An (ISC)2 study of employees in 1,000 organizations in the U.K. and 250 in the Netherlands reveals that workplace diversity in IT and security has become a key operational concern, as organizations broaden their efforts to encourage diversity and inclusivity amid the impact of the sector’s skills shortage on IT and cybersecurity recruitment and staff retention.
Talent acquisition and retention is the leading operational reason that companies have been ramping up their diversity initiatives, according to (32%) of respondents. Meanwhile, nearly one in three (29%) added that diversity is important to their organization because the workforce should represent the demographics in society.
The study, which looked at the diversity of age, gender, ethnicity and origin, revealed that nearly three quarters of organizations surveyed (74%) instituted a stated diversity value or program in the last 2-5 years. On top of this, a further 16% have followed suit in the last 12 months.
“Workplace diversity encompasses multiple factors including gender, ethnicity, age, origin and much more. While it is important to spotlight changes and improvements in individual areas such as gender diversity, the wider diversity make-up of the IT department, cybersecurity teams and the organization as a whole can speak volumes about the realities of inclusiveness, forward-thinking and openness to new ideas and approaches in the workplace,” said Deshini Newman, Managing Director EMEA at (ISC)2.
“The cybersecurity challenge of combating threats with the right people and the right skills is a relentless one. It is just one reason why organizations must maximize their ability to entice and keep talented and qualified individuals from all corners of society. Bringing new ideas, experience, alternative thinking and approaches to the table, as part of a broad selection of skills, experience and backgrounds can inspire, motivate and help organizations to find innovative solutions to today’s IT and security concerns.”
Diversity being driven by HR, not the board
Overall, 40% of survey respondents stated that the HR department is the primary driver of diversity and inclusivity efforts, including measuring employee diversity goals. This compares to just under one quarter (23%) who said it was the senior management team and just 10% that said it was the C-suite driving diversity initiatives.
Amid the demand for skilled and qualified cybersecurity personnel, the study confirmed that efforts to improve the hiring prospects for these roles are helping overall efforts to recruit While diversity in hiring is prevalent across the organizations surveyed, IT and cybersecurity constitute a major part of the overall diversity hiring push.
Nearly two-thirds (60%) of respondents said that up to 20% of the current vacancies in their organizations are IT and/or cybersecurity-based. A further quarter (26%) said these roles constituted between 21-50% of their workforce.
Hiring cyber roles
Over three quarters (77%) of respondents said that cybersecurity roles were recruited for in their organizations in the last 12 months. The number of roles filled ranged from 1 to 31 across the responses, although nearly 55% of the respondents said that up to 10 cybersecurity personnel were hired by their organization over the last 12 months. Meanwhile, 18% said that between 11 and 30 roles were hired in the last year.
Over a third of respondents (37%) say just 6-20% of their IT department employees are aged 18-21, while an additional third (35%) say none of their IT department employees are aged 18-21. This indicates a struggle to bring enough new talent into the department that can learn from their experienced peers. This is critical when considering that the IT department has an age diversity profile weighted towards older employees. One quarter (24%) said that up to half the IT department staff in their organization were aged 31-40, with 20% of respondents suggesting that up to 35% were aged 41-50.