Above: The National Cyber Security Centre (NCSC), Nova South, London.
Courtesy NCSC

The National Cyber Security Centre (NCSC), which is a part of GCHQ and KPMG UK have revealed the findings of the second Decrypting Diversity: Diversity and Inclusion in Cyber Security report and published actionable advice for the sector to follow.

Advertisement

This year's findings reveal a mixed picture of the state of diversity and inclusion in the industry. In some key areas, such as those who identify as neurodiverse or disabled, diversity in the industry is high compared to the average across the country.

However, there has been an increase in the number of people who have experienced discrimination in the workplace and career barriers.

As well as accepting all of the report's recommendations, the NCSC has made five commitments which aim to increase levels of diversity and inclusion within the organisation:

1. The NCSC's efforts to create a thriving cyber education ecosystem will focus on engagement with establishments with high proportions of students from under-represented communities.
2. The CyberFirst bursary programme will aspire to achieve year-on-year increases in the proportion of females offered a place, until it reflects the demographics of the UK.
3. Changes will be made to external recruitment practices to ensure the NCSC attracts diverse talent to accurately represent the communities it serves.
4. Measures will be implemented to achieve elimination of the gender pay gap and ethnic minority pay gap within the organisation.
5. Information and support will be provided to members of our workforce so that they are sensitive to and take action to promote a fully inclusive environment.

The 2021 report measures progress made against benchmark statistics and recommendations published in the 2020 inaugural report. This year, the survey was expanded to capture new benchmarks on disability, neurodiversity, location of workplace, employer size and seniority.

Lindy Cameron, NCSC CEO, said: “The UK is rich with diverse communities and, as the Decrypting Diversity report makes clear and we need to ensure the cyber security profession reflects that diversity.

“As cyber security leaders it is our job to drive positive change, and I urge decision makers across the industry to take immediate action to improve opportunities and experiences for all.

“Along with accepting all of the report's recommendations, we have also made five commitments that will power my ambition to create a fully inclusive environment at the NCSC.”

Like last year, the report outlines recommendations for leaders in cyber security to adopt to drive progressive change within their own organisations, which include taking an active role in leading on diversity and inclusion, ensuring inclusivity is maintained whilst working remotely, and using data to understand, monitor and improve the talent lifecycle.

In the last year, GCHQ – including the NCSC – has taken steps to improve attraction and recruitment processes, as well as further activity to engage staff through workshops, learning material and access to leading speakers, ensuring everyone understands their part in creating a diverse and inclusive workplace.

Dione Le Tissier, Defence Director in KPMG UK’s People and Change practice, said: “It’s so important that people working across the sector can thrive and reach their full potential, regardless of their gender identity, ethnicity, disability, sexual orientation or socio-economic background.

“And while we’re seeing improvements in representation, the research shows that there is plenty of work to be done to deliver progressive change and create diverse and inclusive working environments.

“This research delivers vital insight, lifting the lid on the sector so we can better understand how individuals feel about working in cyber security and key areas for improvement.

Advertisement

“We look forward to continuing our partnership with the NCSC in supporting the industry deliver on the recommendations made in this report and to ensure diversity and inclusion sits at its heart.”

The report was based on survey responses from 945 cyber security professionals, which provides insight into makeup of the industry. Amongst its findings were:

• Female representation in the industry is 36% (vs. 31% in 2020)
• Lesbian, gay, and bisexual representation remains at 10%, which is favourable compared to the 2.2% of the UK population that declared themselves as such in 2018
• The ethnic diversity of the workforce is broadly similar to that of the UK population
• Over one in five (22%) have experienced discrimination in the last year (vs. 16% in 2020)
• 12% of respondents have considered changing employer due to barriers to career progression

The new benchmarks captured in this year’s report reveal that:

• 26% of respondents identify as having a disability
• 19% of respondents identify as neurodivergent
• 84% of respondents worked for a large organisation (250+ employees)
• 36% of respondents worked in London, with 32% working in the south west

The report is published following the establishment of the UK Cyber Security Council, which acts as the voice of the UK cyber security profession, and has published its principles in support of diversity and inclusion within the industry. The Council will also develop, promote and steward nationally recognised standards for cyber security in support of the Government’s upcoming National Cyber Security Strategy.

The survey on which this report is based was launched in May 2021.

Advertisement