Two great ways to build a more diverse cyber-security team

"A diverse team gives you different life experiences and strengths,” says Shawnee Delaney, CEO of US-based insider threat specialist Vaillance Group.

 

Diversity in your cyber-security team is also a competitive advantage, according to new research. In partnership with Longitude, a thought leadership agency that is part of the Financial Times Group, Kaspersky surveyed 750 leaders at enterprises around the world about their approach to cyber-security. The research found that organisations that actively improve diversity and inclusion in their cyber-security teams are better prepared to deal with a range of cyber-attacks.

 

For example, they are twice as likely to be prepared for ’black swan events’ – sudden events with widespread impact, such as a pandemic – than others in the sample.

 

Organisations recognise the benefits of a diverse team. Six in 10 say creating a more diverse and inclusive cyber-security team will be important in the next two years.

 

They have work to do. Figures show 85 per cent of cyber-security professionals in the UK are white and 66 per cent are male. And another recent Kaspersky survey found that only 10 per cent of women in IT work in a majority female team.

 

There are two ways you can rebalance your cyber-security team.

 

1. Recruit from different sectors

 

“One of my engineers has no IT security background – he started as a musician,” says Ricardo Lafosse, Chief Information Security Officer at multinational food company Kraft Heinz. “He sees problems differently from me and that provides a whole new dynamic for how to solve an issue.”

 

Broadening the talent pool by hiring from unexpected places gives businesses a bigger picture when threatened. Diverse viewpoints make it possible to consider all the ways an invader could attack.

 

“A diverse team gives you different life experiences and strengths,” says Vaillance Group’s Delaney. “A well-rounded team approaches challenges more creatively.”

 

2. Build an inclusive culture

 

Recruitment strategies are just the beginning. Companies must create an inclusive workplace culture so recruits feel welcome, nurtured and excited to build a career.

 

The National Cyber Security Centre recently found that one in five UK cyber-security professionals felt they couldn’t be themselves at work. Meanwhile, research by Accenture and non-profit organisation Girls Who Code revealed company culture is the top reason women leave a tech career. And a recent international Kaspersky survey found 44 per cent of women in tech think men progress faster.

 

“Teams are living organisms, and like all living organisms they can be healthy and flourish – or not,” says Evgeniya Naumova, former Executive Vice President of Corporate Business at Kaspersky.

 

“I always take time to notice and appreciate each person’s unique characteristics and to use this knowledge in my interactions with them.”

 

Evgeniya Naumova, Executive Vice President of Corporate Business, Kaspersky

 

Cyber-threats are global, but the research shows regions prioritise diversity and inclusion differently.

 

For example, 84 per cent of Australian leaders in the research said they were actively improving diversity and inclusion in their cyber-security teams. In contrast, only 56 per cent of those in Canada agreed with the statement. In Hong Kong and Italy, 72 per cent agreed that creating a more diverse and inclusive cyber-security team would be important in the next two years, compared with only 52 per cent in the UK.

 

This means multi-national organisations must ensure recruitment strategy and culture improvements happen across operations worldwide. Cyber-threats are growing in number and severity, and businesses must do everything they can to protect themselves. Diversity might not always be a top-of-mind strategy, but the data shows it should be.

 

As well as the powerful benefits of diversity and inclusion, a global strategy needs more senior leadership (C-suite) involvement. The research found companies with closely linked cyber-security teams and C-suites are better prepared to manage attacks. If there is strong integration with senior leadership, cyber-security is likely higher on the business agenda, and the team likely feels more valued, leading to better staff retention.

 

“As cyber-security leaders, we must push for diversity and ingrain these viewpoints into the fabric of our program,” says Kraft Heinz’s Lafosse. “The threat actors out there don’t care about race or gender. If they find a good hacker, they’re going to be part of their team. We need to be able to think that way.”

---

Read the report: Three steps to superior cybersecurity