Increase Diversity to Fight Cyber Crime

Local authorities are being encouraged to look at the diversity of their workforce to help tackle cyber-crime against their organisations.

While there is a moral case for diversity and equality in the workplace, a more diverse and inclusive workforce can also help strengthen your cyber security defences, experts believe.

Sandip Patel KC is a Barrister who is part of the CCOE Advisory Forum. He hopes the CCOE can help local authorities diversify their teams with cyber responsibilities to help give broader insight into cyber-crime in their organisations: “When you go along to cyber conferences the attendees and speakers are 98 per cent male and white and the industry is heavily dominated by ex-military and ex-M15 personnel and law enforcement. There are 7000,000 vacancies in the United States alone in cybersecurity – they can’t all be filled with men with a certain background,” he said.

Patel is optimistic things are starting to change, noting greater evidence women of in key roles. He also believes neurodiversity within cyber teams is important when thinking about the adversary you are facing. “In my experience of prosecuting, those conducting cyber-crime tended to be young men, but they don’t fall into the classical category of a criminal. These are often sophisticated individuals who are often brighter than you – often on a genius level,” he noted.

Irene Coyle, Chief Operating Officer at OSP Cyber Academy, is also on the CCOE Advisory Forum. When working in police recruitment she launched the Positive Action for Women programme which aimed to uncover barriers for women. The programme was successful in increasing numbers of female employees, later becoming a programme for all minority groups. Coyle now advocates for diversity in cyber through giving talks and actively challenging companies to tackle the issue.

Coyle believes increasing the talent pool of young people through apprenticeship schemes and work placements is something local authorities should consider. “This might sound ageist, but young people can be more attuned to the cyber landscape. Having a much more diverse workforce in cyber security will allow you to learn from them and try to build your defences better. You don’t know who is behind the mask because cybercrime is a faceless crime but having a more diverse workforce will help meet the challenges you face.”

A recent report by the National Cyber Security Centre (NCSC) and KPMG, Decrypting Diversity: Diversity and Inclusion in Cyber Security, painted a mixed picture of the cyber security industry. An area where the report calls for further diversity is age, with only one in twenty respondents’ categorising themselves at between 18 and 24 years old. Jonathan Gill, a Partner at KPMG, said the UK needs a thriving cyber security sector to remain safe and prosperous. “Diversity and inclusion are fundamental to this because we need to attract and retain the best talent and foster diversity of thought,” he said.

• Read a copy of the NCSC and KMPG report on cyber industry diversity here: www.ncsc.gov.uk/files/KPMG-and-the-NCSCDecrypting-Diversity-2021-report.pdf