skills to pursue a career in STEM. We recently added new partnerships in the United States and Canada and plan to have a community of five million girls in 30 countries by 2025.

But there is still a lot to do. If we want to tackle the issues we see in cybersecurity, we need to tackle perceptions of STEM subjects from an early age. Organizations, including banks and financial service providers, must champion cybersecurity as a fulfilling and rewarding career path within their businesses and challenge biases by ensuring recruitment processes are open to a wide range of candidates.

The world is becoming more interconnected than ever, and as more and more of us depend on the flow of digital information to live our lives, particularly through the way we collect and manage our finances, the need for an industry of cybersecurity professionals, drawn from diverse backgrounds, is more critical than ever. Diversity leads to more innovative and better performing teams, and if we are to protect people from cybercrime we need to ensure that we bring in all the talent in the UK.