Tapping into Diversity to More Effectively Mitigate Digital Risk

This October marks the 15th year of National Cybersecurity Awareness Month (NCSAM). The initiative is described as “a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online.” As security professionals, we recognize that to more effectively defend against adversaries we must work together and collaborate across groups. But if we don’t take advantage of our true collective strength by embracing diversity and inclusion, we’re compromising our efforts. Inventor of the World Wide Web, Tim Burners-Lee said, “We need diversity of thought in the world to face the new challenges.” How well are we tapping into diversity of thought in the field of cybersecurity?

Although it may feel like we’ve been beating the diversity drum for a long time, the truth is we still have a long way to go. New research from Cybersecurity Ventures finds that women make up 20 percent of the global cybersecurity workforce. While up from the 11 percent number that has been widely quoted for years, 20 percent is still a far cry from where it should be, particularly considering women make up 40 percent of the overall workforce across 80 countries according to analysis by the Pew Research Center. The 2018 RSA Conference keynote conversation earlier this year was a well-publicized reminder of the lack of female representation in the industry. But there are less high-profile examples every day. Just last month a tweet went viral from a mother whose daughter was directed in school by a female teacher to sign up for the childcare class because the engineering class she wanted to enroll in was full of boys.

Clearly, increasing the number of women in cybersecurity isn’t as simple as turning a light switch on. That 20 percent reflects how we have grown up, the lessons we learned and thus the way we relate in the world to others. Meaningful change requires a true social evolution which doesn’t happen overnight. It will take time and will require that we all come forward to help. It’s the only way we will meet NCSAM’s goal to ensure everyone has the resources they need to stay safer online and overcome other challenges our industry faces.

To begin with, encouraging and supporting diversity and inclusion in the workforce will allow us to overcome the cybersecurity workforce gap now estimated to reach 1.8 million by 2022. We can’t afford to leave any potential workers out – not only women, but other groups as well. Blacks, Hispanics, and Asians reportedly represent less than 12 percent of the digital security workforce. By expanding to include neural diversity we can also tap into a group that has a 70% unemployment rate. It is only by incorporating all that we can unite our perspectives to best identify different opportunities for innovation.

Compounding the urgency, both the need for security expertise and our definition of that expertise will continue to expand as cybersecurity becomes more tightly woven into the very fabric of our daily lives. Virtually every organization is now digital to some degree with some aspect of their products or services online and thus vulnerable to attacks. Granted, we need more individuals with security expertise to help develop and manage solutions to protect these organizations. However, we also need more people with cybersecurity expertise participating on the business side of these organizations, driving strategy, risk, compliance and security awareness training.

Finally, diversity of thought has business benefits; organizations that are more diverse and inclusive stand to gain a competitive edge. Businesses with a more even distribution of men and women have seen up to a 41 percent increase in revenue. High-performing companies also have more women in leadership roles and those with more ethnically diverse executive teams are 33 percent more likely to outperform their peers on profitability.

NCSAM is a good time to strengthen the diversity drumbeat, but we must continue it over the long term to affect the level of change we need to more effectively mitigate digital risk and meet new challenges.