The issue of diversity in the cybersecurity sector has been present since the early days of IT companies. The public perception of a cybersecurity professional carries with it a specific image of the kind of person who works in IT and cybersecurity, and many minority groups—including women, people of color and ethnic minorities, and disabled and neurodivergent people—are heavily underrepresented in the workforce.
Diversity in the cyber workforce is more than just a social issue. Fighting cybersecurity risks is difficult, especially as the threat landscape is constantly evolving and shifting over time. A diverse workforce is better equipped to handle threats, and diversity should be a priority for organizations looking to fortify their defenses against cyber risks.
Cyber Sector Diversity Statistics
A report based on research conducted on behalf of the UK’s Department for Science, Innovation, and Technology (DSIT) explores the demographics of the cyber sector in both qualitative and quantitative forms. The research addresses the portion of the cybersecurity industry constituted of different minority groups and compares those statistics to the demographic data of the broader UK workforce.
Some of the key findings of the research include:
- Women make up a much smaller proportion of the cyber workforce than the total UK workforce or the digital sector at large. While they constitute 48% of the total UK workforce, they compose only 30% of the digital sector, 17% of the cyber sector, and a mere 12% of the senior cyber workforce.
- Ethnic minorities represent a slightly larger chunk of the digital sector (18%) and the cyber sector (15%) than the total UK workforce (13%), but a smaller portion of senior cyber professionals (9%).
- Disabled people constitute 17% of the total UK workforce, 13% of the digital sector, 6% of the cyber sector workforce, and only 4% of senior cyber professionals.
- While there is no data on neurodivergent people in the larger workforce or the digital sector, the research shows they make up 13% of the cyber sector workforce and 8% of the senior cyber workforce.
- Since 2020, the portions of the workforce composed of women and ethnic minorities have increased and decreased again, while the percentage of disabled people has decreased and the percentage of neurodivergent people has increased.
How Organizations Are Striving for Diversity
The research goes further in inquiring about how cyber firms have made changes in their recruiting processes to attempt to recruit from particular minority groups. This data is based on information from 84 firms that have tried to recruit over the last 18 months.
In 2024, 37% of cyber industry organizations have made changes to recruit more women, 21% have done the same for ethnic minorities, 19% for neurodivergent people, and 18% for disabled people. According to the data, all of these percentages are lower than the previous year.
There is a variety of strategies cited by the firms in the research that have made changes to increase diversity in their recruiting methods, such as:
- Hiring through non-degree routes
- Attending networking events, conferences, and career programs for diverse groups
- Taking action to diversify the organization’s leadership
- Working with recruitment agencies to find more diverse candidates
- Hosting talks or events in education settings
- Working with third-sector organizations to identify and support more diverse groups
Some employers, on the other hand, do not have any measures in place to increase diversity in hiring. They primarily focus on not excluding anyone from their hiring processes, either because attempting to attract more diverse candidates is just not a goal for them or because they lack the expertise or resources to take those steps.
Benefits of Diversifying the Workforce
While increasing diversity in the cyber workforce is a good step for social consciousness and inclusivity, that is not where the advantages end. There are a number of ways that a more diverse cyber workforce can help organizations fight the increasing threat of cyberattacks.
- A diverse workforce makes for a more accepting and understanding work environment for individuals from underrepresented and minority groups. This safety allows workers to carry out their jobs with less stress.
- Fostering a workplace free of discrimination means that employees are more likely to share core traits like nonjudgement and open-mindedness.
- Employees from a wide range of backgrounds are more likely to have diverse knowledge and experience, equipping them to approach cybersecurity issues from many angles, come up with innovative new ideas, and solve problems more effectively.
- Companies with more gender and ethnic diversity are more likely to have above-average profitability, according to one study.
Conclusion
Organizations in the cyber industry tend to struggle with a lack of diversity at a higher rate than broader workforce demographics. Senior cyber professionals, those who have been in their positions for six years or longer, are even more heavily affected by this disparity. While many organizations are taking steps to increase diversity in their recruitment processes, others are not prepared to implement diverse hiring initiatives.
Measures for increasing diversity in the cyber sector can go a long way toward mitigating social problems within organizations, as well as increasing their ability to address cyberthreats. As the threat landscape grows more sophisticated and dangerous over time, it is more important than ever for organizations to foster a diverse workforce to defend against evolving and emerging threats.
Editor's Note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Tripwire.
