Why cybersecurity needs more women at the decision table

Nigeria’s digital economy is growing at a pace that would have seemed implausible a decade ago. Mobile money platforms now serve tens of millions. Fintechs process billions of naira daily.

Government systems, healthcare records, and critical infrastructure are migrating online with a speed that often outpaces the regulatory and security frameworks meant to protect them. And yet, as the country becomes increasingly reliant on digital systems, the people responsible for defending those systems remain a remarkably narrow group. The talent gap in cybersecurity is well-documented globally. What receives far less attention is the gender gap sitting quietly within it.

Read Also: Cybersecurity as the new currency of economic power

Globally, cybercrime is projected to cost economies over $10.5 trillion annually. That number is not a forecast for some distant future; it is the trajectory we are already on.

Ransomware is crippling financial institutions. Phishing attacks are hollowing out retail organisations. Energy and oil sectors are increasingly compromised through supply chain vulnerabilities that exploit the interconnected nature of modern infrastructure. Logistics networks, once considered peripheral targets, now find themselves exposed through third-party systems they scarcely control. These are not technical failures in isolation. They are systemic risks with consequences that ripple outward into employment, consumer trust, and national economic stability.

The conventional response to this crisis has been to train more engineers, build more firewalls, and deploy more artificial intelligence. What that response conspicuously omits is the question of who is making the decisions.

Cybersecurity has long presented itself as a purely technical discipline, a domain of code and protocols where human judgement is simply the mechanism for applying technical solutions. That framing is increasingly untenable. Cyber risk today is a business problem, a governance problem, and, at its core, a human problem. The decisions that matter most are not about which algorithm to run but about how to weigh operational disruption against financial exposure, how to communicate risk to a board that may not speak fluent technology, and how to balance regulatory compliance with the realities of organisational capacity.

Women make up less than a quarter of the global cybersecurity workforce. At the leadership level, the proportion is smaller still. This is not simply a diversity statistic to be acknowledged and filed away. It represents a structural narrowing of perspective at precisely the moment when cybersecurity demands the broadest possible range of thinking. When the people around a risk-management table share similar professional formation, similar institutional experiences, and similar cognitive frameworks, the blind spots they share become the vulnerabilities their organisations cannot see.

The argument for diversity in cybersecurity leadership is sometimes framed in aspirational terms, as though inclusion were a kindness extended to under-represented groups rather than a strategic imperative. That framing obscures what the evidence actually shows.

Organisations that integrate diverse perspectives are demonstrably better positioned to anticipate emerging threats, strengthen governance structures, and build systems resilient enough to absorb shocks. This is not because diversity is inherently virtuous, though it may be, but because the nature of modern risk demands it.

Cyber threats are not uniform. They exploit social engineering, human behaviour, and the specific cultural and institutional contexts of their targets. Defending against them requires decision-makers who understand that breadth.

Women in cybersecurity, particularly those who have reached senior roles, bring something beyond technical competence. They bring the experience of having operated in environments where credibility is tested early and often, where influence must be built deliberately rather than assumed. That experience tends to produce leaders who are attentive to stakeholder dynamics, alive to the long-term consequences of short-term decisions, and skilled at translating complex technical risk into language that resonates with boards and regulators. These are not soft skills in the dismissive sense the term is sometimes used. They are precisely the capabilities that determine whether a cybersecurity function is genuinely integrated into organisational strategy or merely consulted after decisions have already been made.

There is also the question of the talent pipeline.

Visibility matters in ways that can feel abstract until you consider how professional ambition is actually shaped. When young women in Nigeria, or anywhere else, cannot readily identify women in senior cybersecurity roles, the implicit message is that this is not a space designed for them. The consequences compound over time: fewer women entering the field, fewer progressing to senior roles and fewer yet in positions where they can demonstrate what inclusive leadership looks like. Representation at the leadership level is not merely symbolic. It is one of the primary mechanisms through which talent pipelines are built or constricted.

Artificial intelligence is accelerating the evolution of both cyber threats and the defences designed to counter them. Automated attacks are becoming faster, more sophisticated, and more targeted. AI-powered tools can now identify vulnerabilities at scale, craft convincing phishing attempts tailored to specific individuals, and probe for weaknesses across vast networks simultaneously. The technology to detect and respond to these threats is advancing alongside them. But technology, however sophisticated, cannot fully account for context. It cannot weigh the societal implications of a breach that exposes the health records of millions, or the human cost of financial fraud that strips people of savings they cannot replace.

These judgements require human intelligence, and human intelligence is best served by the widest possible diversity of thought.

The cybersecurity profession is at an inflection point. The threats are growing more severe. The stakes are higher. The complexity of the decisions involved is increasing. None of this is an argument for narrowing the pool of people making those decisions. It is an argument, urgent and evidence-based, for expanding it.

Getting more women into cybersecurity leadership is not a gesture towards fairness; it is a practical response to the demands of the moment. The question is not whether the industry can afford to do it. In a world of accelerating digital risk, the question is whether it can afford not to.

Olufunke Tonye-Preghafi, Chief Financial Officer (CFO), Quomodo Systems Africa