Study reveals gender gaps in cyber security perceptions

Research by e2e-assure highlights gender differences in how cybersecurity is perceived and engaged within organisations.

The survey, involving over 1,000 employees from industries such as Healthcare, Manufacturing, Professional Services, and Financial Services, indicates that women are more inclined than men to view cybersecurity as a shared organisational responsibility. Half of the women surveyed expressed this view, compared to 30% of the men.

The study aligns with broader industry concerns, with 81% of organisations worried about new technologies like AI and their potential cyber threats. The situation appears pressing as 90% of cyber risk owners report having encountered cyber attacks, up from 75% the previous year. Furthermore, almost all businesses (73%) attribute cyber breaches to insufficient employee diligence.

Despite these concerns, a noticeable gap exists between business perceptions and employee engagement in cybersecurity training. While 84% of cyber risk owners believe their employees are engaged in training, 68% of women reported being somewhat engaged. The male response was similar, with 69% indicating only partial or no engagement.

This engagement gap is significant given that 88% of workers admitted to experiencing a cyber attack. Additionally, 28% of women felt unclear about the consequences of a security breach compared to 16% of men, highlighting potential knowledge gaps.

Further complicating matters, although 29% of cyber risk owners feel confident in their AI policies, only 27% of men and 21% of women are aware of these policies, suggesting a need for improved communication and policy awareness among employees.

The study notes gender differences in the consequences following a breach. 30% of women reported receiving training and facing potential disciplinary action after a breach, slightly lower than the 35% of men. The data suggests that men view cybersecurity as a personal responsibility more often than women, which might influence their approach to security challenges.

Rob Demain, CEO of e2e-assure, commented, "Cyber security in 2025 and beyond is not just an IT issue, it's a business-wide responsibility. Our research reveals that while men and women recognise the importance of security, businesses are missing a crucial opportunity to drive forward cyber resilience, as they feel disconnected to training provided."

"This means men are less likely to recognise the importance of their cyber security practices for the rest of the organisation. And while women view it as a collective responsibility, they're uncertain about the consequences due to lack of training effectiveness."

Demain emphasised the need for a proactive approach, aligning cyber resilience strategies with employee needs. "To ensure cyber resilience, businesses must take a more proactive approach, aligning it with employee needs," he said.

Four key recommendations were highlighted for improving cybersecurity engagement and resilience: tailoring training to engage employees, creating a security awareness culture, utilising automation to reduce human error, and ensuring the right provider is in place.