“A diverse team gives you different life experiences and strengths,” says Shawnee Delaney, CEO of US-based insider threat specialist Vaillance Group.
Diversity in your cybersecurity team is also a competitive advantage, according to new research. In partnership with Longitude, a Financial Times company, Kaspersky surveyed 750 leaders at enterprises around the world about their approach to cybersecurity. The research finds organizations that actively improve diversity and inclusion in their cybersecurity teams – named the Diversity Leaders for this reason – are better prepared to deal with a range of cyberattacks.
For example, they are twice as likely (77 percent) to be prepared for ‘black swan events’ – sudden events with widespread impact, like a pandemic – than others in the sample (37 percent.)
Organizations recognize the benefits of a diverse team. Six in 10 say creating a more diverse and inclusive cybersecurity team will be important in the next two years.
They have work to do. Figures show 85 percent of cyber security professionals in the UK are white and 66 percent are male. And only 10 percent of women in IT work in a majority female team, another recent Kaspersky survey found.
New research from Kaspersky in partnership with the Financial Times Commercial department shows that diversity, collaboration and training can help protect enterprise from major cyber threats.
Two ways to rebalance your cybersecurity team
1. Recruit from different sectors
“One of my engineers has no IT security background — he started as a musician,” says Ricardo Lafosse, Chief Information Security Officer at multi-national food company Kraft Heinz. “He sees problems differently from me and that provides a whole new dynamic for how to solve an issue.”
Broadening the talent pool by hiring from unexpected places gives businesses a bigger picture when threatened. Diverse viewpoints make it possible to consider all the ways an invader could attack.
“A diverse team gives you different life experiences and strengths,” says Vaillance Group’s Delaney. “A well-rounded team approaches challenges more creatively.”
2. Build an inclusive culture
Recruitment strategies are just the beginning. Companies must create an inclusive workplace culture so recruits feel welcome, nurtured and excited to build a career.
The National Cyber Security Centre recently found that one in five UK cybersecurity professionals felt they couldn’t be themselves at work. Meanwhile, research by Accenture and non-profit Girls Who Code revealed company culture is the top reason women leave a tech career. And a recent international Kaspersky survey found 44 percent of women in tech think men progress faster.
“Teams are living organisms, and like all living organisms, they can be healthy and flourish — or not,” says Evgeniya Naumova, Executive Vice President of Corporate Business at Kaspersky.
I always take time to notice and appreciate each person’s unique characteristics and to use this knowledge in my interactions with them.
Evgeniya Naumova, Executive Vice President of Corporate Business, Kaspersky
Regional variation in valuing diversity in cybersecurity
Cyber threats are global, but the research shows regions prioritize diversity and inclusion differently.
For example, 84 percent of Australian leaders in the research said they were actively improving diversity and inclusion in their cybersecurity teams. In contrast, only 56 percent of those in Canada agreed with the statement. In Hong Kong and Italy, 72 percent agreed that creating a more diverse and inclusive cybersecurity team would be important in the next two years, but only 52 percent in the UK.
This means multi-national organizations must ensure recruitment strategy and culture improvements happen across operations worldwide. Cyber threats are growing in number and severity, and businesses must do everything they can to protect themselves. Diversity might not always be a top-of-mind strategy, but the data shows it should be.
As well as the powerful benefits of diversity and inclusion, a global strategy needs more senior leadership (C-suite) involvement. The research found companies with closely linked cybersecurity teams and C-suite are better prepared to manage attacks. If there is strong integration with senior leadership, cybersecurity is likely higher on the business agenda, and the team likely feels more valued, leading to better staff retention.
“As cybersecurity leaders, we must push for diversity and ingrain these viewpoints into the fabric of our program,” says Kraft Heinz’s Lafosse. “The threat actors out there don’t care about race or gender. If they find a good hacker, they’re going to be part of their team. We need to be able to think that way.”