CYBER SECURITY chiefs have committed to lead a drive towards improving equality, diversity and inclusion (ED&I) within the sector following a second major survey of the industry. The National Cyber Security Centre (NCSC), which is a part of GCHQ, and KPMG UK have revealed the findings of the second Decrypting Diversity: Diversity and Inclusion in Cyber Security Report and published actionable advice for the sector to follow.
This year’s study findings reveal a mixed picture of the state of diversity and inclusion in the industry. In some key areas, such as those who identify as neurodiverse or disabled, diversity in the industry is high when compared to the average across the country.
However, there has seemingly been an increase in the number of people who have experienced discrimination in the workplace and career barriers.
As well as accepting all of the report's recommendations, the NCSC has made five commitments which aim to increase levels of diversity and inclusion within the organisation. For example, the NCSC’s ongoing efforts to create a thriving cyber education ecosystem will focus on engagement with establishments with high proportions of students from under-represented communities.
In addition, the CyberFirst bursary programme will aspire to achieve year-on-year increases in the proportion of females offered a place until such point that it reflects the demographics of the UK.
Changes will be made to external recruitment practices to ensure that the NCSC attracts diverse talent to accurately represent the communities it serves. Measures will be implemented to achieve elimination of the gender pay gap and ethnic minority pay gap within the organisation and information and support will be provided to members of the NCSC’s workforce such that they are sensitive towards – and take action to promote – a fully inclusive environment.
Progress against benchmarks
The 2021 report measures progress made against benchmark statistics and recommendations published in 2020’s inaugural report on this issue. This year, the survey was expanded to capture new benchmarks on disability, neurodiversity, location of the workplace, employer size and seniority.
Lindy Cameron, CEO at the NCSC, commented: “The UK is rich with diverse communities and, as the Decrypting Diversity report makes clear, we need to ensure that the cyber security profession reflects that diversity. As cyber security leaders, it’s our job to drive positive change. I would urge decision-makers across the industry to take immediate action in order to improve opportunities and experiences for all.”
Further, Cameron noted: “Along with accepting all of the report’s recommendations, the five commitments we’ve made will power my ambition of creating a fully inclusive environment here at the NCSC.”
Like last year, the report outlines recommendations for leaders in cyber security to adopt to drive progressive change within their own organisations, which include taking an active role in leading on diversity and inclusion, ensuring inclusivity is maintained while working remotely and using data to understand, monitor and improve the talent lifecycle.
In the last year, GCHQ – including the NCSC – has taken steps to improve attraction and recruitment processes, as well as further activity to engage staff through workshops, learning material and access to leading speakers, subsequently ensuring that everyone understands the part they have to play in creating a diverse and inclusive workplace.
Dione Le Tissier, defence director in KPMG UK’s People and Change practice, explained: “It’s so important that people working across the sector can thrive and reach their full potential, regardless of their gender identity, ethnicity, disability, sexual orientation or socio-economic background. While we’re seeing improvements in representation, the research shows that there’s plenty of work still to be done to deliver progressive change and create diverse and inclusive working environments.”
Le Tissier continued: “This research delivers vital insight, lifting the lid on the sector such that we can better understand how individuals feel about working in cyber security and focus on key areas for improvement. We look forward to continuing our partnership with the NCSC and supporting the industry to deliver on the recommendations made in this report, thereby ensuring diversity and inclusion sits at its heart.”
The report is based on survey responses received from 945 cyber security professionals. It states that female representation in the industry is 36% (versus 31% in 2020). Lesbian, gay, and bisexual representation remains at 10%, which is described as “favourable” when compared to the 2.2% of the UK population who declared themselves as such in 2018.
The ethnic diversity of the workforce is broadly similar to that of the UK population. Over one-in-five (22%) have experienced discrimination in the last year (versus 16% in 2020). 12% of respondents have considered changing employer due to barriers to career progression.
The new benchmarks captured in this year’s report reveal that 26% of respondents identify as having a disability, 19% of them identify as neurodivergent, 84% of respondents work for a large organisation (with 250-plus employees) and 36% work in London, with 32% working in the South West.
The report is published following the establishment of the UK Cyber Security Council, which acts as the voice of the UK’s cyber security profession and has published its own principles in support of diversity and inclusion within the industry. The Council will also develop, promote and steward nationally recognised standards for cyber security in support of the Government’s upcoming National Cyber Security Strategy.
The survey on which the NCSC’s report is based was launched back in May.