How to Improve Inclusion and Diversity in Cybersecurity

It’s important to be inclusive in the workplace. The cybersecurity industry, like any other, is realizing that it could have done a better job of emphasizing diversity and inclusivity in the past.

That’s not to say there haven’t been positive steps, but we can do more. To honor International Women’s Day, I would like to highlight the importance of inclusion and diversity and point out a few ways that the cybersecurity industry can embrace the benefits of inclusion.

While we celebrate International Women’s Day, and the achievements of women in the cultural, political, and economic spheres, gender diversity in cyber security is still an area many organizations struggle with. For instance, women still make up a small portion of overall employees in the cybersecurity industry. Why? What biases exist toward hiring women and why do they exist? Are we doing our part to remove those biases?

The Women in Cyber network of KPMG was established precisely to help women in the industry connect globally, promote diversity, and challenge discrimination. The network got its start in the UK with its Women in Security internal network but has quickly expanded. The network there has discussed issues like “Imposter Syndrome,” “Politics, Promotion and Performance” and “Empowering Women of Black Heritage.” Programs like these are now expanding across KPMG globally and are an important step in the ongoing conversation of promoting diversity and inclusion of women in the workplace.

What accounts, though, for the recent focus on diversity in the cybersecurity industry? For one, cybersecurity is becoming ever more important as the threats to data security increase. At the same time, the cyber security solutions field faces a well known skills shortage along with reported burnout among many industry professionals. For that reason, the challenge is for the industry to attract more talent while also widening the available talent pool. Employees at all organizations should feel as though they have a part to play in the sector, whatever their gender, race, or sexual orientation may be.

The business benefits are also clear, according to my colleague Maliha Rashid, the cyber security services director of KPMG UAE. She stresses that we need to encourage new ideas to address the evolving security threats. Diversity in cyber security is one way to broaden the number of ideas while at the same time bringing new employees into the mix.

Not all organizations are sufficiently addressing this deficit in diversity, however. The challenges stretch from tactical to strategic. Some organizations simply lack the resources to sufficiently address the diversity and inclusion dilemma. Others have a company culture that lacks in understanding and even work practices that enable discrimination. In all cases, the first step is to recognize the problem and then to take steps to mitigate the inclusion gap.

KPMG in the UK has published two landmark reports in partnership with the National Cyber Security Centre (NCSC). Decrypting Diversity has studied the issues of inclusion and diversity in the UK in 2020 and 2021. Jonathan Gill, the head of aerospace and defense of KMPG UK tells us that “gathering and analyzing data is the important first step to improving inclusion and diversity” and this helps to highlight “how individuals feel about working in cyber.”

The most recent report found that discrimination is a clear and present issue within the UK’s cyber security industry. One example: 22 percent of survey respondents said they had experienced negative comments from a colleague. Further, a full 65 percent did not report those comments to a superior.

On the positive side, 70 percent of respondents said they could express themselves as individuals at work (ethnically, culturally) but this result drops to 60 percent for black respondents and even more, 56 percent, for those who identify as neurodivergent. These results highlight that the experience in the workplace for minority groups is often worse than it seems and that we must focus on individual experiences to address discrimination.

1. The Decrypting Diversity report proposes a set of solutions intended as a guide for organizations and individuals working in cyber security risk management to improve inclusion and diversity in the workplace.
2. Take an active role in leading on inclusion and diversity. Executives must define a vision for success and set expectations for employees.
3. Create and benefit from hybrid working. Remote work has been a boon for inclusion and diversity by breaking down traditional gateways to entry.
4. Use data to understand, monitor and improve the talent lifecycle. Data can help organizations understand in which areas they need to improve, including talent pool and diversity.
5. Learn from inclusion and diversity best practice. Organizations should focus on best practices as a key toward success.
6. Publicize the success stories. When a company has a success story among minority employees, they should publicize his or her accomplishments. This will help attract other talent from those same underrepresented groups.
7. Map out the roles and skills. Organizations should promote transparency in their cyber security solution roles to encourage a more diverse talent pool and create more career pathways.

As Samar Iqbal, assistant manager at KPMG in the UK commented: “As a woman from an ethnic minority working in technology, guidance and advice from those with extensive experience in this space have helped me unlock my true potential and opened my mind to the possibilities, I would not have initially thought were possible or available to me.”

Talent managers should be cognizant that members of minority groups have likely lacked access to the same opportunities available to those from more privileged backgrounds. All of these recommendations are meant as a starting point to lower the barriers to inclusion, attract a more diverse talent pool, and ensure that employees of all stripes feel wanted and valued.

In sum, inclusion and diversity are fundamental to an organization’s success. A diversity of ideas leads to better outcomes while bringing out the best in all our employees. Eliminating discrimination in the cyber security industry is one way to promote the industry’s continued success and health.

This article is based on an article published at KPMG global by Dione Le Tissier, Director | Article Posted date7 March 2022