Skip to content

Search the site

Just 8 of the FTSE 100's CISOs are women. Boards need to step up.

Boards must do more

Analysis by The Stack shows among the FTSE 100 companies with CISOs we could identify, just eight were women. On International Womens' Day 2022, despite nearly 40% of positions on boards at FTSE 100 level now being held by women (per the FTSE Women Leaders Review), the figures emphasise anew how much work remains to be done by boards and policy makers to promote more women into senior cybersecurity positions.

The outliers are powerful role models and some of the industry's most respected professionals. Avast's Jaya Baloo, Unilever's Kirsten Davies, BAE's Mary Haigh, BAT's Dawn-Marie Hutchinson, Lloyds' Sharon Barber, Flutter's Jan Langham, M&G's Lindsay Bateman, Vodafone's Becky Pinkard are all highly regarded by peers.

Yet the figure, which matches the equally poor 8% mark for women CEOs on the FTSE 100, re-emphasises that the improvement in board diversity has yet to result in meaningful change at the company leadership level.

> Follow The Stack on LinkedIn <

As Sharon Ginga, an encryption product director at Thales noted today: "Building an inclusive workplace culture takes effort, a conscious decision on the part of the key stakeholders, and all the decision makers, to accelerate recruitment of women across the board, and to promote them to higher positions."

For those of any gender who make it to the position, for all the stress of the CISO role it can be a hugely engaging one; particularly if the employer treats security as a priority and allocates appropriate resource and support to it.

(Ramy Houssaini, Chief Cyber and Technology Risk Officer at BNP Paribas earlier told The Stack: "My favorite part of this work is the tight-knit community and cross functional collaboration, even between competitive companies. The relationships and camaraderie really make the work fulfilling and creates lasting friendships. Another aspect I love about this career is every morning when you get up, there is something new happening...")

Those that make it to this role can and absolutely should command a premium. (Note, however, that in 2020, women in the C-suite earned 75% of what their male counterparts took home, a report by Morningstar published in February 2022 found. As Bloomberg notes, that’s the widest the gap has been in nine years.)

Neil Price, Head of CIO at recruiter Harvey Nash Group told The Stack late last year: “The marketplace for the top CISO talent today is very buoyant. The best CISOs in the market will have the choice of which role to take and will choose to join an organisation where they can make a difference, be recognised for their efforts... Organisations that wish to engage the best talent to deliver the best outcome need to describe an environment where the incoming CISO will have buy in at the highest levels, budget to succeed and freedom to deliver.”

And, of course, have an inclusive environment.

See also: 7 free cybersecurity tools CISOs should know

This, of course, is not a given, by any stretch of the imagination. As the APC -- an international network of civil society organisations founded in 1990 dedicated to supporting people working for peace, human rights, development and the environment through strategic use of ICT -- noted in a recent report [pdf] on gender equality in cybersecurity: "Interviewees described how they have had to adapt their behaviour in various ways to better ‘succeed’ in male dominated spaces, such as through gender assertiveness training.

'We have to claim our place,' said one interviewee, explaining that she always deliberately raises her hand or national flag in a [UN] meeting to ask questions, deliver a response, or make the point that she is in the room and has a voice, adding: 'Women often feel that “we need to know things 110% before [we feel] are really an expert whereas men hesitate less to give an opinion; an observation that was supported by another interviewee..."

As Camellia Chan, CEO and Founder cybersecurity company X-PHY emphasises: "We need to empower women from a young age and encourage them to be ambitious. Seeing women in high-powered roles is excellent, and proactivity is key to ensuring they stay there. Businesses, too, have a crucial role to play.

"Hiring and recruitment practices are incredibly important and with visible female role models and leaders in the industry, we encourage women to envision a future in tech", she added today.

Footnote:  We would emphasise that not all of the FTSE 100 constituents have a CISO or CSO. In some an "all-round" IT director still appears to have responsibility for cybersecurity too. (Many "CISOs" on paper also have limited heft and boardroom time still.) We were unable to identify a CISO or equivalently responsible person for 21 members of the FTSE 100. The Stack will be writing more about this based on our research in the near future.

Like to discuss this with us, or sponsor our research on UK CISOs? Email our founder.

See: Unilever poaches Kirsten Davies from Estée Lauder as new CISO