Women in the cybersecurity industry experience workplace situations that contribute to an overall feeling of exclusion, as well as lower rates of satisfaction, productivity and retention, according to a March 29 report from Women in CyberSecurity (WiCyS).

Women discussed a lack of career and growth opportunities, as well as a lack of respect from company leadership, direct managers and peers.

“We know that the representation of women in cybersecurity hovers around 24%, far lower than it should be,” Lynn Dohm, executive director of WiCyS, said in a statement.

“We wanted to find out why this was the case and were somewhat — but not entirely — surprised that the most common source of women’s feelings of exclusion came from people, not company policies,” Dohm said. “This highlights the fact that we still have a long way to go when it comes to accepting women in the cybersecurity industry.”

In collaboration with the DEI firm Aleria, WiCyS collected information about nearly 500 experiences from more than 300 women who anonymously shared details during a series of workshops in February. Then the data was used to calculate an exclusion score, which combined the prevalence, severity and frequency of uncomfortable workplace experiences.

The participants spoke about themselves and their work, career and growth opportunities, respect and work-life balance. Women reported incidents such as receiving less recognition than their male peers, being asked to speak with a man in IT rather than them and experiencing male co-workers watching pornography in their presence.  

Overall, 83% of participants shared at least one experience of exclusion. The top two categories that involved exclusion were career and growth — reported by 57% of participants — and respect, which was reported by 56%. The categories of recognition and access were both cited by 41% of participants as areas of exclusion.

A majority of participants pointed to people as the source of uncomfortable experiences. About 68% cited leadership, followed by 61% who cited managers and 52% who cited peers. In comparison, 12% noted workplace policies that contributed to feelings of exclusion. 

New hires reported exclusion levels that were 17% higher than those who were with an organization for two to five years. At the same time, the highest exclusion levels were found among those who had been with the same organization for six years or more.

Cybersecurity firms had a higher level of exclusion than noncybersecurity firms. Previous studies have shown that technology companies tend to have higher overall exclusion scores, especially among women. Startups without gender diversity may also deter female applicants, leading to “diversity debt” as the company grows.

Across industries, employees have expressed a desire to be part of a more inclusive culture, and many have said they’d switch jobs to be part of a more inclusive culture, according to recent data shared with HR Dive. Promoting inclusivity across all roles in an organization can help with recruitment and retention, multiple HR consulting firms said.

“With cybersecurity facing a serious shortage of workers, it is essential to understanding the obstacles that prevent women — who have so much to offer the industry — from entering and advancing in the field,” Paolo Gaudiano, co-founder and president of Aleria, said in the statement.

“We hope our study is a much-needed wake-up call for business leaders to move beyond diversity as the sole metric, and to make inclusion a key part of their DEI strategy and objectives,” Gaudiano said.