NCSC vows to improve diversity and inclusion in the cybersecurity workforce

Why Your Business Environment Should Drive Cybersecurity

The National Cyber Security Centre (NCSC) – a part of GCHQ – and KPMG UK have jointly published the first annual Decrypting Diversity: Diversity and Inclusion in Cyber Security report, which aims to set a benchmark for improving the experiences and opportunities for existing and future staff working in the industry.

The report provided a mixed picture, revealing that in some areas minority representation was above average for the country but also highlighting discrimination and a lack of inclusivity across gender, sexual orientation, social mobility and ethnicity. It found that there is more to be done by the industry and in addition to accepting all of the report’s recommendations the NCSC has today committed to publishing specific actions to improve diversity and inclusion within the organisation before the end of the year.

Ciaran Martin, Chief Executive of the NCSC, said: “It cannot be right that in the year 2020 there are still people within our industry who feel they can’t be themselves or who face discrimination because of who they are and this report should drive our determination to act. There is far more to do on diversity and inclusion and the NCSC is determined to be a leader in this field, but a cross sector effort is required to get this right. I urge all [cybersecurity] leaders to read the report and act on it.”

The recommendations in the report – which are published on the NCSC website – urge cybersecurity leaders to become accountable for diversity and inclusion within their organizations and set up comprehensive analysis of data to understand and track representation within their workforce.

They also call for the industry to significantly improve how it learns from best practice both within the cyber security sector and other areas.

Bernard Brown, Partner and Vice Chair, KPMG UK, said: “If the UK is to continue to play a leadership role in [cybersecurity], we need to create an innovative and inclusive workplace that attracts the finest minds from our communities. Highly skilled [cybersecurity] specialists are an imperative in a rapidly expanding digital economy, supercharged by COVID-19. Our findings show that the cyber industry has a lot to do if it is to build truly inclusive workplaces. The report provides a route map for change and a call to action for a collective response to the issues raised.”

Among the report’s findings – which were collated based on responses from 1,252 cybersecurity professionals – were:

Female representation in the industry is 31 percent
LGB representation is higher than the UK average, with 10 percent of respondents identifying as lesbian, gay, or bisexual compared with 2.2 percent in the general population (ONS, 2020)
The ethnic diversity of the workforce is broadly similar to that of the UK population
41 percent of Black, African, Caribbean or Black British feel confident in their identity within the workplace, compared to 75 percent of White respondents
14 percent of respondents experienced barriers to career progression and/or resigned because of their employer’s approach to diversity and inclusion issues
74 percent of negative incidents as a result of diversity and inclusion were not reported

The survey on which this report is based was launched in February 2020, and sought to benchmark gender, sexual orientation, social mobility and ethnicity data across the cybersecurity industry, as well understand issues around discrimination and inclusivity. The next iteration of this survey will seek to capture the nuances and issues within disability and neurodiverse communities across the cyber security industry.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.