Skip to content

NCSC's "Decrypting Diversity" report: the UK Cyber Security Council responds

News release

09:30 Tuesday, 23 November 2021

UK Cyber Security Council

The Council is cited in two of the report's six recommendations: "Publicise the success stories" and "Map out the skills and roles"

The UK Cyber Security Council – the charitable, self-regulatory body for the cyber security education and skills sector – responded to Decrypting Diversity, a report by the National Cyber Security Centre (NCSC) on diversity and inclusivity (D&I) in the cyber security sector.

D&I is one of the four key pillars of the UK Cyber Security Council, the organisation that was commissioned in 2019 by DCMS to be the governing voice for the cyber security profession and launched in the spring of 2021. NCSC's report, written by KPMG, contains six recommendations to improve the D&I performance of the sector.

Responding, Simon Hepburn - CEO of the UK Cyber Security Council - said: "First, we warmly welcome and applaud this second annual report by NCSC and KPMG. Solidly researched again, it makes concrete recommendations that will move the sector towards ensuring there are no barriers to entry to it.

"The sector must succeed at this. It's vital not just to help the sector fill the tens of thousands of vacancies that exist, but for the sector and the UK to benefit from the wider range of abilities, improved creativity, different thinking and alternative contributions of a truly diverse, inclusive cyber security workforce. The Council and the NCSC are in lockstep over the D&I objectives for the sector and, to that end, we also welcome and agree with the conclusions of the report.

"Second: we're very aware that the recommendations in the report are - as they must be in such a report - largely about what needs to be done, and we're conscious that little may change unless the sector proceeds to address how to do what needs to be done; programmes will need to be devised and executed.

"The Council will therefore play its full role in devising, driving and supporting D&I programmes, through the Council membership which we are at the start of building. I encourage cyber-related organisations that want to lead the way in D&I, and which want to show the sector that they're leading the way, to join us without delay. There is much to do."

The Council is cited specifically in two of the conclusions of NCSC's Decrypting Diversity report:

  • Publicise the success stories: the UK Cyber Security Council should produce a series of case studies and career journeys that show the breadth of routes into cyber and the diversity of professionals in the industry today. Individuals need to understand how they can join the cyber security industry and the variety of opportunities available, including at entry level. There should be no barrier to entering the cyber job market based on demographic characteristics.
  • Map out the roles and skills: the UK Cyber Security Council should produce cyber roles and the skills required in order to develop a framework to describe cyber roles and skills consistently. Job descriptions and adverts for cyber roles need to be clear and accessible, to ensure they are inclusive, and focused on aptitude and skills. The industry should support this by, providing information on the cyber roles and skills they require.

[ends]

Media enquiries: press@ukcybersecuritycouncil.org.uk