Achieving Diversity’s Benefits in Cybersecurity

This blog post was authored by Krissy Safi and Chip Wolford - Managing Director, Security and Privacy on The Technology Insights Blog.

This post is the first in a series about diversity in cybersecurity. In future posts, we will explore similar topics around diversity, equity and inclusion in the cybersecurity space.

Could any security organisation benefit from greater innovation? Or from responding more effectively to diverse internal customers? How about benefitting by retaining the talent its leaders have so carefully nurtured, by accessing more diverse capabilities, or by improving problem-solving capabilities within the team?

In our work with clients, we’ve learned that these benefits, and more, are within reach of cybersecurity leaders who foster diversity, equity and inclusion within their teams. Yet many of those leaders remain unsure of how to attract and retain diverse cyber team members.

This recent article summarises these benefits of diversity, equity and inclusion:

  • Diversity fosters innovation. When team members from different backgrounds collaborate, they stimulate one another’s thinking – on a neurological level – in a way that individuals from the same background cannot.
  • Diversity helps teams respond to internal customers more effectively. If the security team is as diverse as the individuals they serve, then the team will strategise, communicate and execute more effectively for its stakeholders.
  • Inclusion will also help a team stick together. Once a leader has nurtured a diverse workforce, inclusion and equity are the qualities that help diverse team members feel comfortable enough to stay. In fact, one study shows they’ll be more than five times as likely to want to stay for a long tenure.
  • A diverse team offers a more robust network, and therefore helps the department attract more talent.
  • Cognitive diversity is another benefit that comes with diversity of ethnicities, ages and genders, among other demographic attributes. Cognitively diverse teams solve problems faster while also modeling new critical thinking skills and greater flexibility in their approaches to problems, according to one study.

DEI: some definitions

Organisational leaders may already be familiar with the environmental, social and governance (ESG) matters that have come to concern investors and other stakeholders over the past several years. Diversity, equity and inclusion (DEI) are themes that are core to the “social” aspects of an organisation’s ESG strategy. But beyond the significance of DEI to social justice in general, research shows that “differences of age, ethnicity, gender and other dimensions foster high performance.” It’s important to understand the connections between diversity, equity and inclusion:

  • Diversity includes the qualities that distinguish people from one another. It encompasses demographic differences like age, gender and ethnicity, but it also manifests in less-apparent differences like background, education and ways of thinking.
  • Equity means treating people in ways that eliminate unfairness – and it’s a higher standard than fairness. In one classic example, fairness provides everyone with a ladder of the same size to see over a wall, but equity provides each person with a ladder that’s tall enough to enable them to see over the wall, based on their specific height.
  • Inclusion calls for cultivating an environment where individuals experience a sense of belonging along with respect for their uniqueness.

These definitions highlight this truth: hiring intentionally for diversity doesn’t work without equity and inclusion. Without inclusion or equity to encourage contributions from diverse team members, the value of diversity will not be realised.

Attracting new professionals

Cybersecurity organisations are looking for innovation; leaders know they need diverse perspectives to get there. Security leaders are coming to understand that diversity will support their success.

Cybersecurity is a people-oriented discipline; leaders know they’re not securing assets, they’re securing individuals – their identities and their livelihoods. All the technology and process underpinning cybersecurity exist to support the core task of creating security for individuals. Cybersecurity is an empathetic discipline, one that calls for connecting with the needs of individuals.

The corporate cybersecurity function is no different from a consulting firm that builds DEI into its own teams to respond to and support clients’ objectives to be diverse, equitable and inclusive. Understanding the internal customer and developing trust between parties both get much easier when the cybersecurity team is composed in a way that’s representative of the internal customers they support.

When applicants don’t see anyone like themselves in the current team, they might not apply to join, and the team won’t grow more diverse. It’s a problem that calls for guidance on both sides: leaders trying to recruit, support and retain a diverse workforce, and new applicants doubting the suitability of cybersecurity as a career path.

Cybersecurity leaders can partner with colleges and universities (especially those with a diverse student body) to recruit candidates. They can collaborate with professional networks like Women in Cybersecurity and Blacks in Cybersecurity to attract more diverse recruits as well.

Candidates and diverse recruits can be encouraged and taught to ward off imposter syndrome, whereby individuals have come to doubt their own abilities or value. Leaders who highlight the conditions that lead to imposter syndrome (like chronic underrepresentation, uncredited work efforts and microaggressions) can helps address imposter syndrome on their own teams, while also combatting the problem more broadly in corporate cultures.

One cybersecurity leader from a diverse background herself said, “The more diversity we have on the team, the more likely we are to get different emotional intelligence. Different perspectives come up with better solutions. Irrespective of anybody’s particular background, having diverse backgrounds does result in a broader perspective.”

To learn more about our cybersecurity solutionscontact us.


Michael Pang
Michael is a managing director with over 20 years’ experience. He is the IT consulting practice leader for Protiviti Hong Kong and Mainland China. His experience covers cybersecurity, data privacy protection, IT strategy, IT organisation transformation, IT risk, post ...
Franklin Yeung
Franklin is a director with over 22 years’ experience in IT consulting, audit, and system implementation. He has experience in assisting organisations with IT/IS security, strategy, governance, risk management, internal controls, business continuity management, system ...