You want to have Cybersecurity? Then Go After Diversity of Talent! Part 1

I was speaking last week to the CIO of an international company that had been the target of an intense cyberattack and was still trying to recover 3-weeks after the event.

The company had spent significant capital on protecting itself against such an attack, and yet when the attack came, it was crippled. A due diligence of the event highlighted that the cyberattack protection strategy was doomed by “group think”. Yes, the largest issue at stake was a lack of diversity of talent to richly evaluate cyber risks, to prioritise these risks, to develop a model to minimise the risk and when attacked, to respond rapidly with agility and effectiveness to the security breach. At the heart of the conclusion was that the organisation had fielded a team of security specialists who were so extremely homogeneous that they all looked and quantified risk through the same lens. Voices on the outer side of the group were minimised and sometimes even ostracised for raising alternative approaches.

I have held through my research and writings that the digital revolution provides THE platform for deliberately seeking out diversity of talent, in every single aspect of the digital revolution, and in this case, in response to needing to tackle cybersecurity.

All the key CIO surveys for 2017 (ref.1) confirmed that cybersecurity was now staunchly on the list of Top 10 priorities of CIO’s and in many lists, topping the list of priorities. CIO’s feel overwhelmed by the proliferation of attacks and attack vectors. They feel confused by the array of vendor security solutions and they face a crippling shortage of security experts. Really? Or is this about a crippling unconscious bias in the sourcing and retaining of talent in the cybersecurity market that closes the door on talent that could make the difference?  And this results in a lack of women in security roles, lack of generational diversity (specifically young talent) and talent specialisation that ignores potential roles outside of the normal security specialists.

My research confirms that both factors are at play. Yes, there is a critical shortage of security specialists AND a deep unconscious bias results in diversity of talent not being considered for security jobs or actively pushed out by a hostile environment.

Let me share the facts about the growing cybersecurity threats and the lack of diversity in cybersecurity talent. Finally let’s look at what can be done now and mid-term to address this imbalance.

Growing Cybersecurity Threats

Experts predict that cybercrime will result in a global cost of $6 trillion by 2021 (Ref 2). Fifteen years ago, the models for securing IT systems were simple and classic: secure your IT systems at the perimeter. The exponential growth of cloud technologies and data volumes makes it increasingly difficult to protect against the onslaught of hackers, state-sponsored attacks and inside jobs. By way of the growth in Internet of Things (IOT) there are also a growing number of entry points from which hackers can attack.

As it has now become clear, the classical approach no longer works. Cybersecurity can also not be an afterthought. And every company needs to muster up the diversity of talent to build and integrate security tactics and defences and recovery at the heart of the organisation in a creative and responsive manner.

Read more