Two Great Ways to Build a More Diverse Cybersecurity Team

Kaspersky is a Business Reporter client.

Well-prepared cybersecurity teams are more likely to value increased diversity. So, how do businesses get there?

“A diverse team gives you different life experiences and strengths,” says Shawnee Delaney, CEO of US-based insider threat specialist Vaillance Group.

Diversity in your cybersecurity team is a competitive advantage, according to new research. In partnership with Longitude, a thought leadership agency that is part of the Financial Times Group, Kaspersky surveyed 750 leaders at enterprises around the world about their approaches to cybersecurity. The research found that organizations that prioritize diversity and inclusion in their cybersecurity teams are better prepared to deal with a range of cyberattacks.

For example, they are twice as likely to be prepared for “black swan” events—sudden events with widespread impact, such as a pandemic—than others in the sample.

Organizations recognize the benefits of a diverse team; six in 10 say creating a more diverse and inclusive cybersecurity team will be important in the next two years.

However, they have work to do. Figures show that 85% of cybersecurity professionals in the UK are white and 66% are male. And another recent Kaspersky survey found that only 10% of women in IT work in a female-majority team.

There are two ways you can rebalance your cybersecurity team:

1. Recruit from different sectors

“One of my engineers has no IT security background—he started as a musician,” says Ricardo Lafosse, Chief Information Security Officer at multinational food company Kraft Heinz. “He sees problems differently from me and that provides a whole new dynamic for how to solve an issue.”

Broadening the talent pool by hiring from unexpected places gives businesses a bigger picture when threatened, and diverse viewpoints make it possible to consider all the ways an invader could attack.

“A well-rounded team approaches challenges more creatively,” says Delaney.

2. Build an inclusive culture

Recruitment strategies are just the beginning. Companies must create an inclusive workplace culture so recruits feel welcome, nurtured and excited to build a career.

The National Cyber Security Centre recently found that one in five UK cybersecurity professionals felt they couldn’t be themselves at work. Meanwhile, research by Accenture and nonprofit organization Girls Who Code has revealed that company culture is the top reason women leave a tech career. And a recent international Kaspersky survey found that 44% of women in tech think men progress faster in their organization.

“Teams are living organisms, and like all living organisms, they can be healthy and flourish—or not,” says Evgeniya Naumova, former Executive Vice President of Corporate Business at Kaspersky.

Cyber threats are global, but research shows that regions prioritize diversity and inclusion differently.

For example, 84% of Australian leaders surveyed in the research said they were actively improving diversity and inclusion in their cybersecurity teams. In contrast, only 56% of those in Canada agreed with that statement. In Hong Kong and Italy, 72% agreed that creating a more diverse and inclusive cybersecurity team would be important in the next two years, compared with only 52% in the UK.

This means multinational organizations must ensure that recruitment strategy and company culture improvements happen across operations worldwide. Cyber threats are growing in number and severity, and businesses must do everything they can to protect themselves. Diversity might not always be a top-of-mind strategy—but the data shows it should be.

In addition to the powerful benefits of diversity and inclusion, a global strategy needs senior leadership involvement. The research found that companies with closely linked cybersecurity teams and C-suites are better prepared to manage attacks. If there is strong integration with senior leadership, cybersecurity is likely higher on the business agenda, and the team likely feels more valued, leading to better staff retention.

“As cybersecurity leaders, we must push for diversity and ingrain these viewpoints into the fabric of our program,” says Lafosse. “The threat actors out there don’t care about race or gender. If they find a good hacker, they’re going to be part of their team. We need to be able to think that way.”

Read the report: Three steps to superior cybersecurity.

This article originally appeared in Business Reporter.

Image: iStock id1409790617