em360tech image

Critical national infrastructure (CNI) firms are facing a lack of diverse cyber security talent, with a disproportionate amount of women afraid their jobs may be on the line compared to men.

According to new research by leading cyber security services firm Bridewell, almost two-thirds (63%) of female security leaders across the UK’s critical national infrastructure (CNI) have feared losing their job due to a cyber attack within the past month alone*, compared to only 38% of their male counterparts. 

In addition, almost a third (32%) of women say they are likely to leave their current cyber security role in the next 12 months due to experiencing stress and burnout which is impacting their personal life, amidst increasing cyber threats against critical infrastructure.  

“Whilst we have seen an increase in the number of women in CNI security roles in recent years, they are still underrepresented in the industry. Efforts are being made to increase the support these women receive, however there remains scope for improvement,” said Grace Perry, Client Lead and Content Lead of the Bridewell Women’s Network. “CNI organisations must recognise how their working patterns, performance benchmarks and career development paths may bias towards men, leaving female professionals without the necessary support to thrive in their roles.”

The trend threatens to worsen the existing cyber security skills gap within CNI, which has widened by 64% in a year. Over a third (36%) of the CNI organisations surveyed by Bridewell, spanning transport and aviation, finance, utilities, government, and communications sectors, now admit they do not have the right skills in place to secure their IT infrastructure, compared to only 22% in 2022. Almost half (42%) of companies also lack skills to safeguard their operational technology (OT), heightening cyber risk to critical physical processes like power plants, water treatment, and transportation systems.

Bridewell’s findings coincide with the release of a government report revealing only 17% of the UK cyber workforce are female – a lower proportion than for all other digital sectors and a slight decrease on last year’s figures. Women also remain significantly underrepresented in senior cyber roles, occupying just 14% of these positions. The persistent gender disparity raises further concerns about burnout and a lack of sufficient professional support systems for women in the industry.  

However, there is hope on the horizon as CNI organisations proactively seek diverse cyber talent with transferable skillsets. Bridewell found that almost half (40%) are encouraging informal networking among minority groups and introducing flexible working schemes, aiming to nurture cyber diversity through stronger connections and improved work-life balance opportunities. Over a third (38%) also combat gender bias by ensuring all job descriptions are written in neutral language.

Emma Leith, Director of Consulting at Bridewell, adds: “Failing to fix the cyber security diversity problem will further widen the skills gap, escalating the risk to UK critical infrastructure. CNI organisations must now take bold action to bridge the gap and embrace more diverse experiences and perspectives. This calls for a resolute, long-lasting commitment to breaking down traditional barriers and promoting organic culture change, driven by passionate individuals from the top down. Diversity, equality and inclusion (DE&I) must be at the core of their cyber strategies, with a focus on recruiting and retaining women and other underrepresented groups.”

----

This figure was calculated based on the relative percentage increase between the two results: 63-38=25. 25/38x100= 66%.

About Bridewell

Bridewell is a cyber security services company providing global, 24x7 managed detection and response services and cyber security consultancy.

With extensive experience in delivering large-scale transformational projects in highly regulated environments, Bridewell enables organisations to drive strategic change securely, providing a full breadth of end-to-end cyber security services. Its expert team comprises a diverse range of highly skilled consultants, supported by industry leading technology, deep technical expertise, accredited methodologies and a client-centric business driven approach.

Bridewell delivers a vast number of services across critical national infrastructure, aviation, financial services, government and oil and gas. The company holds a number of industry accreditations including NCSC, CREST, ASSURE, IASME Consortium, SOC2, Cyber Essentials Plus, ISO27001, ISO9001 and are PCI DSS QSA Company.