Cybercrime and gender equality: Women comprise a surprisingly large share of cybercriminals

As we mark International Women’s Day (IWD), expect to see plenty of cybersecurity commentary around the ongoing struggle to improve gender equality in the sector. Yet few of us consider how many women choose instead to participate in the underground economy. A new report sheds light on the subject. It finds that at least 30% of users on cybercrime forums are women — which is larger than both the share of cybersecurity pros that are women and the percentage of the prison population that is female.

Insight like this is important. It should spur the industry even harder to recruit more women into cyber. And it should serve as a warning to both police and security professionals because gender bias can undermine investigations.

AI lifts the lid on gender demographics

The report authors used two AI tools to infer the gender of a random group of 50 users on popular underground sites, the Russian-language XSS and English-language Hackforums. Gender Analyzer V5 uses machine learning algorithms to determine gender from written text. And Semrush is a marketing tool that tries to determine the demographics of web users by crunching large datasets from social media and other third-party sources.

They found the following:

• The share of female users on XSS was either 30% (Gender Analyzer V5) or 41% (Semrush)
• The share of female users on Hackforums was either 36% (Gender Analyzer V5) or 40% (Semrush)

While it’s impossible to say for sure how accurate these findings are, the researchers did use a control group of 10 users on the sites who revealed their gender profiles, and they found the text analyzer to be 82.4% accurate.

If we take the findings at face value, the share of cybercriminals who are women outstrips that of those working in cybersecurity — which at the most recent estimate stood at 24% globally, rising to 30% of female security pros under 30. Although the total number of women working in cyber will no doubt exceed the volume of female cybercriminals, the findings offer food for thought.

Why so many?

Why is participation nominally so high? It’s not necessarily that cybercrime is a more egalitarian industry to work in — more that gender doesn’t often come into discussions because threat actors interact anonymously. That, of course, puts a greater focus on skills and experience. The report also suggests that women are actively sought for specific roles like drugs and money mules, call center work, and social engineering scams where voice and images are needed — like romance fraud.

The latter is a fast-growing industry which made nearly $1 billion in 2021, more than any other cybercrime type bar investment fraud and business email compromise, according to the FBI. And call centers are a critical part of modern cybercrime operations, whether it’s a customer service line dealing with victims of fellow threat actors or a contact center supporting a vishing or fraud operation.

The report also suggests that as participation in STEM jobs by women has increased, there may be more science and technology professionals looking to supplement their incomes on the cybercrime underground. That may be true, although it’s just a theory at present.

Takeaways for the cyber sector

While we can’t infer too much from a single, limited survey, the surprisingly high level of female participation in cybercrime is slightly concerning. It’s far greater than the 4% to 8% of the prison population in Russia, the U.S., and England that are women, for example. If this is the start of an upward curve, there could be trouble ahead.

So, what to do? Without being too reductive, the industry needs to get more women into cybersecurity roles. There are many reasons for doing so. But apart from anything else, greater diversity of thought is proven to lead to better outcomes. This makes even more sense when tracking diverse sets of criminals. The same is arguably as true for increasing the number of neurodiverse security practitioners.

Second, the findings highlight gender bias as a more obvious handicap when conducting investigations. A big part of cybersecurity and cybercrime-fighting is about trying to think like a threat actor. If you imagine them to be a man, it may bring with it certain unhelpful assumptions about the way they think and act that could derail investigations.

The report is certainly not a conclusive snapshot of what is a vast and diverse underground economy. But it’s a useful marker. The more research like this we have, the better we’ll understand our adversaries, their motivations, and their capabilities. In the meantime, as the report suggests, let’s start by using “they” when referring to a threat actor.