When you picture a cybersecurity professional, what do they look like?
According to statistics, 62% of computer science professionals (including cybersecurity) are white, and 76% are men. Of course, making sure you have qualified people working for you is important, but evidence shows there are several benefits to having a more diverse cybersecurity team.
What are the benefits of diversity?
In general, diversity is proven to reduce errors and improve decision making, because teams can draw on different experiences and perspectives when approaching a new problem. Diverse companies also tend to perform better financially, according to a recent McKinsey study. It found that in 2019, executive teams in the top quartile of gender diversity were 25% more likely to have above-average profitability than companies in the fourth quartile. And for ethnically diverse executive teams, this rose to 36%.
What does this mean for cybersecurity teams?
There are also specific benefits for cybersecurity teams. Firstly, cybercriminals themselves are not homogenous. For companies to be able to stay ahead of hackers, they need to be able to think like them. This is easier to do when you have different types of people working on your cybersecurity team, as it brings different perspectives to problems.
Secondly, it can help avoid unintended consequences of products or policies. An example highlighted by Paul Baird, chief technical security officer UK at Qualys is the “find my phone” service. Whilst this is great for locating lost phones, it can become a tool for stalking in the wrong hands. A diverse team of people working on this sort of service would be more likely to identify the potential for abuse.
And diversity can come in many different forms. It’s not only important to have gender and ethnically diverse teams, but also to have people of different ages and educational backgrounds on your team. As LinkedIn’s Chief Information Security Officer (CISO) Geoff Belknap explains, “consider people who can process and analyse a collection of information, understand your company’s technology, and understand what the organisation is trying to accomplish…Inquisitive people who are passionate about problem-solving can grow into a cybersecurity position and become effective contributors to the organisation.”