A year on from the launch of the Decrypting Diversity 2020 report we are already looking forward to the findings from this year’s 2021 survey. A continued focus on diversity and inclusion (D&I) in the UK cyber security industry is vital to achieving improvements. But what does this mean for the CISOs and security managers and their already full agenda? What can we do now, both within and outside of our organisations, and how can we help to reinforce the importance of D&I within security?
The 2020 report
The Decrypting Diversity 2020 is the first in a series of annual reviews and is a joint report published by the National Cyber Security Centre (NCSC) and KPMG UK.
The report points to the role the planned ‘UK Cyber Security Council’ could play in promoting success stories and calls to industry leaders and the Department for Digital, Culture, Media and Sport (DCMS) to provide D&I leadership.
The 2021 diversity and inclusion survey was launched in May this year and will be combined with the 2020 survey results to provide benchmark data to measure performance in the future, and to inform a series of joint initiatives between the NCSC and industry to to support diversity and inclusion in the cyber security sector.
Despite the recent challenges we have faced worldwide, we are hopeful; not because the 2020 findings point to an opportunity for improvement, but because the report itself signals the intent and commitment in the industry.
What do security leaders need to support?
The report frames diversity as the representation of different personal characteristics within a demographic; inclusion is indicated by feeling confident to be yourself.
It nods to growth in our understanding; alongside the representation of race, ethnicity, religion, gender, age, disabilities and sexual orientation, the importance of equal treatment, fairness and inclusion in the workplace is emphasised. Broader characteristics are being considered, such as background, socio-economic status, experiences, personalities and neurodiversity, with an understanding that not all challenges and requirements are equal.
Why is diversity and inclusion important for security?
The economic benefits of D&I are widely reported, and the moral, human and legal considerations are indisputable. The opportunity for security leaders is to reinforce and promote D&I by talking about it in relation to the benefits for security:
1. Addressing the industry skills shortage
The UK has a cyber security skills shortage. The need for experienced and qualified security professionals is growing alongside security requirements. The DCMS found that over 650,000 UK businesses have a basic cyber security skills gap, and cyber businesses found that over recent years, a third of vacancies were hard to fill.
Focusing on diverse talent provides an opportunity to widen our talent pool, particularly in attracting new talent into the sector. Diverse and inclusive work models, including part-time, flexible working patterns and geographical flexibility, will enable wider groups to participate.
Inclusion is also critical. At the ground level, security leaders must support the right work cultures to retain diverse talent and keep skilled professionals once hired.
2. Building effective security functions
Diversity is considered an attribute of high-performance teams, however, realising the benefits relies on inclusion, where individuals feel valued, accepted and supported to be themselves. Inclusive and psychologically safe work environments encourage individuals to share ideas, speak out, challenge and make full and effective contributions.
In the multidisciplinary field of security, different perspectives can encourage innovation and the critical assessment of security threats and risks, as well as bringing insight and understanding to build more effective security awareness strategies and cultures.
3. Balancing technology
The application and extent of artificial intelligence (AI) and machine learning for security are still relatively new, but they are likely to grow both in terms of defensive technologies and its use in cyber-attacks.
As the use of AI and machine learning increases, the underlying data and algorithms must reflect a diverse input. This will help to reduce bias and provide an advantage in anticipating evolving threats.
What can security leaders do to help within their role?
At a basic level, there must be a continued emphasis on recruitment strategies that support diversity. Work is already underway in many organisations to attract and recruit diverse talent, as well as considering broader talent pools. However, these efforts will be wasted if more is not done to:
• Action inclusion strategies - a diverse organisation does not just recruit diverse talent, it includes and retains it. Critically assess your ways of working (including flexible and agile working policies), your employee engagement models (engagement surveys, formal and informal networking, town halls, social media messaging and social events), your support structures (mentoring and sponsorship), and your personal biases and assumptions.
• Address the wrong behaviours - lead from the top and challenge bias. Be willing to have open, even difficult conversations. Ensure effective reporting mechanisms are in place and individuals feel able to report discriminatory behaviours and practices.
The issues are complex and there is work to be done. Progress within our industry (and more generally) will rely on education, understanding and a continued commitment to take action.
Taking part in the 2021 survey
If you are a cyber security professional or study in cyber security, please share your views by completing the survey.
You can also help by arranging for this survey to be distributed to the relevant people within your company.
To discuss anything that is covered in this blog, please provide your details below and we will get right back to you: