Blog

New Report by U.K. NCSC Highlights the Impact of Diversity on the Cybersecurity Workforce

Feb 18, 2022

New Report Cybersecurity is one of many industries lacking diverse perspectives and backgrounds, which are essential for combating the ever-evolving threat landscape. (ISC)² estimates that the Cybersecurity Workforce Gap as of 2021 stands at 2.72 million professionals globally, but women make up roughly 25% of the cybersecurity industry, compared to at least 40% of the global workforce. This imbalance and lack of diversity in the sector was highlighted in the recent report In Their Own Words: Women and People of Color Detail Experiences Working in Cybersecurity .

This disparity is also recognized by the U.K.’s National Cyber Security Centre (NCSC), which recently released its 2021 NCSC Diversity Report . Showing that although the U.K. cybersecurity industry is making strides to close the diversity gap, there is a long way to go.

“There are some areas to be proud of: in terms of who we are, more than a quarter of respondents identify as having a disability. But we are still evidently a very male profession, with disproportionately male senior leadership,” said Lindy Cameron, CEO of the NCSC.

There are countless benefits to increasing diversity in the cybersecurity industry. Arguably the most imperative to addressing the current threat landscape is the positive impact that different backgrounds, experiences and perspectives can bring to bear on an organization’s ability to fight cybercrime.

While many organizations, at least in theory, understand that highly diverse teams can directly contribute to greater success and prosperity — meaningful progress to deliver greater and more equitable diversity in the cybersecurity profession has been slow.

To improve the situation, diversity, equity and inclusion (DEI) must be embraced throughout the industry and embedded in each organization’s wider mission. The NCSC study details seven actions industry leaders can take to become more amenable to diversity:

  • Take an active role in diversity and inclusion leadership
  • Create and benefit from a more distributed workforce
  • Use data to understand and track representation and respond accordingly
  • Create a cyber-DEI talent toolkit
  • Publicize the success stories
  • Learn from DEI best practice
  • Map out roles and skills within the industry

People want to work in a comfortable environment, one where they can be themselves. If you are surrounded by people who don’t understand you or where very few even look like you, you are less likely to pursue that opportunity. The key to attracting diversity is to openly recruit it and encourage a wide variety of players to enter the ring.

(ISC)² recently launched a pilot program exam for its upcoming entry-level cybersecurity certification , which will enable candidates from all backgrounds, even without IT experience, to demonstrate abilities that could make them a great fit for an entry- or junior-level cybersecurity role.

Imperative to recruiting diversity is doing so not only at the entry- and mid-levels but at the C-suite and executive levels as well. Throughout the industry these positions are still held by largely the same demographic of white, heterosexual males. In order to be a diverse workplace and reap the benefits that diversity and change bring, it must be prevalent at all levels of the organization.

Bad actors are diverse and creative. Understanding the adversary is key to getting ahead and even catching up with the ever-evolving state of cybersecurity and the threats we face. Without diversity, this isn’t possible.

Driving change must be an industry wide effort. The creation of the UK Cyber Security Council is another step in the U.K. towards pushing this forward. The Council will take a cross-industry role in promoting the benefits of DEI and keeping it at the top of the industry’s agenda. It’s time to act.

There will be an opportunity to explore these topics at (ISC)² SECURE Summit – London  on April 7, 2022. The one-day event features a panel discussion on Cyber Resiliency and the Power of a Diverse Cyber Ecosystem. A group of cyber experts from different parts of the ecosystem (government, academia and industry) will come together to discuss how we address the challenge of a cyber workforce gap and build a diverse and inclusive cyber workforce.

To find more actionable content that can guide you and your organization along the DEI journey, please visit the (ISC)² DEI Resource Center at www.isc2.org/DEI