This International Women’s Day, we #choosetochallenge by inviting cyber security specialist and Director of The Security Collective Claire Pales to talk about the challenges of cyber security and the importance of attracting and retaining a diversity of women in the sector.
Pales has 17 years’ experience establishing teams and award-winning security strategies throughout Asia and Australia. Her talk has helped inspire our many employees and ICT Women’s Grad Girls who were invited to hear from Pales as well.
Why we need cyber security
In the last few years, more businesses are realising the importance of protecting themselves against cyber security risks. The problem, according to Pales, is placing full responsibility on one person (Chief Security Officer – CSO) or security team.
Having as many people committed and engaged in cyber security across the company is a much better solution. Reduce the fear around cyber security conversations and encourage your board, employees and leaders to get on board employees. Unfortunately, not every business can do this as maturity levels are always different.
The difference between bad and good cyber security is your people.Claire Pales, Director of The Security Collective
The major difference between organisations that do cyber security and information security well or poorly will always come down to your people. For Pales, you can have the best tools but ultimately educated staff will be better equipped to handle threats to sensitive information or cyber risks as they come.
Ensuring cyber security is taken seriously can also have a huge impact on your business and its future viability. Pales pointed to three main areas:
- Reputation – A data breach or exposure can be devastating to your reputation. Surveys suggest that approximately 40% of customers will think twice before dealing with or giving an organisation personal data again
- Financials – Threats to your cyber security posture can impact your bottom line. Companies have had to write off millions of dollars and pay significant fines in the wake of a breach or incident.
- Talent – Companies who do not take steps to protect themselves may not be able to attract the best talent because they do not have the right practices in place to protect their work and employees
RELATED: To learn more about why and how you should hire a cybersecurity leader, make sure to check out Claire Pales’ book The Secure CIO. Pales will also be launching her second book in March 2021. Focused on helping executive leaders and Boards, her second book will look at cyber risk through a business lens. Make sure you pre-order The Secure Board now.
Why women fail to stay in cyber security jobs
Just a few years ago, only 11% of cybersecurity professionals worldwide were women. Women in cyber in the years following has risen to 24%, as reported by the ISC2. This is, Pales believes in part, due to female tech initiatives such as Go Girl, Go for IT or VIC IT’s Grad Girls, which MessageMedia is proud to be a sponsor of this year.
There are also a lot more businesses shifting their mindsets and looking to offer more opportunities to women in the field. In fact, we can learn a few lessons from countries like Israel and India, where those numbers are much higher. In Israel, many women run cyber security start-ups. In India, there has been a real push for young girls to study STEM subjects when they enter university.
The problem, however, isn’t necessarily in acquisition but retention of women in the cybersecurity workforce. While diversity in graduates is growing, the retention of those candidates as they rise up the ladder diminishes. Businesses want to see their C-suite be more diverse, but the representation in senior cyber security positions continues to dwindle. Many women leave the sector after a few years and never return.
How can we retain more female cyber security experts
- One of the key things we need to do, according to Pales, is to recognise the importance of professional development for women. Senior leaders and HR can ask women to come forward for secondments, skills or courses they would like to do. Ensure you have laid out a safe and welcoming environment to put themselves forward. Consider they may not want to move vertically, but laterally too to expand their capabilities.
- Additionally, you could reframe their potential to progress. Pales suggests encouraging organisations to post expressions of interest, rather than post a specific role. From her experience, she has seen lots more women come forward to an expression of interest as opposed to an advertised job.
- If you are looking to place women in more senior positions, consider creating 2IC positions. Candidates can then “step into leadership but not drown in new skills.” By shadowing existing senior members, they can then easily step into a temporary leadership position when someone is on leave. This can make a huge difference and help ease them into the position as they also increase their skill-set.
Final thoughts, further reading
It’s still important that you aim to find the right person for the job. While a lot of organisations are bringing more women in, you still need to decide what kind of leader you want. Avoid seeking women just to fulfil a diversity stat. Consider the women you have already hired and nurture their careers up the ranks.
For more make sure to check out: