Inclusion and diversity are fundamental to the success of any organization — and particularly important for those working in the cyber security industry. This industry — like many others — is realizing the error they made in not being inclusive and are now recognizing and prioritizing inclusivity and diversity in their workplaces. Although improvement can be seen, there’s a lot more work to be done, with organizations and individuals continuing to face challenges in this space. To mark International Women’s Day, I’m going to spotlight the importance of inclusion and diversity in cyber security and identify the key steps the industry can take to enhance and embrace the benefits of a diverse and inclusive workforce.
International Women’s Day is an opportunity to commemorate the cultural, political, and socioeconomic achievements of women. While there’s a day to celebrate the success of women in the workforce, gender diversity is an area many organizations still struggle to get ‘right’. There are still significant gaps when you look at the ratios in the industry; women still make up a lower percentage of the workforce, and this is no different in cyber security. But why? What are the biases when it comes to women in cyber security, and why do they exist? Is enough being done to challenge those biases? Organizations are increasingly moving in the right direction, with more initiatives to promote bringing more women into the profession and helping them challenge and overcome those often-unconscious biases.
KPMG’s Women in Cyber network has been set up to connect teams globally, creating collective action to promote inclusion and diversity, and tackle discrimination. This began as a regional initiative, with KPMG in the UK’s Women in Security internal network but has quickly expanded. Discussing topics like ‘Imposter Syndrome’, ‘Politics, Promotion and Performance’ and ‘Empowering women of black heritage’ helps those in the network to understand and navigate inclusion and diversity. Such programs continue to expand internationally across the KPMG global organization. Although just one part of the toolkit of methods available to organizations, these networks and programs are key to starting and maintaining the conversation about the benefits of inclusion and diversity across all those who work in cyber.
Inclusion and diversity are important — but not all organizations recognize it
So, why has there recently been such a big focus on having inclusive and diverse teams in the cyber profession? Organizations are increasingly dependent on technology, which the global pandemic has accelerated, and the nature, complexity and number of threats to this technology are increasing. Cyber security has never been more important in keeping us all safe. And yet, the cyber security industry faces a well-documented skills shortage, along with clear evidence of burnout and stress among over-worked professionals. As such, organizations should ensure they can continue to attract and retain the top talent — and be increasingly reliant on the diversity of ideas and approaches to tackle the evolving threat landscape. Everyone should feel included and be able to reach their potential no matter what their gender, ethnicity, sexual orientation or background. Everyone has a part to play in making this a reality.
According to my colleague, Maliha Rashid, Cyber Security Services Director, KPMG in the UAE, if the human case for inclusion and diversity wasn’t already compelling enough, the business benefits are also clear. In the cyber security industry, we need novel solutions to tackle novel threats. This means thinking outside the box and challenging traditions and norms. The best way to get that is through new ways of thinking, which is diversity — and to ensure everyone on the team feels willing and able to share new ideas, which is inclusion.
While the moral and business cases for having inclusive and diverse teams is clear and communicated widely across societies, not all organizations are making sufficient efforts to prioritize it. There are numerous barriers that many organizations face, that range from the tactical to the strategic. For example, some organizations lack the required expertise to recognize or understand the diversity of their workforce and issues of inclusion. Others might face more fundamental or systemic barriers. Some organizations might have poor company cultures and working practices that create and enable discrimination. In either circumstance, the first step organizations need to take is to recognize overtly the importance of inclusion and diversity.