Diversity and inclusion in cyber security workforce revealed for first time

The report provides a mixed picture, revealing that in some areas minority representation was above average for the country, but also highlighting discrimination and a lack of inclusivity across gender, sexual orientation, social mobility and ethnicity.

The document reveals that there’s much more to be done by the industry and, in addition to accepting all of the report’s recommendations, the NCSC has committed to publishing specific actions designed to improve diversity and inclusion within the organisation before the end of the year.

Ciaran Martin, CEO of the NCSC, said: “It cannot be right that, in the year 2020, there are still people within our industry who feel they cannot be themselves or who face discrimination because of who they are. This report should drive our determination to act. There is far more work to do on diversity and inclusion and the NCSC is determined to be a leader in this field, but a cross-sector effort is required to make sure that this is right. I would urge all cyber security leaders to read the report and act on it.”

The recommendations in the report – which are published on the NCSC’s website – urge cyber security leaders to become accountable for diversity and inclusion within their organisations and also establish comprehensive analysis of data to understand and track representation within their workforce.

They also call for the industry to significantly improve how it learns from Best Practice both within the cyber security sector and in other areas.

Bernard Brown, partner and vice-chair of KPMG UK, stated: “If the UK is to continue to play a leadership role in cyber security, we need to create an innovative and inclusive workplace that attracts the finest minds from our communities. Highly-skilled cyber security specialists are an imperative in a rapidly expanding digital economy supercharged by COVID-19.”

Brown added: “Our study findings show that the cyber industry has a lot to do if I’s to build truly inclusive workplaces. The report provides a route map for change and a call to action for a collective response to the issues raised.”

Key findings

Among the report’s findings – which were collated based on responses from 1,252 cyber security professionals – are the following:

(Female representation in the industry is 31%

*LGB representation is higher than the UK average, with 10% of respondents identifying as lesbian, gay or bisexual compared with 2.2% in the general population (ONS, 2020)

*The ethnic diversity of the workforce is broadly similar to that of the UK population

*41% of Black, African, Caribbean or Black British feel confident in their identity within the workplace compared to 75% of white respondents

*14% of respondents experienced barriers to career progression and/or resigned because of their employer’s approach towards diversity and inclusion issues

*74% of negative incidents as a result of diversity and inclusion were not reported

The survey on which this report is based was launched in February and sought to benchmark gender, sexual orientation, social mobility and ethnicity data across the cyber security industry, as well as understand issues around discrimination and inclusivity.

The next iteration of the survey will seek to capture the nuances and issues within disability and neurodiverse communities across the cyber security industry.