The modern cybersecurity team is as much about its people as it is its technology. To stay ahead of increasingly varied and complex threats, teams must be robust, flexible, highly skilled, and perhaps most importantly, diverse.
However, the latter component has traditionally been a challenge within the cybersecurity space – particularly when it comes to gender diversity. While change is coming – women are now reported to make up 24% of the security workforce– there is still much more work to be done.
As we can see when we look at other industries going through similar transitions, it is a change that’s worth making, for many reasons. Putting aside the moral case for greater diversity in the workforce, there is a significant business case here too. Numerous studies show that companies with greater gender diversity tend to outperform their peers.
An in-depth analysis of Fortune 1000 companies between 2002 and 2014 found that those with female CEOs saw returns 226% higher than their male-led counterparts. A separate study, this time carried out by Credit Suisse, found that “Companies with more female executives in decision-making positions continue to generate stronger market returns and superior profits.”
This is a running theme, spanning multiple studies across multiple industries – with the Petersen Institute and McKinsey, among others, concluding that more women in leadership positions translates to better performance and higher profits.
Filling the skill gap
More women in decision-making positions within cybersecurity is clearly much needed, not to mention long overdue. When we talk of the need for a more diverse workforce, we need to look much further than gender.
For the cybersecurity industry to keep pace with the evolving threat landscape, it needs greater diversity of all types and at all levels – backgrounds, culture, ethnicity, age, experience, qualifications and beyond.
Not only is this the right thing to do from an ethical perspective – it is fast becoming a necessity. Cybersecurity faces a potentially catastrophic skill gap with an estimated 2.9 million unfilled positions globally.
Such is the gravity of the situation that 63% of organizations say they have a shortage of cybersecurity staff. This skill gap is only going to widen as the need for cybersecurity services increases. We are only ever going to fill that gap by widening our search.
This means looking to those from all backgrounds and cultures. Those without university degrees, those under the age of 21 or over the age of 60 – even those without the technical skills we might usually associate with cybersecurity positions.
The modern cybersecurity team needs a varied array of skills in its arsenal. The more technically minded must work alongside skilled communicators, collaborators, problem solvers, business leaders and project managers.
With such a pressing need for a broader range of expertise – and an ever-widening skill gap – what sense does it make to keep searching for talent in the same limited pool?
Doing so not only decreases the catchment area and potentially excludes a host of talented cybersecurity professionals but it could also cause serious issues when it comes to defending against increasingly sophisticated cyber threats.
How diversity helps us all
Setting aside the fact that diverse teams tend to outperform more homogeneous ones, and the obvious logic behind searching for much-needed skills in a wider talent pool, there’s another, arguably even more important reason to continue the push for greater diversity in our industry. Without it, we run the very real risk of being left behind.
By continuing to look in the same place for cybersecurity professionals, we will inevitably continue to find the same things. The same types of people, from the same backgrounds, with the same skills, offering the same perspectives. While cybersecurity teams stay the same, we can be sure that the threats we face do not.
In other words, by following this traditional approach, we will continue to put the same set of eyes on a rapidly evolving set of problems.
Diversity challenges traditional assumptions and thought processes, bringing a fresh perspective to old problems as well as to new challenges. The more we include new and varied viewpoints, evolved from different life experiences and backgrounds, the better-informed our industry becomes: and the more equipped we are to respond to an increasingly diverse threat landscape.
Ultimately, the cyber threats we face are instigated by those from all walks of life. Deployed by those with varying skill levels, from different cultural, class and economic backgrounds. To ensure our industry can continue to stand up to these threats, we need to make sure the teams we put in place to fight them are just as diverse.