BLOG: Why Cybersecurity Needs Diversity & Inclusion

Instinctively, as a society, we are aware that diversity and inclusion matters. It offers valuable returns by encouraging and fostering innovation, whilst creating a more comfortable and content culture for employees, and offering financial rewards. Diversity and inclusion enables a rich pool of talent with a unique approach to solving cybersecurity problems.

Diverse companies are more likely to have higher profitability. Within the US the most common ethnicity of Cyber Security Analysts is White (72.6%), then Hispanic or Latino (9.1%), and Black or African American (8.0%). Cybersecurity draws from a diverse set of people from different fields, industries, geographies, and ethnicities. Having a diverse team from different areas of life and with different experiences is something that will be shown through accomplishing customer needs.

Principal Advisor at Gartner Zaira Pirzada believes that less diverse interview panels contribute to the lack of diversity in the cybersecurity sector. Employing more diverse applicants may not solve the problem entirely, but interviewers must be as diverse as possible.

Many organizations are already committing to creating a more diverse work environment through employing more women and those from ethnic minority backgrounds to bridge the gap on these panels. This contributes to progress, however, a lack of diversity in the cybersecurity industry-wide persists.

Threat actors derive from all different environments, understanding how they carry out their attacks extends beyond just knowing how to defend against vulnerabilities, it is also combined with understanding their psychology, patterns, and behaviors.

This is one of the reasons that organizations should aim to have their teams be as diverse as possible as this drive creative thinking and innovation and combat their hostile efforts. A cybersecurity team embodying individuals with varying experiences offers a fresh outlook and perspective. And our collective differences make us smarter, by fusing our cumulative knowledge when tackling security challenges.

The diversity of our team better positions us to think like the attackers. It can improve how we consider how attackers look at their opportunities, and how we contemplate their various assumptions. It can give us a clearer ability to envision approaches attackers are utilizing, while also predicting their behavior patterns. Diversity is powerful in how it helps us develop solutions to adequately defend against attacks.

Part of a diverse team’s composition is their educational and experiential paths into cybersecurity. Not all cybersecurity professionals’ routes into the field are the same. ISC survey found that while minority representation within the cybersecurity field (26%) is slightly higher than the overall U.S. minority workforce (21%), their study revealed that racial and ethnic minorities tend to hold non-managerial positions and pay discrepancies, especially for minority women.

In the UK, Respondents from ethnic minority backgrounds marginally increased from 2020 to 15% from 13% last year. This is broadly similar to the UK as a whole. The proportion of Black professionals is similar to last year, whilst respondents of Indian origin make up 6% of total respondents this year, compared to 1% of the total in 2020

In the US, the cybersecurity workforce is more than 879,000, but it still faces a shortage of more than 359,000 professionals, according to (ISC)². The U.S. Census states that only 60% of Americans consider themselves white, so as theorised, to represent other racial groups rightfully, 40% of open positions should be filled with a more diverse staff. 

Less representation in leadership, with lower average salaries and rarer raises, create an abundance of obstacles for ethnic minorities that are either pursuing a career in cybersecurity or would like to. An effective method of retaining and elevating diversity is creating opportunities for mentorship and training programs. The purpose of these programs is to support professional development and career advancement are effective in retaining and elevating diversity in cybersecurity staff. (ISC)² and ICMCP found that almost two-thirds of ethnic minorities considered training programs very important to help them thrive in their organization, and the study concluded that helping them move up to leadership helps push diversity along. 

Diversity becomes an even bigger priority where discrimination in the workplace is concerned, and this is something that no organization should allow and accept. There is a substantial economic cost associated with discrimination in the workplace, which is estimated to be £127bn per annum. Over 1 in 5 UK cybersecurity employees (22%) say they experienced discrimination in 2021. This has unfortunately been shown to be an increase from 2020 when the figure previously was 1 in 6 (16%), there is an evident challenge for the cybersecurity industry, and more needs to be done to prevent this increase from becoming a trend.

Diversity is more than covering all areas. Companies should set up internal initiatives and recruitment tactics to have a wide outreach to create a diverse team and environment, alongside this they should ensure they are creating an environment and culture that everyone has a prominent voice in.