Cyber security has long been a male dominated field. According to an ISACA survey, 89 per cent of respondents said there were more men than women in cyber roles in their companies. Some 15 per cent of the 1,500 ISACA certified respondents said they worked in organisations where the entire security function was male.\nIn Australia, a 2018 McAfee Cybersecurity Talent Study estimated that the local cybersecurity workforce was 25 per cent female, slightly above the 20 per cent global average.\n \nThe sector is worse off for it. Lynwen Connick, chief information security officer of ANZ Bank and the only female Big Four bank CISO, wrote last month that the sector was \u201cabsolutely missing out by not having women involved\u201d.\n \n\u201cThe reasons women don\u2019t entercyber securityare varied,\u201d she said, \u201cfrom the perception it\u2019s a male-dominated field, to the lack of female role models to the struggle within our educational system to overcome stereotypes questioning women\u2019s abilities to excel in the sciences.\u201d\n \nIn response, many companies have taken affirmative action to fix the gender imbalance in their security functions.\n \nANZ, along with the other major banks and BT, for example, recently backed an initiative to give high school students cyber challenges, which Connick said would help \u201calter the perception of technology stereotypes among young females\u201d.\n \nOthers have taken the decision to publish their gender pay gap data, even if it casts them in a less than positive light. Deloitte in a number of regions runs a \u2018Women in Cyber\u2019 program, which promotes the vocation to young women.\nHowever, according to the ISACA survey, it appears these concerted efforts are in decline.\n \nWhen respondents were asked if their enterprises have specific diversity programs to support women cybersecurity professionals, only 44 per cent responded in the affirmative \u2013 a seven percentage point decline on the previous year.\n \n\u201cAttempts to diversify the workforce and create gender inclusion are either not happening enough or are failing to meet employee expectations,\u201d said ISACA board chair Rob Clyde.\n \nISACA suggests cyber gender programs are \u201carguably decreasing in effectiveness\u201d as, among respondents in enterprises with a diversity program, fewer women (59 per cent) believe they are offered the same career progression opportunities as their male counterparts, 18 per cent less than last year.\n \nBy contrast, 90 per cent of their male colleagues believe women are given the same opportunities.\n \n\u201cAnalysis of the current data should prompt consideration and potential reappraisal of these programs\u2019 impact and effectiveness. Respondents do not believe their organisations prioritise increasing the number of women in cybersecurity roles or advancing them within the organisation,\u201d he added.\n \nClear benefits\nThe benefits of diversity in businesses as a whole are clear. For exampleMcKinseysays ethnically diverse businesses are 35 per cent more productive and nine per cent more profitable. It also found that companies in the top quartile for gender diversity are 15 per cent more likely to have financial returns above national industry medians; whileMorgan Stanleysays gender diversity focused businesses enjoy higher productivity, better decision making and higher employee satisfaction.\nThere are also cyber specific advantages to a diverse workforce; including different approaches to problems, greater resilience and better decision making.\n \n\u201cMore urgency and awareness needs to exist within management teams and organisational cultures today to build a level-playing field for women in cybersecurity,\u201d wrote Mailguard CEO Craig McDonald last week.\n \n\u201cWhile this is true for the entire business, I think it\u2019s important for infosec teams, in particular, to be diverse. This is mainly due to the increasing ambiguity around the nature of contemporary cyber threats. Cybercrime in itself is diverse now and rapidly evolving,\u201d McDonald added.