It cannot be right that in the year 2020 there are still people within our industry who feel they can’t be themselves or who face discrimination. So said Ciaran Martin, Chief Executive of the National Cyber Security Centre, on the occasion of the NCSC and audit firm KPMG releasing a first annual Decrypting Diversity: Diversity and Inclusion in Cyber Security report.
Martin said: “There is far more to do on diversity and inclusion and the NCSC is determined to be a leader in this field, but a cross sector effort is required to get this right. I urge all cyber security leaders to read the report and act on it.”
The report argues that cyber has made some progress on diversity. The sector has ‘higher levels of female and LGB (Lesbian, Gay and Bisexual) representation than the wider technology industry, although true gender parity remains far away. On trans representation, our survey found levels in line with the best UK estimates given
the limited comparable data available. When it comes to the representation of people from BAME (Black, Asian and minority ethnic) backgrounds, the industry appears to be broadly in line with the UK population’.
As the report sets out, diversity is not the same as inclusivity; diversity is about numbers, inclusion about feelings, the report suggests. “Having the confidence to be yourself and to feel able to disclose aspects of your life is at the heart of inclusivity; without this, organisations struggle to benefit from diversity. The good news is that most cyber security professionals feel confident in their workplace. Less positively, one in five respondents do not feel they can be themselves at work, and this figure rises to two in five respondents of Black heritage.”
The report makes the case for diversity and inclusion in UK cyber; as not only ‘the right thing to do’; but it’s ‘vital to widening the talent pipeline’, if supply of young and gifted people to do cyber security is to meet demand – only likely to rise due to the Covid-19 pandemic, the report points out.
However the report does speak of Black, gay and lesbian, and female cyber security people finding themselves discriminated against and experiencing ‘negative incidents’; most not reported.
What to do, given that as the report says the case for diversity and inclusion is ‘well accepted’? The report recommends a set of principles for organisations ‘to bake inclusivity into future ways of working’; collecting data on the make-up of the sector; sharing best practice; hailing success stories; and mapping out cyber careers as part of a wider skills agenda. The report calls for the DCMS (Department for Digital, Culture, Media & Sport) to lead on ‘an initial stakeholder group involving industry, academia and trade associations’.
A survey in February sought to benchmark gender, sexual orientation, social mobility and ethnicity data across cyber security, and look at issues around discrimination and inclusivity. The report urges cyber leaders to become accountable for diversity and inclusion within their organisations; and gather data to understand and track representation in their workforce.
Download the 96-page report on the NCSC website: https://www.ncsc.gov.uk/report/diversity-and-inclusion-in-cyber-security-report.
