Skip to main content
Search
MENU
What are you looking for?
Close

Outreach and diversity in the cyber security profession

It is vital that the industry further diversifies and encourages a broad base of talent at all levels. It’s easy to build a team of people that look and feel like you, but if you do, you won’t get a team that’s truly seen and heard. If everyone’s the same, chances are their opinions are the same, and you’ll lose out on the great ideas that diverse perspectives can bring. A lack of ethnic minorities in cyber only compounds the issues of a skills gap of over 14,000 people per year and growing cyber threats mean professionals and businesses alike miss out on key insights, experience, views, and contributions from people of colour and those from ethnic minority backgrounds.

There are massive challenges in talent across every industry, cyber security being just one. It’s vital that the industry further diversifies and encourages a broad base of talent at all levels. It’s really easy to build a team of people that look and feel like you, but if you do, you won’t get a team that’s truly seen and heard. If everyone’s the same, chances are their opinions are the same, and you’ll lose out on the great ideas that diverse perspectives can bring.
Martha Lane Fox CBE, Entrepreneur and Crossbench Peer - from 'Decrypting Diversity', NCSC/KPMG UK, July 2020

The cyber security profession in the UK faces specific issues in respect of increasing the pool of cyber security talent.

These include:

  • supporting more neurodiverse candidates into the profession
  • increasing the number of women in the profession
  • facilitating non-traditional routes into the profession

The UK Cyber Security Council has a specific objective to support and improve diversity in the UK cyber security sector. The Council is committed to overcoming actual or perceived barriers to entry into or progression within the industry.

Want to talk?

Browse forthcoming events, and follow the links to find those we'll be at.

Browse Events

Related news

Newest Spotlight Members - Reversec

09 May 2025

Sponsors of the National Cyber Awards 2025

23 April 2025

Cyber Scheme Red Team Manager assessment mapped to Chartered

25 March 2025
See All News

Have a question?

We welcome feedback and comments. Do get in touch.

Contact us

Outreach and diversity in the UK cyber security profession, 2020

It's currently not possible to ascribe definitive values to several key metrics for diversity and inclusivity in the UK cyber security profession. These include:

  • The proportion of people in the profession of:
    - people with disabilities
    - people with different sexual orientations
    - people of different religious beliefs, or no religion
    - people with different gender statuses
    - people from different socio-economic backgrounds or disadvantaged educational backgrounds
    - people from each ethnic group
  • The age profile of the profession
  • The proportion of which people with multiple ‘minority’ characteristics (those which are not widely present in the profession)

However, some baseline estimates are available. These include:

  • For the proportion of women in cyber security roles:
    - 15% - DCMS, 2019 (cyber security sector businesses only)
    - 31% - NCSC, 2020
    - 23% - (ISC)2, 2020
    - 13% - BCS CCP Scheme - Successful IA Professional Register
    - 9% - CFP, 2020
  • For the proportion of people in cyber security roles who self-describe as neurodiverse:
    - 9% - DCMS, 2019
    - 13% - Bugcrowd, 2020 (global survey of cyber security researchers)
  • There are several estimates of the proportion of people in cyber security roles who are from ethnic minority backgrounds:
    - 16% - DCMS, 2019 (cyber security businesses only)
    - 16-22% - (ISC)2, 2020
    - 13-15% - NCSC, 2020
    - 18% - CFP, 2020

This lack of baseline metrics is not a UK-specific problem: nearly every country is as unsighted on this, or worse, than the UK.

The UK Cyber Security Council’s policy and target for outreach and diversity

In the absence of baseline metrics or the option of directing specific people into the profession, the Council’s policy is that there shall be no barriers either to entry to the profession, or to success within it, for any type of person.

The Council’s target for diversity is that the measured diversity characteristics in the profession should match those in the UK’s working-age population.

In practice, this should mean that:

  • anyone shall be able to seek and find information, education, training and employment in cyber security; and
  • each person’s chance of success shall be dependent only on their aptitude and skills
  • everyone in the UK who can work is aware of the prospects for training, education and employment in cyber security
  • the broad range of roles available and skills required in the profession is widely known
  • no-one shall feel that they could not succeed in these prospects because of who they are
  • there shall be no barrier to entering education, training or employment based on demographic characteristics
  • selection for roles at every stage must be made without bias, conscious or unconscious, against any type of demographic characteristic.

Best practices, guidelines, initiatives and support: in development

The UK Cyber Security Council has examined approaches to improving diversity and inclusivity taken by other countries, professions and organisations. Its analysis will help inform much of the Council's work on diversity and inclusivity in the future.

Once the Council is fully operational, the kind of programmes it may support include:

  • initiatives which target particular populations, such as neurodivergent young people or military veterans
  • partnerships between thoughtful, committed third-sector organisations and commercial providers, bringing the two perspectives together
  • the allocation of significant resources managed by skilled organisations, building up a programme over several years with a commitment to improving the offerings each year based on lessons from the previous one
  • initiatives that combine a variety of hands-on (even if virtual) ‘learning by doing’, bite-sized instruction, competitions, teamwork opportunities and one-to-one mentoring
  • imaginative methods to find and engage with underserved groups, recognising the barriers to their participation and being prepared to provide precursor support before the main programme.

 

The Council aims to publish specific objectives and plans in due course.

Find the Council's own diversity and inclusion policy here.

The organisations I’ve worked in, including MI5, have been at their best when they’ve shown creativity and the ability to tackle problems from innovative angles. You don’t get that without diversity – in all its forms.
Lord Jonathan Evans, former MI5 Director General - from 'Decrypting Diversity', NCSC/KPMG UK, July 2020

The Diversity Process Flow: Ethnic Minorities in Cyber

Jargon-loaded job descriptions, a labyrinth of qualifications and a lack of role models revealed as among the biggest obstructions to diversity in cyber security 

Challenging cyber stereotypes in Black History Month and beyond

This month is Black History Month, and following on from our Ethnic Minorities in Cyber Symposium, we look at what the cyber security sector needs to do to increase diversity.

Neurodiversity in cyber

The UK’s cyber security skills gap is well publicised – but addressing it remains a key concern for those in the industry and the UK as a whole.  

Outreach and Diversity Policy

Supporting and improving diversity in the UK cyber security sector is at the forefront of the UK Cyber Security Council's aims.