How DEI Initiatives Can Address the Cyber Skills Gap

As digitisation continues to accelerate, the incredible business opportunities that exist cannot be understated. Advancing technologies like artificial intelligence (AI) and machine learning (ML) makes highly technical and complex cyber security processes more automated, which can prove instrumental as businesses look to take more of their operations online. 

There lies an inherent problem, however, pertaining to the digital skills gap. To uncover this, it’s important to take a broad look at how we arrived at this juncture.

cyber skills

The Cyber Security Skills Shortage at a Glance

While it can be seen as a positive outcome that businesses continue to adopt more cloud-based infrastructure and entrust more of their operations to algorithms and tools, we mustn’t ignore the evolving threat landscape. Cybercrime is growing in frequency and severity, with businesses of all shapes and sizes at risk, meaning they cannot afford to overlook their security measures. One breach can have a profound negative effect on an entire network and supply chain, with the average remedy cost expected to be £21,000.

The problem isn’t solved by simply adopting more enterprise-grade security solutions like vulnerability assessments, red team engagements, and deploying organisation-wide 24/7 cyber incident response services, although they do exponentially help and reduce the attack surface. Expecting all SMEs in the UK with limited resources and tight budgets to be able to deploy these solutions is naive, so more proactive decisions need to be made. 

As cyber attacks invariably boil down to human error and lack of oversight (80% to be exact, according to the ICO), upskilling teams with the right training and skill sets they need to mitigate complex and covert cyber attacks is more reasonable. It sounds promising and straightforward in principle, but an underlying problem exists here, too.

The issue is that the technology sector itself is facing an acute and pervasive skills shortage when it comes to sourcing and finding the right type and amount of skilled cyber security professionals. The demand for cyber security professionals dramatically increased post-COVID; within 2022 alone the industry had already witnessed a 60% increase

The salient point is that insufficient cyber security defence strategies put companies at serious financial and reputational risk. A major cyber incident can result in lost income – even more if you consider a ransomware attack – along with regulatory or statutory fines, litigation, and the erosion of customer trust, all affecting a business’ bottom line. Evidently, the cyber skills shortage is an epidemic of its own kind; it’s a critical business issue that needs addressing promptly. 

So what’s the answer? Diversity, equity, and inclusion (DEI) initiatives offer a powerful and impactful solution for companies trying to navigate this increasingly volatile and complex threat landscape. As cybercrime cost the UK over £30.5 billion last year, with over 25% of all firms attacked in some capacity, the time to act is now.

 

Why Diversity Improves Cyber Security

Workforce diversity, which sees organisations adopting aligned DEI initiatives and implementing skills-based hiring is essential to strengthening any in-house security operation. When information security teams lack diversity of backgrounds and varied perspectives, the blind spots that it can create can be profound. 

It’s worth noting that cybercriminals and opportunistic bad actors span the entire globe, possessing different motivations for each attack. Some may be politically or economically motivated, while others may simply serve to extract a ransom from a specific firm. The important takeaway from this is that a homogenous security workforce will struggle to anticipate and respond to a complex and evolving threat landscape.

Diverse security teams, conversely, draw from a richer, broader pool of life experiences, problem-solving approaches, and creative insights. No organisation’s risk exposure is ever clear-cut, and as attacks continue to vary in complexity, adaptation and flexibility will prove crucial in protecting assets, data, and finances. 

While the global cyber security workforce has added hundreds of thousands of jobs over the last couple of years, reaching an all time high of 5.5 million positions in 2023, this growth was accompanied by an employment gap of 4 million, according to the security industry nonprofit ISC(2). The same association announced a significant expansion of its DEI partner network last year, solidifying its commitment to fostering greater diversity within cyber. Some new partners include the Women’s Society of Cyberjutsu, Minorities in Cyber, and many more. Focusing on education and development of underrepresented groups is helping to bridge the lingering workforce gap and drive change within the industry, with the hope more firms will follow suit.

While it makes good business sense to adopt more inclusive DEI practices, in a wider context, demonstrating diversity, inclusivity and equality (and backing that up with evident action) is vital for securing trust in society and the digital economy. Promoting diversity in all areas, alongside cyber security, is key to improving collective resilience and fostering an aligned culture.

 

Barriers to Diversity in Cyber Security

Despite the clear advantages of embracing DEI in a security function, there are evident obstacles preventing businesses from achieving this goal. 

As a starting point, the cyber security and tech industries as a whole suffer from an alarming lack of diversity, especially across gender, race, disability, and other characteristics. 

For example, recent government data shows that only 17% of the cyber security workforce is made up of women.

There are a number of systematic barriers and stereotypes that perpetuate this homogeneity in the cyber, tech and IT spaces. These include:

  • Insufficient access to cyber security education and training
  • High costs of cyber security accreditation and certification programmes
  • Lack of exposure to STEM fields from an early age across cultures
  • Exclusion from accessible networking opportunities
  • Lack of supportive workplace environments for underrepresented groups
  • Prevailing societal and cultural biases associating tech, IT, and cyber security as being an ‘old boys club
  • Untapped talent pools and lack of access to employment opportunities

 

Overcoming these systemic challenges requires concerted effort and accountability from cyber security leaders and decision-makers within organisations and institutions worldwide.

 

Key Steps to Foster Diversity in Cyber Teams

Executives, whether CISOs, CIOs, or CTOs, coupled with their wider teams, must prioritise DEI initiatives as vital cyber security, business continuity, and resilience measures. Promoting more diverse, equitable, and inclusive workforces in tech, security and IT departments in-house will also spread laterally across the organisation in other areas.

Here are some key steps that business leaders can take to ensure and promote a workforce that embraces more DEI:

  • Expand recruiting channels and hiring practices.
      • Partner with organisations that support underrepresented groups in technology.
      • Implement skills-based, anonymised hiring to reduce recruitment bias.
      • Be open to candidates from non-traditional education and career paths.
      • Offer paid internships and apprentice programmes to expand opportunities to underrepresented groups.

  • Invest in more accessible training and development programs.
      • Provide funding for certifications, accreditation programs, mentorship and coaching opportunities.
      • Establish leadership development tracks for underrepresented talent.
      • Offer greater flexible and remote work options to staff.

diversity training

  • Cultivate an actively inclusive workplace culture.
      • Deploy mandatory and refresher training for unconscious bias and sensitivity.
      • Display zero tolerance for discrimination, harassment, and microaggressions. 
      • Establish a clear disciplinary line for aggressive discriminatory actions.
      • Provide anonymous reporting to protect the defendant’s identity in the event of a claim.
      • Recognise and celebrate cultural holidays and heritage months
      • Encourage and support DEI resource groups and support networks.

  • Lead by example with transparent accountability.
    • Set measurable targets for DEI metrics and report on their continual progress.
    • Implement DEI goals that tie to leadership performance reviews and accountability.
    • Consult external advisory boards to provide guidance.
    • Support industry initiatives like the UK Cyber Security Council.

 

By prioritising diversity, equity, and inclusion, companies can tap into a broader array of cyber security talent, ideas, strategies and perspectives. This will prove crucial for navigating today’s complex threat landscape that shows no signs of easing.