As the global job market has contracted over the last 18 months, cybersecurity has expanded, putting IT and security professionals in higher demand than ever. But diversity is still a big problem in the industry and it’s one that security leaders, HR teams, and recruiters are desperately trying to solve.
And, while there’s still room for improvement, new research shows that organizations are prioritizing diversity and inclusion (D&I), and it’s paying off: 1 in 3 employees in IT and security teams are female.
Why is diversity so important in cybersecurity?
We know instinctively why D&I matters from an ethical perspective. But, year after year, research from consulting firms like McKinsey show there’s a strong business case for diversity, too. It helps boost innovation, increase job satisfaction, and helps drive higher profitability, market share, and return. It’d also have a big impact on the global economy.
The Center for Economics and Business Research quantified just how much of an impact…
If the number of women working in cybersecurity rose to equal that of men, we’d see a $30.4 billion boost to the industry’s economic contribution in the US and a £12.6 billion boost in the UK. And, if women earned as much as their male counterparts, we’d see billions more pour in, with a further $12.7 billion added in the US and £4.4 billion in the UK.
So, how diverse is the industry today?
How diverse is the industry today?
A recent survey of 250 IT leaders in the US and UK revealed that:
- On average, one in three (33%) employees in IT and security teams, in UK and US organizations, are female
- IT leaders in US organizations have slightly more diverse teams, with 36% of their team being female, versus 30% of IT teams in UK organizations
- Larger companies are more likely to have greater diversity in their teams. 36% of IT teams in medium sized businesses (25-499 employees) are female, and 34% of IT teams in large enterprises (1000+ employees) are female. This drops to 29% in small businesses (2-49 employees)
But it’s not just about gender. It’s about geo, professional experience, educational background (or lack thereof), age, religion, and more.
According to a 2021 report from (ISC)2, while minority professionals make up a significant portion of the cybersecurity workforce, they’re underrepresented across senior roles within their organizations. Among minority cybersecurity professionals, just 23% hold a role of director or above, 7% below the U.S. average.
And, interestingly, minorities who have advanced into leadership roles often hold higher degrees of academic education than their Caucasian peers who occupy similar positions.
Of minorities in cybersecurity, 62% have obtained a master’s degree or higher, compared to 50% of professionals who identified as White or Caucasian.
That said, progressive IT leaders do have objectives in place to hire people from a more diverse range of backgrounds:
- 56% of IT leaders in US organizations have objectives around increasing efforts to hire people from more diverse range of backgrounds in 2022
- 46% of IT leaders in UK firms have objectives have objectives around increasing efforts to hire people from more diverse range of backgrounds in 2022
- 65% of large businesses (1000+ employees) have objectives around increasing efforts to hire people from more diverse range of backgrounds in 2022
This begs the question: what can organizations do to ensure a more diverse workforce, including diverse leadership?
How can organizations hire (and keep) diverse talent?
Hiring diverse talent
To better understand what would encourage more diversity in cybersecurity, we asked female practitioners what would make the biggest impact. Here’s what they said:
According to Tessian’s CISO, Josh Yavor, job descriptions and requirements are turning people off and away, too.
“We have to look at the terrible multi-decade history of awful job descriptions and requirements in cybersecurity. This industry is bad at posting entry-level descriptions that require unreasonable levels of experience and this makes it impossible to hire anyone. The challenge I give to hiring managers is to ask them, what does 5-10 years of experience actually mean to you? What does 5-10 years of experience look like and what value does that actually provide?” Josh explained.
It’s essential that organizations remove barriers to entry like 4-year degrees, cybersecurity certifications, and previous experience. Of course, IT skills and knowledge of computer science and engineering may be prerequisites for some roles in cybersecurity.
But all roles require soft skills.For example, data analytics, analytical thinking, creative thinking, and collaboration.
Retaining diverse talent
The Great Resignation of 2021 has continued well into 2022, with record high numbers of people quitting their jobs and seeking opportunities for better positions, better pay, better work/life balance and even exploring a career in a completely new industry.
According to our latest survey of 2,000 employees in UK and US businesses, 55% are considering leaving their current employer this year. The most likely department to be on their way out? IT.
That means retaining diverse talent is just as important as hiring diverse talent.
How? Prioritize employee wellbeing, promote flexibility, offer good perks (which means more than just snacks, beer, and ping pong), build a good company culture, and invest in career development.
Looking for a new gig?
If you’re looking for your next gig, and want all of the above ☝ explore Tessian’s open roles.