Your cyber intelligence source

'Empathy trumps ego' says Standard Chartered cyber head

Nina Paine, Standard Chartered's global head, cyber stakeholder and government engagement, discusses why more empathy in the workplace helps build stronger, more diverse cyber teams.

Cyber is evidently a very male profession. That was one of the headline messages of the National Cyber Security Centre’s (NCSC) Decrypting Diversity research. Disproportionately male senior leadership – 66 percent of those roles filled by men – is just one of the ways in which this is visible.

Nevertheless, the report, undertaken jointly between the NCSC and KPMG, describes favourable inclusion and diversity performance in cybersecurity on key characteristics compared with UK-wide data, with women making up roughly 36 percent of the industry.

Retaining female talent
Although we must continue efforts to achieve parity in these key metrics – through considerate hiring practices and long-term policy changes to interest girls in cyber while in education – the report highlights a stark need for us to focus on work culture and environment to retain and inspire the incredible female talent already in the sector.

Culture change is hard
It means visible leadership and behaviours from the top but also practical and actionable advice for colleagues. And, of course, we need to find ways to measure this change and be transparent about our progress.

It is crucial that we also empower colleagues to adapt and evaluate, talk openly about how they feel and ensure that we don’t just listen but act upon their views.

Use inclusive language
Earlier this year, UK Finance, along with EY and Microsoft, published a paper entitled Use of Non-Inclusive Language in Technology and Cybersecurity And Why It Matters.

The paper highlights the power of language in both verbal and written communication, and the impact that uninformed language choices can have on employee morale and wellbeing.

The guide also provides examples of alternative terminology to non-inclusive language and a 12-step plan to enact change, alongside case studies of success stories.

Building awareness
The report found the main barrier to change is “lack of awareness”. To counter this, it’s important to provide forums and conversations where people feel comfortable highlighting their concerns.

There are also a number of visible, short-term actions we can take. Senior figures acting as mentors for female colleagues, for example, can provide learning and development outside formal line-management chains, and can help open discussions about personal development and organisational inclusion.

Standard Chartered has developed a Cyber Acceleration Programme that seeks to support junior-mid level women to develop their skills through small group sessions and one-to-one mentoring sessions to discuss career goals and objectives.

Such programmes can go at least part of the way to addressing the issue highlighted by one anonymous respondent to the NCSC’s Decrypting Diversity survey: “Female cybersecurity professionals are often overlooked because they are less likely to self-promote.”

‘Think before you speak’
The Use of Non-Inclusive Language paper outlines principles of respect, such as: thinking before speaking; not being quick to assume malice; being quick to apologise.

Yielding to these principles, as well as promoting guidance like asking managers to help call out offensive terminology, or suggesting improved language in an empathetic way, can deliver results and promote understanding and acceptance in the workplace.

Despite a challenging year blighted by the pandemic, the momentum behind cyber D&I initiatives has only continued to grow. 

Now we must harness this focus and use the actionable advice offered for the daily benefit of our colleagues to embed this change for the long term. 

Nina Paine is a board member at the Chartered Institute of Information Security (CIISec)

READ MORE: The 4 starkest NCSC takeaways – and why it matters

READ MORE: Ethical 'con artist' Jenny Radcliffe: 4 signs you're about to be breached

Enjoyed this? Sign up for exclusive weekly SC Media insights via our homepage – you'll get the analysis first

Upcoming Events


SC Bytesize

For most organisations, Active Directory (AD) is the key to identity and access management, which means it is vital that it stays operational and secure. Unfortunately, AD faces a surplus of risks every single day. Whether from ever-frequent cyber and ransomware attacks or critical misconfigurations, effective AD cybersecurity risk management can be a daunting endeavour.

Join us for this FREE live webinar on 14 June, where we'll discuss the threats and potential risks you face in your AD environment. See for yourself how to measure AD risk using a risk register (5x5) as well as learn ways you can mitigate those risks to ensure true cyber resilience.