Diversity and Inclusiveness

In 1964, the United States set up an Equal Employment Opportunity (EEO) Commission, as the first
federal law to protect the employees from employment discrimination based upon race, nationality,
colour, sex, religion or origin. It was a measure to ensure that every individual, employee or a job
applicant is treated in a consistent and fair manner.

That was the 1960s, where ensuring equality was consider sufficient and was made legally regulated.
However, in the early 21st century it was recognized it is not enough to just bring people from
different backgrounds into the workforce- the ultimate objective should be around being sensitive
and respectful towards the dissimilarities and making efforts to ensure that no employee feels left
out or hurt because of belonging to a different or minority group.

This was how the concept of “Diversity and Inclusiveness” (D&I) was incepted and companies
realised that adopting D&I practices is not just a magnanimous activity but also brings significant
financial and productivity growth. While diverse teams bring a broader decisive group, enabling
better decision making and hence higher profitability; inclusiveness directly attributes to increased
employee satisfaction, resulting in better productivity and higher retention.

To validate this hypothesis, Forbes conducted a survey in 2017, analysing approximately 600
business decisions made by 200 different business teams in a wide variety of companies over two
years. The results of the survey highlighted the following points:

• Inclusive teams make better business decisions up to 87% of the time.

• Teams that follow an inclusive process make decisions 2X faster with 1/2 the meetings.

• Decisions made and executed by diverse teams delivered 60% better results.

The study clearly highlights the value that adopting D&I brings to an organisation. It becomes even
more valuable in an industry like cybersecurity, which seeks to make the technologies safer for all-
including teenagers chatting over WhatsApp, to our grandparents getting spoofed with HMRC tax
rebate emails to businesses getting hit for their customers’ data and credit card numbers, to our
critical national infrastructure remaining secure and stable. Having an impact on such a large and
varied demographic requiring constant innovation, it becomes all the more important for the cyber
industry to have individuals with diverse mindsets, backgrounds and abilities. To really be effective,
teams need to be culturally and intellectually diverse - so they can challenge others’ view points and
look at the most technical challenges from different perspectives.

Majority of organisations today claim to acknowledge this value preposition and be cognizant of the
fact that diverse teams that are led inclusively perform better than those with more homogenous
teams. However, the ground reality, especially in the cybersecurity sector is that women are
underrepresented- holding only about 24% of the jobs globally; as concluded by (ISC)2 2018 Global
Information Security Workforce study.

In today’s world where the threat landscape is constantly evolving, cybersecurity solutions do not
only require technical expertise, the ability to understand and manage human instincts, and social
behaviour. Employees with a vast array of skills, backgrounds and interests are required to do this
right and craft the most suited solution to every challenge in the cyber industry- including
compliance, legal, training, operations or human resources. By having a diverse team, an
organisation is in a stronger position to tackle the rapidly changing threat landscape and approach
these problems from a wider viewpoint.
More and more organisations today are getting on their path to drive this cultural change of
respecting differences and leveraging these differences to achieve better business results. However,
if an organisation has still not taken the first step in the D&I journey of cognizance, sensitivity,
cultural intelligent and collaboration, it is high time that they rewire their system and drive this
cultural change. This can be initiated by redefining the hiring strategy, training the leadership and
the workforce and then taking mature steps, such as setting up a D&I Council and measuring data
driven metrics. The cybersecurity industry requires more efforts, as it faces a major issue of skills gap
already. According to a recent estimate by Forbes, there will be as many as 3.5 million unfilled
positions in the industry by 2021.

However, this talent gap can also be leveraged as an opportunity by organisation to bring diversity in
their employee pool. This can be done by reducing barriers to enter the industry, recognizing the
existing bias and prejudices, encouraging more and more applicants with diverse backgrounds and
training them to suit the exact needs of the organization.