“Women in Cybersecurity Law: Undermining Prejudices,” United States Cybersecurity Magazine
Beth Shirley, CIPP/US, co-chair of Burr & Forman’s Cybersecurity and Data Privacy Team, authored an article for the Fall 2022 issue of United States Cybersecurity Magazine discussing the underrepresentation of women in cybersecurity law, biases that contribute to fewer women entering the field and how cybersecurity law is uniquely suited to evade those biases related to women’s natural abilities.
“Girls and women too often avoid pursuing studies and careers in fields based in math and science, such as information technology, cybersecurity and, in the context of law, cybersecurity law,” Shirley said. “Indeed, there is (and was) a misperception and deeply rooted prejudice that girls and women are, by nature, not good at math and science. These views, created by society and internalized by girls and women from young ages, result in women’s disproportionately low representation in fields based in math and science – such as cybersecurity. However, the emerging field of cybersecurity law is positioned to escape this trend.”
Women in North America make up approximately 14% of the cybersecurity workforce and, 2021, 37% of the legal profession, which would indicate that women or likely more underrepresented in the specific field of cybersecurity law. For her own part, Shirley believed her strengths were not in math and science (informed partly by her teachers’ encouragement) and ultimately majored in English, minored in Spanish, obtained a Master’s in English and started an English Ph.D. program before deciding to enter law school. Despite her non-technical, non-STEM background, she ultimately ended up with a successful cybersecurity practice at Burr & Forman.
“Cybersecurity law is uniquely suited to evade biases regarding women’s natural abilities and, therefore, about women generally,” said Shirley. “A significant part of cybersecurity law is responding to data events that may constitute legally defined data breaches. When a potential data breach occurs, time is of the essence. Clients must rely on who is best qualified to assist in that field – regardless of any specific identifying characteristics of a cybersecurity attorney.”
Cybersecurity is a unique area of law that requires specialized knowledge and legal representation, and the company’s long-standing, general practitioner attorney will not be able to properly address a potential data breach. As such, the company should – and must for the best result – work with the best qualified and experienced attorney, regardless of gender or any other racial, ethnic, or personal identifying characteristics. Moreover, communications in cybersecurity law generally are through phone, email or text – not in-person due to the immediate need for response. This means the particular physical characteristics of the cybersecurity attorney are not readily identifiable, which limits the client’s ability to form the same degree of inherent biases that are associated with seeing people in person.
Shirley also noted that the time-sensitive demands and pressures for counseling a client through a cybersecurity issue does not discriminate. “The responding attorney can make the time, during a drive to pick up a child from sports practice, in the middle of making dinner, and in many other non-ideal locations and circumstances,” she explained. “As long as there is an opportunity for preservation of confidentiality, there is an opportunity to assist and advise on an emergency basis.”
Shirley concluded the article to say that Results Matter. “When female attorneys successfully manage cybersecurity matters, the client – regardless of implicit or overt prejudices concerning women – must be pleased,” she said. “Even if a particular contact point with the client may have prejudices that cannot be overcome, there are many representatives of an organization who are involved in evaluating the management of a data incident, either directly or indirectly. Where a job is well done, the result is undeniable. These positive reactions can contribute to changing any existing biases against women, their strengths, and their capabilities.”
The full article is available with a free online subscription to U.S. Cybersecurity Magazine here.