Breaking down social barriers in cyber

Suid Adeyanju at RiverSafe argues that we need a more diverse cyber-security industry if we are to protect society from increasingly sophisticated cyber-criminals

 

Creating an inclusive company culture where all employees can thrive should be a priority for all organisations; especially in the cyber-security sector where so many organisations are struggling to fill vital roles. 

 

And while fantastic work is being done across the industry to reduce barriers to entry and encourage diverse tech professionals to choose a career in cyber-security, individuals from marginalised communities remain significantly underrepresented. Clearly, we need to do more to move the needle for the good of both the tech talent pool and the organisations that need its skills. 

 

Meanwhile, the threat of cyber-attacks is on the increase, making the cyber-security skills gap an even bigger and more pressing issue to solve. A recent report from the UK government’s Department for Science, Innovation and Technology revealed that 59% of medium businesses and 69% of large businesses have experienced cyber-security breaches or attacks in the past year.

 

Despite these alarming statistics, only 49% of medium businesses and 68% of large businesses have a formal cyber-security strategy in place, leaving countless organisations at risk. But that shortfall in cyber-security planning may not be due to a lack of trying, given that an estimated 56,811 cyber-security vacancies went unfilled in the UK in 2022—an increase of 73% on the previous year

 

As leaders in the field, it falls to the cyber-security industry to plug this gap and secure our country’s digital assets against this growing bombardment of cyber-crime. That means looking outside the box when it comes to recruiting staff, breaking down barriers, and fostering an inclusive workforce that properly values and utilises expertise from a diverse cohort of individuals. 

 

In short, norms must be broken for nationwide safety to improve. Here are a few places to start.

 

Breaking down socio-economic barriers 

Ease of entry into the cyber-security sector can be hugely affected by socio-economic factors, including access to education, training, equipment, or simply the free time required to upskill in an area like cyber-security. 

 

Coming from a minority ethnic background can also create language and cultural barriers, making entry into the workplace a more difficult undertaking.

 

Left unaddressed, these barriers stem the flow of talent, causing organisations to fight over the same talent pool. With 60% of companies claiming to have had staff poached by other companies, this is clearly leading to widespread and highly unsustainable hiring practices. 

 

To combat these issues, the UK Cyber Security Council recently launched a report which highlights some of these social barriers to the cyber-security domain, including overcomplicated language, unclear qualification requirements and a lack of role models from underrepresented backgrounds.

 

Technical language can be a significant barrier for those trying to break into the field. When overly complicated and unnecessary language is used within job descriptions, candidates (and especially those from typically underrepresented groups) can be discouraged and deterred from applying, even if they have the skills and potential to do the job at hand.

 

To reach candidates that are self-taught or that have taken alternative pathways into the sector, we need to use language that’s inclusive, clear, and that describes the job and what they’ll be doing, rather than all the bells and whistles they’ll use to achieve it. This kind of people-first, plain language approach avoids putting off candidates that would be perfectly capable of doing the job at the first hurdle. 

 

Fixing an education system that’s not fit for purpose

On top of these obstacles that litter the road into the cyber-security sector, minority groups often face disadvantages that stem from their educational experience and which can carry through into the working world.

 

Many cyber-related jobs, even those at entry level, require qualifications and as a result, earning a university degree is the most common route into the field. Employers often prioritise graduate candidates, viewing degrees as shorthand for knowledge and a willingness to learn. However, with a current price tag of £9,250 per year for tuition alone, higher education can fall out of reach for aspiring cyber-security professionals from disadvantaged backgrounds.

 

There are other routes into the cyber-security sector, but these aren’t always as clear-cut as the relatively simple undergraduate track. The multitude of online courses, accreditations and certifications available, while a boon for ambitious students of cyber-security, can cause confusion. 

 

For employers too, sizing up a candidate’s knowledge this way can be a challenge. But as statistics show that approximately 697,000 businesses (51%) have a basic cyber-related skills gap, that needs to change. 

 

Since minimal relatable role models exist right now to inspire young, underrepresented groups and provide examples of how to enter the cyber-security sector, more must be done by organisations to make pathways clear for all candidates, no matter how they’ve found themselves in the cyber-security field.

 

Paving a way forward 

The threat of cyber-crime is rife, and as criminals target businesses, governments, schools and anyone else whose data footprint can be monetised, it has the potential to affect us all.

 

We know that barriers still exist for underrepresented groups, and it’s high time that private organisations, our government and our education sector come together to make these vital opportunities more accessible. 

 

Old ways of thinking must be broken down and culture within the cyber-security industry must become more inclusive, open-minded, and welcoming of alternative pathways to professional cyber-success. 

 

There is no shortage of potential talent. What we lack is innovative thinking around recruiting staff. Organisations must evaluate their approach to make sure their staff, their customers, and their infrastructure are sufficiently protected from the threat of a cyber-attack. 

 

As cyber-criminals become more sophisticated, we as a nation need a cyber-security industry made up of diverse ideas, innovative approaches, and sufficient muscle to get ahead of bad actors. 

 

And that means throwing open the door to talent pools that might not have previously seen themselves represented in the cyber-security sector.

 

---

 

Suid Adeyanju is CEO of RiverSafe   

 

Main image courtesy of iStockPhoto.com