A new research study conducted by cyber security services firm, Bridewell, has revealed that there is a lack of diverse cyber security talent in the UK’s critical national infrastructure (CNI) organizations. The study found that a disproportionate number of women in these roles fear the possibility of losing their jobs compared to their male counterparts.
According to the research, 63% of female security leaders working in the UK’s CNI have expressed fear of losing their jobs due to a cyber attack in the past month alone, compared to only 38% of male security leaders. This means that women in these roles are two-thirds more likely to feel exposed to potential job loss than men. Additionally, nearly one-third (32%) of women in these positions are considering leaving their current cyber security roles in the next 12 months due to increasing stress and burnout, which is affecting their personal lives.
Grace Perry, Client Lead and Content Lead of the Bridewell Women’s Network, commented on the findings, stating that although there has been an increase in the number of women in CNI security roles in recent years, they are still underrepresented in the industry. Perry believes that CNI organizations need to acknowledge and address the factors that may contribute to this disparity, such as working patterns, performance benchmarks, and career development paths that may favor men and hinder female professionals from thriving in their roles.
Furthermore, the research by Bridewell highlights the potential impact that this lack of diverse talent can have on the existing cyber security skills gap within the CNI. The study found that the skills gap has widened by 64% in just one year. Over one-third (36%) of the surveyed CNI organizations in sectors such as transport, aviation, finance, utilities, government, and communications admit that they do not have the right skills in place to secure their IT infrastructure. In addition, 42% of these companies lack the necessary skills to safeguard their operational technology (OT), which increases the cybersecurity risk to critical physical processes like power plants, water treatment facilities, and transportation systems.
These findings align with a government report that was released concurrently, revealing that only 17% of the UK cyber workforce are female. This percentage is lower than in all other digital sectors and represents a slight decline compared to the previous year’s figures. Women also continue to be significantly underrepresented in senior cyber roles, occupying just 14% of these positions. This persistent gender disparity raises concerns about burnout and the lack of sufficient professional support systems for women in the industry.
However, there is some hope on the horizon as CNI organizations actively seek diverse cyber talent with transferable skillsets. The Bridewell study found that nearly half (40%) of these organizations encourage informal networking among minority groups and have implemented flexible working schemes, aiming to promote cyber diversity through stronger connections and improved work-life balance opportunities. Additionally, over one-third (38%) combat gender bias by ensuring that all job descriptions are written in neutral language.
Emma Leith, Director of Consulting at Bridewell, emphasized the urgent need to address the cyber security diversity problem in order to bridge the skills gap and prevent further risk to the UK’s critical infrastructure. Leith called for CNI organizations to take bold action to embrace more diverse experiences and perspectives, breaking down traditional barriers and promoting organic culture change. She stressed that diversity, equality, and inclusion (DE&I) must be at the core of their cyber strategies, with a specific focus on recruiting and retaining women and other underrepresented groups.
In conclusion, the research conducted by Bridewell highlights the dearth of diverse cyber security talent in the UK’s critical national infrastructure organizations. The study reveals the disproportionate fear of job loss among women in these roles and the potential impact on the existing cyber security skills gap within the CNI. However, there is hope for change as organizations actively seek to promote cyber diversity and address gender bias. The long-term commitment to diversity, equality, and inclusion is crucial to ensuring a more secure and resilient critical infrastructure in the UK.