Report states diversity and inclusion within the industry is lagging behind

One in five cybersecurity professionals have experienced discrimination at work

More than one in five cybersecurity professionals in the UK say they have experienced discrimination at work in the last year, according to a report from the National Cyber Security Centre (NCSC) and KPMG.

The ‘Decrypting diversity’ report examined discrimination related to ethnicity, gender, sexual orientation, neurodivergence, and disabilities within the industry.

It found that a quarter of respondents reported having experienced career barriers as a result of one of these characteristics, up from 14% last year. One in six had considered quitting their job as a result.


The report lists five NCSC commitments to improve matters – an education ecosystem focused on under-represented communities, a female-only bursary scheme, a diversity-focused recruitment policy, addressing the gender and ethnic minority pay gaps, and improved information and support.

“Diversity and inclusion should be an important part of every organization, and programs on this should be available to all staff members, as well as training,” Simon Hepburn, CEO of the UK Cyber Security Council, tells The Daily Swig.

“A good program should include a company’s mission, strategies, and practices to support a diverse workplace and leverage the effects of diversity to achieve a competitive business advantage. To be successful, diversity and inclusion must be a top-to-bottom business strategy and not just another HR (Human Resources) program.”

Simon Hepburn, CEO of the UK Cyber Security CouncilSimon Hepburn, CEO of the UK Cyber Security Council

Gender diversity

A recent report from Bugcrowd found that only 3% of ethical hackers were female – in cybersecurity as a whole, according to the NCSC, female representation is still poor, at 36%.

Lesbian, gay, and bisexual representation, though, stood at 10%, higher than the 2.2% of the UK population who declared themselves as such in 2018.

Meanwhile, ethnic diversity within the cybersecurity industry is broadly similar to that of the UK population as a whole.

RELATED (ISC)² hopes diversity drive will hasten glacial progress on plugging infosec workforce gap

However, more than a third of people with a disability told the researchers that they were uncomfortable about revealing it at work, along with a quarter of gay and lesbian respondents, up from 11% last year.

Bisexual people were also less confident, with fewer than half comfortable with disclosing their identity at work, down from 77% in 2020.

“A continuous focus on creating a sustainable pipeline of cyber talent that promotes inclusion will build a stronger digital future,” Dan Patefield, program head of cyber and national security at techUK, tells The Daily Swig.

“The recommendations the NCSC proposes are key to this, and it is only by meeting these D&I (diversity and inclusion) challenges that we will we be able to bridge the wider skills gap facing the sector.

“Cyber businesses, and indeed all organizations, should look to take forward the relevant report recommendations themselves, such as submitting gender pay data, so that we can work towards an equitable sector and, ultimately, make this report unnecessary.”

YOU MAY ALSO LIKE Zero tolerance: How infosec’s online ‘cancel culture’ is stunting industry growth