As part of our main Security Culture Report 2017 a key discovery found that there are significant differences across the seven security culture dimensions between genders. We have put all of our findings together in a separate report – Gender, Risk and Security which you can download here.
Our research suggests that gender balance is an important risk-management strategy. We consider that an organisation, department or team with a limited balance of genders is more likely to exert biased security and risk behaviours.
Whilst men rate their knowledge and awareness of IT security, controls and behaviours much higher than women do, they regularly report a higher level of risky behaviours than women.
Digging deeper, we find that attitudes towards security matter. While women embrace organisational controls and technology, men report resistance towards regulations and technical controls, for example password management.
“Our research showed us that there is a strong gender bias that needs to be taken into account in organisational planning and cultural improvement.” Says Kai Roer, Security Culture Specialist and CEO of CLTRe.
Groups in which women are either absent or in the minority may be ones in which individuals exhibit dramatically riskier behaviours than groups with greater gender balance. Likewise, groups in which women tend to be in the majority may have a tendency towards predominantly risk-averse behavior, which may lead to reduced growth and profit.
Organisations should strive to create good gender balance in all departments and teams. Gender balance becomes increasingly important in departments and teams that focus on business-critical areas. Skewed balance in such teams are likely to influence how the team take on risk, make decisions and communicate security issues.