Despite the surge in costly cyberattacks that cripple services and drain millions, the world still overlooks a key ally in the digital battlefield: the untapped potential of women in cybersecurity.

Datuk Raja Nushirwan Zainal Abidin, National Security Council director-general, said that as of 2022, women held only 25% of cybersecurity jobs globally, an increase from 20% in 2019 and around 10% in 2013.

“This is a situation akin to having only half of an army in this critical battle,” he said at the Women in Cyber 2024 (WiC 2024) conference held in Putrajaya.

“This figure is predicted to reach only 30% by 2025 and 35% by 2031. While there is growth, women are undoubtedly underrepresented in the industry.

“To address this underrepresentation, you must first recognise the systemic barriers that contribute to this disparity,” he says, advocating for the promotion of STEM (science, technology, engineering and mathematics) to girls from a young age.

Raja Nushirwan went on to say that women played a pivotal role in creating the Cyber Security Bill 2024, which was passed unanimously on April 3. He credited them as the leading minds in drafting and shaping the Bill’s provisions.

The goal of the Bill is to bolster national cybersecurity through compliance with specific measures, standards, and processes for managing cybersecurity threats.

This is due to data breaches spiking both nationally and globally, posing significant challenges to people and organisations. An IBM report reveals that these breaches exacted a heavy toll on companies worldwide, costing an average of US$4.45mil (RM21.2mil) in 2023.

Embracing equity

Women, Family and Community Development Deputy Minister Datuk Seri Dr Noraini Ahmad highlighted in her keynote speech that women’s voices bring valuable insights to dialogues in cybersecurity.

“The cybersecurity industry faces gender disparity, which robs us of the significant contributions that women can make. Hence, we must recognise that diversity enhances resilience. We require different perspectives to effectively address the challenges of cybersecurity.

“To advance gender equality, we must implement concrete measures to foster inclusivity within the cybersecurity sector,” she said at WiC 2024, which was organised by the National Cyber Security Agency (Nacsa).

The conference, which attracted around 400 cybersecurity stakeholders, featured panel discussions and workshops focusing on female advancement in cybersecurity and creating a more inclusive environment.

Noraini stressed the importance of proactive measures to recruit women into cybersecurity, pointing to the higher female enrolment in universities as an opportunity to draw them into the industry.

“We can do so by investing in targeted recruitment initiatives, scholarships, and mentorship programmes to attract and retain women in the field.

“Also, we must acknowledge that many women are leaving their jobs because of family responsibilities, especially between the ages of 30 and 39.

“To combat this issue, we must implement family-friendly policies and flexible work arrangements that accommodate the diverse needs of working mothers.

“This includes initiatives such as remote work options, subsidised childcare and extended parental leave.

“By offering women the support necessary to balance their professional and personal lives, we can reduce talent loss from the cybersecurity workforce,” she says.

Meanwhile, Lata Bavisi, president of the EC-Council University, said female inclusivity in the cybersecurity sector should not just be about ticking a checkbox.

She said cyber threats transcend boundaries, nations, industries, and languages, emphasising that this will pose a major challenge without a diverse workforce.

“Think about me giving you a toolbox. I hand you a toolbox, you open the toolbox, and you find only a screwdriver. You can’t possibly use a screwdriver to do everything.

“Likewise, you need a diverse talent pool, you need to include the diverse natures of individuals,” she said, stressing that this diversity – especially the participation of women – will improve decision-making and innovation.

Bavisi also points out that women’s input is crucial in shaping cybersecurity policies. Without their input, the framework may be incomplete and may not offer the protection that they need, especially since women are also victims of cybercrime.

“Fifty-eight percent of cybercrime involves women. That can be cyberbullying or trolling. If you don’t ask the women the right questions, you won’t get the right perspective from them.

“How on Earth are you going to be able to develop a cybersecurity policy or framework that is all-encompassing? And how are you actually going to get the solutions that you require?

“When we talk about diverse perspectives, it means bringing diverse brains into conversations. Today, as we are part of organisations, whether public or private, our say should matter,” she said.