The demand for cyber security talent has grown exponentially in recent times; a response to the digital acceleration seen in recent years, and the need for businesses to adopt Cloud-based solutions with the rise of the new era of remote working. The Department for Digital, Culture, Media and Sport (DDCMS) Cyber Security Recruitment Report (March 2021) found that the pool of cyber security professionals would need to grow by 17,500 professionals per year to meet demand. Along with the overall shortage of talent, an integral issue facing the cyber security recruitment pool is diversity.
Another 2021 report covering cyber security skills in the UK labour market found that only:
- 17% of the workforce were from ethnic minorities
- 16% were women
- 10% were neurodivergent
- 9% were physically disabled
The percentages of these groups in senior roles were also low. In an article in the ISACA Journal (2021), it’s reported that this is not just an issue in the UK, but disparity among women, minorities and neurodiversity is a concern for the workforce globally.
Some reports have given varying statistics (see the NCSC and KPMG 2021 report), but whatever the numbers, there is an undeniable issue here: the cyber security workforce lacks diversity. The question is, why?
Women in tech have always been in the minority, but the numbers for cyber security are lower than across other digital sectors. Take-up of cyber security courses by females remains low. Qualitative research found that women had skewed perceptions of what a career in cyber security entailed.
In general, there were several reasons that reports suggest could explain the diversity issue in the industry in general:
- Recruitment processes, e.g.
- Lack of specific activities by organisations to actively encourage applications from diverse groups
- Lack of education for hiring managers on unconscious bias, writing unbiased job profiles and tools such as blind recruitment
- Senior role recruitment relying on personal networks and referrals
- Unsuitable working environments
- Inaccessible training
Along with diversity, the issue of inclusion inevitably raises concern. In the Decrypting Diversity report, 22% of respondents experienced discrimination in the workplace. The survey found that 70% felt they could be themselves in the workplace, which had not worsened since the year before.
“Diversity is being invited to the party. Inclusion is being asked to dance”- Vernā Myers
In fact, with Black African, Caribbean, and Black British professionals, this number had improved from 41% (2020) to 60% (2021).
Overcoming the Issues
So how do organisations overcome these issues? There have been several recommendations so far, some of which have already been actioned:
- The Government could help facilitate relationships between training providers, autism charities and employers
- Organisations should use blind recruitment processes and transparent promotion processes at senior levels, with advice from the government
- The Government should help institutions educate students, especially females, on what a career in cyber security involves
- Improve and increase further education courses and apprenticeships, with increased links to charities, trying to improve overall accessibility
- Monitor female take-up of Cyber Security courses closely
- Organisations should take an active role in leading diversity and inclusion
- Organisations should publicise success stories.
On the 8th March 2022, the UK Cyber Security Council and Women in Cybersecurity UK hosted the Celebrating Women in Cyber Security and Breaking Down Barriers conference. It was recommended that there should be strong support for women wanting to enter the profession, and continued support in the workplace, including supporting women to reach leadership positions. It was also suggested that there should be better networking within the cyber security community, diversity and inclusion should be part of an organisation’s every activity, and organisations need to be allies to women.
The Cybersecurity Workplace Diversity Article reports that to increase the representation of women and minorities in STEM programmes, they should be engaged through early intervention programmes.
An Optimistic Future
The UK government has already put in place the CyberFirst initiative – introducing 10-17 year olds to tech and Cyber Security through educational institutions, summer courses, bursaries for students in IT and paid Cyber Security Training. It also tries to encourage female engagement in Cyber Security from a young age, through the CyberFirst girls’ competition, in which 43,000 pupils had participated as of last year.
The view for the future of diversity and inclusion in the Cyber Security workforce is optimistic. With government programmes and the increase in digital employment improving accessibility of training, the next few years should see a broadening of the talent pool. Continued investigation and monitoring are paramount for the industry. Governments and organisations will need to continue to adapt to create a workforce that is representative, inclusive and can meet the demand of the $200 billion cyber security market.