National Cyber Security Centre
NCSC commits to improving equality, diversity and inclusion as report shows progress but room for improvement remains
This year's report measures industry-wide progress since 2020, and captured new benchmarks including disability, neurodiversity and seniority.
- Second report from KPMG UK and the NCSC analyses progression of diversity and inclusivity within cyber security industry over past 12 months
- Decrypting Diversity report finds some improvements, but more to be done in improving experiences and opportunities for all
- NCSC publishes five commitments to improving diversity and inclusion within the organisation
Cyber security chiefs have today (Tuesday) committed to lead a drive towards improving diversity and inclusion within the sector following a second major survey of the industry.
The National Cyber Security Centre (NCSC), which is a part of GCHQ, and KPMG UK have revealed the findings of the second Decrypting Diversity: Diversity and Inclusion in Cyber Security report and published actionable advice for the sector to follow.
This year's findings reveal a mixed picture of the state of diversity and inclusion in the industry. In some key areas, such as those who identify as neurodiverse or disabled, diversity in the industry is high compared to the average across the country.
However, there has been an increase in the number of people who have experienced discrimination in the workplace and career barriers.
As well as accepting all of the report's recommendations, the NCSC has made five commitments which aim to increase levels of diversity and inclusion within the organisation:
- The NCSC's efforts to create a thriving cyber education ecosystem will focus on engagement with establishments with high proportions of students from under-represented communities.
- The CyberFirst bursary programme will aspire to achieve year-on-year increases in the proportion of females offered a place, until it reflects the demographics of the UK.
- Changes will be made to external recruitment practices to ensure the NCSC attracts diverse talent to accurately represent the communities it serves.
- Measures will be implemented to achieve elimination of the gender pay gap and ethnic minority pay gap within the organisation.
- Information and support will be provided to members of our workforce so that they are sensitive to and take action to promote a fully inclusive environment.
The 2021 report measures progress made against benchmark statistics and recommendations published in the 2020 inaugural report. This year, the survey was expanded to capture new benchmarks on disability, neurodiversity, location of workplace, employer size, and seniority.
Lindy Cameron, NCSC CEO, said:
“The UK is rich with diverse communities and, as the Decrypting Diversity report makes clear, and we need to ensure the cyber security profession reflects that diversity.
“As cyber security leaders it is our job to drive positive change, and I urge decision makers across the industry to take immediate action to improve opportunities and experiences for all.
“Along with accepting all of the report's recommendations, we have also made five commitments that will power my ambition to create a fully inclusive environment at the NCSC.”
Like last year, the report outlines recommendations for leaders in cyber security to adopt to drive progressive change within their own organisations, which include taking an active role in leading on diversity and inclusion, ensuring inclusivity is maintained whilst working remotely, and using data to understand, monitor and improve the talent lifecycle.
In the last year, GCHQ – including the NCSC – has taken steps to improve attraction and recruitment processes, as well as further activity to engage staff through workshops, learning material and access to leading speakers, ensuring everyone understands their part in creating a diverse and inclusive workplace.
Dione Le Tissier, Defence Director in KPMG UK’s People and Change practice, said:
“It’s so important that people working across the sector can thrive and reach their full potential, regardless of their gender identity, ethnicity, disability, sexual orientation or socio-economic background.
“And while we’re seeing improvements in representation, the research shows that there is plenty of work to be done to deliver progressive change and create diverse and inclusive working environments.
“This research delivers vital insight, lifting the lid on the sector so we can better understand how individuals feel about working in cyber security and key areas for improvement.
“We look forward to continuing our partnership with the NCSC in supporting the industry deliver on the recommendations made in this report and to ensure diversity and inclusion sits at its heart.”
The report was based on survey responses from 945 cyber security professionals, which provides insight into makeup of the industry. Amongst its findings were:
- Female representation in the industry is 36% (vs. 31% in 2020)
- Lesbian, gay, and bisexual representation remains at 10%, which is favourable compared to the 2.2% of the UK population that declared themselves as such in 2018
- The ethnic diversity of the workforce is broadly similar to that of the UK population
- Over one in five (22%) have experienced discrimination in the last year (vs. 16% in 2020)
- 12% of respondents have considered changing employer due to barriers to career progression
The new benchmarks captured in this year’s report reveal that:
- 26% of respondents identify as having a disability
- 19% of respondents identify as neurodivergent
- 84% of respondents worked for a large organisation (250+ employees)
- 36% of respondents worked in London, with 32% working in the south west
The report is published following the establishment of the UK Cyber Security Council, which acts as the voice of the UK cyber security profession, and has published its principles in support of diversity and inclusion within the industry. The Council will also develop, promote and steward nationally recognised standards for cyber security in support of the Government’s upcoming National Cyber Security Strategy.
The survey on which this report is based was launched in May 2021.
Latest News from
National Cyber Security Centre
New look Cyber Essentials scheme supports organisations to stay ahead of the cyber threat25/01/2022 09:15:00
Overhaul of the technical control requirements reflect the changes in the way organisations are now working.
UK’s tech innovators urged to join fight against ransomware threat21/01/2022 11:15:00
Opportunity for cyber security startups with ideas to protect small businesses to work with the NCSC's cyber security experts.
Big brands urged to 'scam-proof' messages to public19/01/2022 13:05:00
The NCSC launches new guidance for organisations on securely communicating with customers via SMS and phone calls.
NCSC joins US partners to promote understanding and mitigation of Russian state-sponsored cyber threats13/01/2022 11:15:00
The NCSC supports CISA, FBI, and NSA advice in understanding and countering Russian cyber threats.
Public urged to protect themselves from online sales scams27/12/2021 12:12:00
Yesterday (26 December), the government urged the public to protect themselves from online sales scams through five actionable steps.
Government publishes blueprint to protect UK from cyber threats15/12/2021 15:10:00
National Cyber Strategy sets out how government will protect and promote UK interests in rapidly evolving online world
Seasonal scam warning for last minute Christmas shoppers14/12/2021 13:15:00
The NCSC urge last minute Christmas shoppers to stay safe online by following best practice guidance.
Four more tech innovators join NCSC for Startups07/12/2021 09:10:00
Pioneering tech companies will benefit from NCSC’s expertise and insights by joining the programme.