As digitisation continues to accelerate, the incredible business opportunities that exist cannot be understated. Advancing technologies like artificial intelligence (AI) and machine learning (ML) makes highly technical and complex cyber security processes more automated, which can prove instrumental as businesses look to take more of their operations online.
There lies an inherent problem, however, pertaining to the digital skills gap. To uncover this, it’s important to take a broad look at how we arrived at this juncture.
While it can be seen as a positive outcome that businesses continue to adopt more cloud-based infrastructure and entrust more of their operations to algorithms and tools, we mustn’t ignore the evolving threat landscape. Cybercrime is growing in frequency and severity, with businesses of all shapes and sizes at risk, meaning they cannot afford to overlook their security measures. One breach can have a profound negative effect on an entire network and supply chain, with the average remedy cost expected to be £21,000.
The problem isn’t solved by simply adopting more enterprise-grade security solutions like vulnerability assessments, red team engagements, and deploying organisation-wide 24/7 cyber incident response services, although they do exponentially help and reduce the attack surface. Expecting all SMEs in the UK with limited resources and tight budgets to be able to deploy these solutions is naive, so more proactive decisions need to be made.
As cyber attacks invariably boil down to human error and lack of oversight (80% to be exact, according to the ICO), upskilling teams with the right training and skill sets they need to mitigate complex and covert cyber attacks is more reasonable. It sounds promising and straightforward in principle, but an underlying problem exists here, too.
The issue is that the technology sector itself is facing an acute and pervasive skills shortage when it comes to sourcing and finding the right type and amount of skilled cyber security professionals. The demand for cyber security professionals dramatically increased post-COVID; within 2022 alone the industry had already witnessed a 60% increase.
The salient point is that insufficient cyber security defence strategies put companies at serious financial and reputational risk. A major cyber incident can result in lost income – even more if you consider a ransomware attack – along with regulatory or statutory fines, litigation, and the erosion of customer trust, all affecting a business’ bottom line. Evidently, the cyber skills shortage is an epidemic of its own kind; it’s a critical business issue that needs addressing promptly.
So what’s the answer? Diversity, equity, and inclusion (DEI) initiatives offer a powerful and impactful solution for companies trying to navigate this increasingly volatile and complex threat landscape. As cybercrime cost the UK over £30.5 billion last year, with over 25% of all firms attacked in some capacity, the time to act is now.
Workforce diversity, which sees organisations adopting aligned DEI initiatives and implementing skills-based hiring is essential to strengthening any in-house security operation. When information security teams lack diversity of backgrounds and varied perspectives, the blind spots that it can create can be profound.
It’s worth noting that cybercriminals and opportunistic bad actors span the entire globe, possessing different motivations for each attack. Some may be politically or economically motivated, while others may simply serve to extract a ransom from a specific firm. The important takeaway from this is that a homogenous security workforce will struggle to anticipate and respond to a complex and evolving threat landscape.
Diverse security teams, conversely, draw from a richer, broader pool of life experiences, problem-solving approaches, and creative insights. No organisation’s risk exposure is ever clear-cut, and as attacks continue to vary in complexity, adaptation and flexibility will prove crucial in protecting assets, data, and finances.
While the global cyber security workforce has added hundreds of thousands of jobs over the last couple of years, reaching an all time high of 5.5 million positions in 2023, this growth was accompanied by an employment gap of 4 million, according to the security industry nonprofit ISC(2). The same association announced a significant expansion of its DEI partner network last year, solidifying its commitment to fostering greater diversity within cyber. Some new partners include the Women’s Society of Cyberjutsu, Minorities in Cyber, and many more. Focusing on education and development of underrepresented groups is helping to bridge the lingering workforce gap and drive change within the industry, with the hope more firms will follow suit.
While it makes good business sense to adopt more inclusive DEI practices, in a wider context, demonstrating diversity, inclusivity and equality (and backing that up with evident action) is vital for securing trust in society and the digital economy. Promoting diversity in all areas, alongside cyber security, is key to improving collective resilience and fostering an aligned culture.
Despite the clear advantages of embracing DEI in a security function, there are evident obstacles preventing businesses from achieving this goal.
As a starting point, the cyber security and tech industries as a whole suffer from an alarming lack of diversity, especially across gender, race, disability, and other characteristics.
For example, recent government data shows that only 17% of the cyber security workforce is made up of women.
There are a number of systematic barriers and stereotypes that perpetuate this homogeneity in the cyber, tech and IT spaces. These include:
Overcoming these systemic challenges requires concerted effort and accountability from cyber security leaders and decision-makers within organisations and institutions worldwide.
Executives, whether CISOs, CIOs, or CTOs, coupled with their wider teams, must prioritise DEI initiatives as vital cyber security, business continuity, and resilience measures. Promoting more diverse, equitable, and inclusive workforces in tech, security and IT departments in-house will also spread laterally across the organisation in other areas.
Here are some key steps that business leaders can take to ensure and promote a workforce that embraces more DEI:
By prioritising diversity, equity, and inclusion, companies can tap into a broader array of cyber security talent, ideas, strategies and perspectives. This will prove crucial for navigating today’s complex threat landscape that shows no signs of easing.