Decrypting diversity and inclusion in cyber security

October annually marks Cybersecurity Awareness Month but it’s safe to say the last 18 months have been huge for cyber security despite the global pandemic. DCMS’ latest report shows record levels of investment and a 21% increase in active firms in the field within the UK. Over 50,000 people are working in the sector across the country, but unfortunately, too many look the same.

In a recent discussion chaired by TEISS, journalist Geoff White spoke with Danone’s CISO, Naina Bhattacharya, about the current barriers to inclusivity within cyber security. She immediately called out imagery as a key offender – the cliché of ‘men in hoodies’ sitting in ‘dark rooms’. Calling this out isn’t new, but Bhattacharya said the impact of such content remains a significant issue for the industry.

According to a 2020 report from the NCSC and KPMG, current female representation in the industry stands at 31 per cent, but the study doesn’t account for different levels of seniority, so it is unclear where females may be under-represented.

Ada Lovelace Day, established in 2019, took place this year on 12th October and aims to address this discrepancy; to raise women’s profile in STEM by highlighting positive female role models, like Bhattacharya, achieving great things in the field.

In response to her assertions that cyber security has an image problem, White shared his own experiences of encouraging female spokespeople to feature in broadcast opportunities. He acknowledged his privileged position as a middle-class white man and expressed that he had often found women resistant to being put on-air, despite being qualified to comment. By contrast, male counterparts were generally more willing to be featured in his reporting.

So, it’s not just a comms issue

But PR and further research can help cybersecurity tackle it. Something that White picked up on in his TEISS talk was the lack of insight into why there is a diversity issue. Indeed, the BCS has been monitoring the gender imbalance across tech and IT for several years, but the previously mentioned report from NCSC and KPMG appears to be the first of its kind and only published last year.

So, with a lack of research, it comes down to trial and error, relying heavily on internal comms and HR teams to drive new hiring practices. At Danone, Bhattacharya says that removing technical requirements from job specs helped shift the needle on their graduate intake and emphasises the importance of having a strong internal training programme to encourage people from different backgrounds to upskill in cybersecurity.

But this raises a thorny issue – whilst the experiment at Danone proved that non-technical language encouraged more female applicants, does it affect other marginalised groups from applying? In the same TEISS talk, Eliza-May Austin, founder of, cautioned against creating a hierarchy of diversity and pointed out that widespread changes across the sector could help drive gender diversity but hinder the inclusion of other groups. Diversity covers a whole spectrum of groups, and it’s worth acknowledging that this conversation, and the UK media landscape often focuses heavily on gender as a marker of diversity in cyber security – but that’s just the tip of the iceberg.

How better communication can help

PR is not the silver bullet that will solve the wide-ranging challenges cyber security faces regarding diversity and inclusion. However, comms can have an impact on cyber organisations being able to encourage more varied talent to work with them.

It starts with a few simple things to consider:

  • Images: think beyond the classic stock images of hackers and developers. Getty Images recently commented on the importance of portraying inclusivity in imagery when it comes to demonstrating innovation. Cyber brands need to take a long look at their corporate imagery and visuals; do they represent everyone who works in their industry? Are they diverse?
  • Spokespeople: support your spokespeople, and give minority leaders their opportunity to speak up. Work with them to create a PR strategy that they are happy with, so they can confidently represent the brand and showcase their expertise
  • Research: there is a gap in the market to understand the diversity challenges that the sector faces. Could this be the next piece of research that your organisation commissions?
  • Internal and external comms working together: practice what you preach. If your organisation wants to be known for its inclusive workspaces, it needs to create those spaces first

To find out more or discuss how Brands2Life can help shape your comms, get in touch at [email protected]

author avatar
Emily Reid