Diversity is a hot topic right now, and justly so. The cyber security industry is a significant employer within the UK workforce and is expected to grow at around 14% year-on-year. As the digital landscape evolves and the volume of cyber threats increases, there will be a need for a skilled labour force ready to respond to adversaries. Yet with a negative perception of the industry as male-dominated and exclusionary, attracting the best people is proving increasingly difficult.
Later this month Trident Search will be hosting our second Cyber Security Innovation Forum, a meeting of leaders from across the industry to discuss mutual challenges and opportunities for growth and development. Due to popular demand, this forum will focus on Diversity, Equity and Inclusion (DEI), with input from established thought leaders during a discussion on how as an industry and a community we can come together to level the playing field for those in marginalized groups.
But why is there so much conversation around diversity in cyber right now, and what can you do as an individual or a business to improve the situation?
Why is diversity important?
According to recent research, women make up 24% of those employed in cyber, while representation among ethnic minorities in the field is even lower at just 15%. Further studies have shown that 14% of those in cyber are disabled, and 15% neurodiverse.
Despite the obvious ethical reasons, there’s a growing body of evidence that shows a more diverse team is a more innovative team. With an ever-growing demand for cyber security experts and well-publicised skills shortages, attracting a wider range of talent into the industry has become critically important in recent years.
There’s therefore a growing recognition of the underrepresentation of certain groups within the cyber security industry. This lack of diversity not only hinders access to opportunities for individuals from marginalised communities, but also limits the industry's potential for growth and innovation. As society becomes more aware of the benefits of diversity, there’s increasing pressure on organisations to address these disparities and create more inclusive workplaces. As a result, DEI has become a significant focus of discussion and action within our community.
There are two key arguments for increasing diversity in the cyber workforce:
1. Bringing in new perspectives
Diversity is hugely important in all industries, but in cyber security it becomes vital. High-profile cyber-attacks and data breaches have highlighted the critical need for diverse perspectives in cyber security; as the hackers become more creative in their means of attack, our ways of mitigating and responding to threats must evolve. By fostering diversity, organisations can better anticipate and respond to emerging challenges by drawing on a range of different perspectives and life experiences within the cyber workforce. Policymakers, industry leaders, and the wider public are recognising the value of diversity in addressing these complex cyber security issues and are calling for more inclusive practices across the sector.
The neurodiverse are a key group that could help to overcome these challenges, including those with autism, ADHD or other neurological conditions. The way in which neurodiverse people solve problems, in ways that are often unique to their perspectives, offer different approaches that can be more effective and efficient than the standard linear stack analysis that most neurotypical people would apply to the issue. Yet 37% of cyber security employees who identify as neurodiverse say they have experience at least one barrier to working in the sector, and often face discrimination in the recruitment process due to a lack of understanding of their particular needs.
2. Addressing the skills gap:
It’s well known that the cyber security industry is suffering from a critical skills shortage. On a global scale there is a workforce gap of more than 2.72 million positions and according to the latest (ISC)² Cybersecurity Workforce Study, the global workforce needs to grow by 65% in order to effectively defend organisations’ business assets.
Since 2014, the number of organisations reporting a problematic cyber skills shortage has more than doubled, from 23% to 51%; according to the latest government research in 2022, around 697,000 businesses had a basic cyber security skills gap. The skills gap is only compounded by the lack of diversity in the workforce, as it limits the pool of potential candidates.
There are major barriers to these groups entering the cyber security industry, including social stereotypes, negative workplace cultures and a lack of awareness of available positions. We’re seeing a lot of people put off from cyber jobs due to the negative perception of the sector and a belief that they would be ostracised. Yet if doors were opened to previously marginalised groups through improved awareness outreach and systematic changes to office culture, the workforce gap could be significantly reduced.
What can you do to improve DEI in your organisation?
Diversity has been proven to pay off in very real financial terms. According to Forbes, companies with a diverse workforce are 35% more likely to experience greater financial returns than their respective non-diverse counterparts, and 70% more likely to capture more markets.
The most important step you can take as a business to create a more inclusive environment is to develop a diversity and inclusion strategy. Including your specific goals, targets and timelines, this strategy is intended to be your guide and as such should be communicated to all employees. Regular monitoring and reporting are crucial to see if you are on track with your strategy and goals are being achieved.
It should certainly include focus on one of the key places where diversity can be encouraged: recruitment. To remove bias from the hiring process, it’s important to review your recruitment and selection processes to identify and eliminate times when bias is interfering with decision making, such as using blind CV screening, training hiring managers on unconscious bias, and establishing diverse interview panels.
Fostering an inclusive culture is also important and will certainly aid retention in the long-term. If your organisation has a culture that feels welcoming and inclusive for all employees, regardless of their background or identity, they are more likely to stay. By providing diversity and inclusion training, celebrating cultural holidays and events and creating employee resource groups you can highlight to employees that their identity is important to you, and their unique voice is included in the workplace.
Companies can also provide equal opportunities for development and advancement through things like mentorship programmes and leadership training to create a more inclusive and equitable workplace.
Finally, you need to regularly assess and improve your diversity and inclusion initiatives by listening to employee feedback and understanding where the pain points are in your organisation. Ultimately, a more equitable workplace that is inclusive of different identities and backgrounds not only benefits employees but can improve business performance and help organisations to better serve their customers and communities.
Better representation of women, ethnic minorities, LGBTQ+ groups, the neurodiverse and those from different backgrounds can help the industry progress. As we enter a new age of digital threats and cyber warfare, bringing fresh ideas and new perspectives to the table can only help the sector to develop to help overcome adversaries.
We look forward to sharing more insights from leaders across the industry on how to develop a robust diversity strategy following our upcoming Forum. If you would like to join the conversation, or just want more information on the importance of DEI for your business, get in touch with our team.