Cutting DEI programmes is not just short sighted, it’s counterproductive.
For the cyber industry, diversity, equity and inclusion (DEI) are not just nice to have initiatives, they are a necessity.
As big tech organisations such as Amazon and Meta cut diversity programmes, UK cyber leaders must recognise the value of diverse teams and their critical role in strengthening cybersecurity function.
The risks of a non-diverse cyber workforce were made clear last year when a Hong Kong company lost $25 million to scammers who used deepfake technology to impersonate the company’s chief financial officer. This case underscores the growing sophistication of cyber threats, driven by generative AI (GenAI) and the urgent need for stronger cybersecurity measures and teams.
Diversity is a powerful tool in this fight, fostering innovative thinking and varied problem-solving approaches that help counter emerging threats.
Reforming routes into cyber
The cybersecurity industry continues to struggle with diversity. Only around 25 percent of the cybersecurity workforce is made up of women and this cuts out a valuable pool of talent in an industry.
This underrepresentation stems from systemic barriers, including a lack of early education on available cybersecurity careers. Schools must introduce cyber as an accessible and viable career path for all students, emphasising that skills like creativity are just as valuable as technical skills.
Employers also play a crucial role in breaking down barriers and improving diversity within their teams. Restricting hiring to traditional degree holders and demanding excessive experience for entry level roles perpetuates a homogeneous workforce. If candidates cannot get past the first hiring hurdle, the industry will continue to suffer from a lack of fresh perspectives.
By prioritising diverse hiring practices, organisations can ensure their teams possess the breadth of thought needed to tackle evolving threats.
Hiring for impact skills
Rather than placing excessive emphasis on academic qualifications, organisations should focus on hiring candidates based on impact skills such as problem-solving, adaptability and teamwork. Shifting to skills-based hiring can create opportunities for talented career changers from non-traditional backgrounds to bring unique insights and expertise to cybersecurity teams.
A skills-focused hiring process also ensures that candidates without advanced technical skills are not excluded from the process. This is critical for the strength of the team as impact skills such as analytical thinking and decision making are difficult to teach, while technical training is an ongoing necessity in cybersecurity.
The industry needs diverse candidates to ensure teams have skills like creativity and critical thinking to solve increasingly complex threats.
Career transition pathways remain underdeveloped in cybersecurity. For example, project managers possess critical skills like communication and coordination, both highly valuable in cyber roles, yet often don’t fit traditional hiring criteria.
By opening alternative routes, hiring managers can tap into a broader talent pool equipped with the diverse skills needed to tackle cybersecurity challenges.
The case against cutting DEI initiatives
In an industry already facing hiring challenges, cutting DEI programmes is not just short sighted, it’s counterproductive. It reflects a disturbing trend of scapegoating and inaction. Instead of abandoning these crucial efforts, organisations should critically examine why they haven't yielded the desired results and work to improve their effectiveness.
The tech industry is highly susceptible to bias in the algorithms that drive decisions, the opportunities available and the hiring process. This often means that the industry risks losing top talent as underrepresented groups find it harder to access the opportunities they would otherwise be a good fit for.
Alongside the strength that diverse skills and experiences bring to a cyber team, more diverse organisations are more likely to have the role models to attract and retain top talent, improving productivity and profitability. Indeed, outperformance increases by 39 percent for companies in the top quartile of ethnic representation compared to the bottom quartile.
Rather than axing programmes when success seems limited, leaders need to assess what isn’t working. One thing that can reduce the impact of DEI programmes for instance is a wider company culture. It’s not enough to get people into jobs if they then leave because the environment is toxic. There needs to be a holistic effort to integrate diversity within the tech industry.
Beyond ethical considerations, continuing DEI programmes is crucial to creating equitable and high-performing organisations. By assessing what’s not working, learning from best practices and addressing systemic biases, we can build more diverse and inclusive workplaces that are ultimately more innovative, productive and successful for all.
Diversity in cyber matters now more than ever
As threats grow more sophisticated, organisations can no longer afford to overlook the benefits of diverse teams. Embracing diversity is not just about representation, it’s about creating stronger, more innovative and resilient cybersecurity teams.
Organisations must rethink their hiring practices, creating inclusive workplaces and committing to long-term DEI strategies. By embracing diversity, organisations will enhance their ability to anticipate and counteract emerging threats and build a stronger, more innovative cybersecurity workforce.
Written by
Dr Andrea Cullen
CEO and Co-Founder
CAPSLOCK