NCSC & KMPG UK launch results of second cyber Diversity and Inclusion Survey
Key findings from the 2021 help identify where progress has been made in the sector and where there’s more work to be done.
The NCSC & KPMG UK’s 2020 Diversity and Inclusion report set the baseline for diversity and inclusion in the cyber security industry: one year on, the second annual survey – the results of which were launched on 23 November – provides the opportunity to benchmark against the 2020 findings to gauge what progress has been made in terms of individuals’ experiences in the sector.
Progress in diversity and inclusion is vitally important to the cyber industry, because, ultimately, ‘a more diverse and inclusive team is a more innovative team’. As the NCSC’s CEO, Lindy Cameron, highlighted during the launch event – not only is it right thing to do, it’s also the logical thing to do to ensure better business outcomes. The NCSC and KPMG UK are, therefore, committed to continuing this study over the long term in order to see greater change. Indeed, it is hoped that the findings of the report will help employers to review the progress they’re making; and to identify where they need to do more and take action.
What were the key findings?
Overall, the research conducted found some improvements, but the conclusion is that there’s more to be done to improve experiences and opportunities for all.
In some areas, diversity in the cyber security sector is higher than the average across the country; for example:
- 19% of those working in cyber are neurodivergent, compared with the 10% estimate for UK population as a whole.
- 26% of those working in cyber identify as disabled, compared with 20% of the UK population as a whole.
- 10% of those working in cyber identify as lesbian, gay or bisexual, compared with the 2.2% of the UK population, as per the Office for National Statistics’ (ONS’) 2018 data.
… And in others it’s around the same:
- When it comes to ethnic diversity, cyber is roughly aligned with national figures.
- 1% of the cyber workforce is made up of trans women and men, or people who are non-binary, which is in line with the wider population.
But there’s still much work to be done.
This year’s research reports that 36% of those working in cyber are women, which is up from 31% last year and better than much of the tech industry; but this increase is likely in part due to the wording of the question to align with the 2021 Census; and, of course, it still falls considerably short of the percentage of women in the population as a whole. Furthermore, there’s a higher weighting of female staff in younger groups, while senior roles – including the CISO – still tend to dominated by men.
In terms of inclusion, the report noted both positives and negatives, including:
- 71% of survey respondents felt able to be themselves in the workplace, but that leaves 1 in 5 cyber professionals who feel that they cannot be themselves.
- There has been a sharp rise in the number of LGBTQ+ people who felt uncomfortable disclosing their identity in the workplace
- 22% of respondents have experienced discrimination in the past year, but the number not reporting incidents has fallen since last year from 74% to 65%
So, the message is clear that the industry isn’t inclusive enough for certain groups – and this, in turn, will have a negative impact on their ability to do their best if they’re constantly trying to fit in. Indeed, an inclusive approach must permeate into recruitment and retention if industry is going to keep the talent it needs to thrive.
Discrimination is , unfortunately, a real problem in the sector with 1 in 5 respondents having experienced it in the last year, which is a slight increase from last year. This could be because people feel more comfortable reporting it, or it could be an increase in incidents – either way, this is not good. Furthermore, 4 out of 10 incidents reported were not resolved, so this is not just about the process for reporting: organisations need to create an inclusive and open culture where everyone’s contribution is recognised.
How was the research conducted?
This year, 945 people from across the UK cyber industry took part in an online survey. In order to preserve continuity, the underline methodology was the same as last year, however, new features were built in for 2021 to provide a richer, more complete view of diversity and inclusion in the sector. These included a wider range of characteristics such as age, disability, neurodiversity and location, as well as the size and type of organisation that individuals work for and insights into how they joined the industry.
Two areas that the report highlights as needing further study are (1) the impact of the Covid-19 pandemic on the findings; and (2) the need to expand the sample size in order to gain meaningful conclusions from the analysis of intersectionality in order to better understand the experiences of those in more than one minority group.
Key recommendations for driving positive change
The report sets out six recommendations for the cyber industry to adopt in order to drive significant change. These are not expected to change radically each year, but rather they’re designed to be long-term, enduring recommendations that will evolve as work progresses to improve the situation. Indeed, the idea is that they will support the industry to collectively move the dial in some of the key areas highlighted for improvement.
The recommendations are:
- Take an active role in leading on diversity and inclusion
- Create and benefit from hybrid working
- Use data to understand, monitor and improve the talent lifecycle
- Learn from D&I best practice
- Publicise the success stories
- Map out the roles and skills
The newly created UK Cyber Security Council will take a leading role in pushing forward the diversity and inclusion agenda in the industry and addressing how changes can be made; and it has already put together a comprehensive set of steps that organisations can take.
techUK wholeheartedly supports the commitment to ensuring that diversity and inclusion is at the heart of the future of the cyber industry; and welcomes the inclusion of the additional characteristics, such as disability and neurodiversity, in this year’s Decrypting Diversity Report which gives a richer, more detailed picture of diversity and inclusion in the sector. We look forward to supporting industry, the UK Cyber Security Council and the NCSC in taking forward the report’s recommendations to ensure the cyber industry continues to make progress with diversity and inclusion.
You can download the full Decrypting Diversity: Diversity and Inclusion in Cyber Security 2021 report here.
Watch the recording of the NCSC and KMPG UK report launch event here.
Latest News from
New research from Vodafone reveals the cost to businesses of having poor parental leave21/01/2022 11:25:00
Employers who do not offer sufficient parental leave risk losing top talent. Vodafone urges Government and employers to review parental leave policies and ensure they meet the expectations of younger workers.
Online Safety: A guiding hand for tech companies17/01/2022 16:25:00
Georgina Kon and Peter Church from Linklaters LLP consider Ofcom's approach to the VSP regime and how this may provide insight into how it might regulate the broader online safety regime.
Energy Digitalisation Taskforce publishes recommendations for a digitalised Net Zero energy system17/01/2022 15:10:00
A new report by the Energy Digitalisation Taskforce is recommending greater control for consumers over their data to build trust; plug-and-play options for innovators to enable interoperability with the energy system; and mandated carbon monitoring – as key drivers to accelerate Net Zero.
15% of UK businesses have adopted AI17/01/2022 11:25:00
A new report from DCMS shows that while over 430,000 businesses are already using AI, there is great potential for further growth.
Connected Home Technology in 202214/01/2022 16:25:00
What developments can we expect to see in the connected home sector in the year ahead?
techUK welcomes the launch of UK-India FTA negotiations14/01/2022 11:25:00
techUK welcomes the launch of UK-India FTA negotiations which was announced on 13th January.
Introducing techUK’s Advanced Communications Services Working Group13/01/2022 16:25:00
Over the past two years techUK’s 5G Ecosystem Working Group has focussed on explaining the benefits of 5G to industries where there are opportunities to deliver services more efficiently.
Consumer Tech Trends in 202213/01/2022 11:25:00
Round-up of the latest consumer tech innovations from CES 2022 in Las Vegas.