(ISC)² – the world’s largest non-profit association of certified cyber security professionals – has released the headline findings from its forthcoming study into workplace and hiring diversity in IT/ICT and cyber security roles. The independent ‘blind’ study of employees in 1,000 organisations in the UK and 250 in the Netherlands reveals that workplace diversity in IT and security has become a key operational concern as organisations broaden their efforts to encourage diversity and inclusivity amid the impact of the sector’s skills shortage on IT and cyber security recruitment and staff retention.
Talent acquisition and retention is the leading operational reason that companies have been ramping up their diversity* initiatives. That’s according to 32% of respondents. Meanwhile, nearly one-in-three (29%) added that diversity is important to their organisation because the workforce should represent the demographics in society.
The study, which looked at the diversity of age, gender, ethnicity and origin, reveals that nearly three-quarters of those organisations surveyed (74%) have instituted a stated diversity value or programme in the last 2-5 years. On top of this, a further 16% have followed suit in the last 12 months.
“Workplace diversity encompasses multiple factors including gender, ethnicity, age, origin and much more,” said Deshini Newman, managing director for the EMEA at (ISC)². “While it’s important to spotlight changes and improvements in individual areas such as gender diversity, the wider diversity make-up of the IT Department, cyber security teams and the organisation as a whole can speak volumes about the realities of inclusiveness, forward-thinking and openness to new ideas and approaches in the workplace.”
Newman added: “The cyber security challenge of combating threats with the right people and the right skills is a relentless one. It’s just one reason why organisations must maximise their ability to entice and keep talented and qualified individuals from all corners of society. Bringing new ideas, experience, alternative thinking and approaches to the table as part of a broad selection of skills, experience and backgrounds can inspire, motivate and help organisations to find innovative solutions to today’s IT and IT security concerns.”
Diversity driven by HR, not the Board
Overall, 40% of survey respondents stated that the HR Department is the primary driver of diversity and inclusivity efforts, including measuring employee diversity goals. This compares to just under one quarter (23%) who said it was the senior management team and just 10% that said it was the C-Suite driving diversity initiatives.
Amid the demand for skilled and qualified cyber security personnel, the study confirms that efforts to improve the hiring prospects for these roles are helping overall efforts to recruit. While diversity in hiring is prevalent across those organisations surveyed, IT and cyber security constitute a major part of the overall diversity hiring push.
Nearly two-thirds (60%) of respondents to the survey** said that up to 20% of the current vacancies in their organisations are IT and/or cyber security-based. A further quarter (26%) said these roles constituted between 21% and 50% of their total workforce.
Hiring for cyber roles
Over three-quarters (77%) of respondents said that cyber security roles were recruited for in their organisations in the last 12 months. The number of roles filled ranged from one to 31 across the responses, although nearly 55% of the respondents said that up to ten cyber security personnel were hired by their organisation over the last 12 months. Meanwhile, 18% said that between 11 and 30 roles were hired in the last year.
Over one third of respondents (37%) say just 6%-20% of their IT Department employees are aged 18-21, while an additional third (35%) say none of their IT Department employees are aged 18-21. This indicates a struggle to bring enough new talent in that can learn from their experienced peers. This is critical when considering that the IT Department has an age diversity profile weighted towards older employees.
In fact, one quarter (24%) of the respondents said that up to half the IT Department staff in their organisation are aged 31-40, with 20% of respondents suggesting that up to 35% are aged 41-50.
*(ISC)2 will release its full IT and Cyber Security Diversity White Paper in July. For more research on the cyber security workforce visit www.isc2.org/research
**(ISC)2 commissioned Opinion Matters to conduct an independent blind study of employees in 1,000 organisations in the UK and 250 in the Netherlands. The study gathered insights from those responsible for hiring IT roles in organisations employing 500-plus people. The sample was not exclusively focused on those in dedicated HR roles, but widened to include others outside of the HR Department that would routinely have a hand in the hiring process for IT professionals. Respondents included IT Department heads, team leads, IT directors, CIOs and CISOs. The aspect of diversity explored focused on factors such as gender, ethnicity, age and country of origin, as well as how organisations operationalise their hiring methods