Over a fifth (22%) of cyber security industry professionals have experienced discrimination in the last year, according to new findings published by the National Cyber Security Centre (NCSC) and KPMG UK.
This is up from one in six (16%) in 2020, with respondents experiencing career barriers as a result of one of their characteristics has risen significantly, from 14% last year to 25% in 2021.
The NCSC’s and KPMG’s Diversity and inclusion in cyber security report studied the obstacles faced by cyber security professionals across a range of characteristics – including ethnicity, gender, sexual orientation, neurodivergence, and disabilities.
The report found that, although the cyber security industry is in many areas more diverse than the overall UK population, not everyone feels as if they can freely be themselves in the workplace.
For instance, 37% of surveyed individuals with a disability were uncomfortable disclosing their disability at work, due to fears of discrimination. The report also found that, although gay and lesbian respondents were one of the groups most confident in themselves, with 89% being comfortable disclosing their sexual orientation in the workplace in 2020, this had fallen to 76% in 2021. Bisexual respondents experienced an even steeper fall in confidence, with only 47% being comfortable with disclosing their identity at work – down from 77% in the previous year. By contrast, 91% of heterosexuals are comfortable disclosing their sexual orientation at work.
Based on the report’s findings, the NCSC drafted recommendations for the cyber security industry that would help drive progressive change. This includes taking an active role in leading on diversity and inclusion, leveraging the sector’s expertise in data to better understand how diversity and inclusion can be embedded across the talent lifecycle, and creating accessible and clear job descriptions and adverts for cyber roles.
The UK Cyber Security Council’s CEO Simon Hepburn said that the body “warmly welcome[s] and applaud[s] this second annual report by NCSC and KPMG”, which he described as “solidly researched”.
“It’s vital not just to help the sector fill the tens of thousands of vacancies that exist, but for the sector and the UK to benefit from the wider range of abilities, improved creativity, different thinking, and alternative contributions of a truly diverse, inclusive cyber security workforce. The Council and the NCSC are in lockstep over the D&I [diversity and inclusion] objectives for the sector and, to that end, we also welcome and agree with the conclusions of the report,” he stated.
The truth about cyber security training
Stop ticking boxes. Start delivering real change.
However, Hepburn noted that the recommendations made by the report don’t address how the industry can achieve them, adding that “programmes will need to be devised and executed”.
“The Council will therefore play its full role in devising, driving, and supporting D&I programmes, through the Council membership which we are at the start of building. I encourage cyber-related organisations that want to lead the way in D&I, and which want to show the sector that they're leading the way, to join us without delay. There is much to do,” he said.
