Group of security professionals calls for higher standards of behavior online and in the workplace
More than a third of infosec professionals have experienced harassment from their peers, according to a study by a new initiative aiming at tackling the problem.
The study, which was produced by Sapio Research, polled 302 male, female, and non-binary industry professionals across multiple age groups, organization sizes, and levels of seniority.
It found that 32% of respondents have experienced online harassment, 44% of which occurred on Twitter and 37% via email.
A similar proportion, 35%, said they have been harassed in person – 36% of which occurred at industry events, 47% in the office, and 48% during work social events.
More needs to be done
While 82% of respondents said their employer has an anti-harassment policy and complaints procedure, 45% said more needs to be done to “understand what constitutes harassment and what acceptable behavior looks like”.
The study also found that 16% of respondents said they would not tell anyone if they witnessed or were a victim of harassment – 7% of whom said this was because they’re too scared to.
Speaking to The Daily Swig, Marc Avery, director at Cyber Chain Alliance and co-founder of Respect in Security, said one of the main issues in the infosec industry is a “general lack of awareness” of issues related to harassment which, in turn, “creates an environment where victims are reluctant to speak out”.
Avery said: “If we can make people more aware of how our words and actions can make others feel, then this will provide a clear message that all forms of harassment are not tolerated in this industry…
“Whilst we are not offering direct support to victims, there does appear to be a lack of support, and so we have partnered with the Cyber Helpline who are, amongst other things, able to offer further support and guidance for harassment victims. Again, it is important for victims to know that this support is there should they need it.”
Respect in Security was formed in the wake of the Cyber House Party initiative, an online conference which launched in June 2020 covering community-focused topics such as inclusion and wellbeing.
Following a panel session that covered online harassment – “one of the most eye-opening, courageous, and well-received sessions” says Avery – a team was formed to talk about how they could bring change to what was “a muted issue”. Thus, Respect in Security was born.
“With the right support and commitment from individuals and organizations, we expect that the initiative will help our industry to be more resilient and prepared to deal with issues affecting our colleagues and friends,” Avery said.
So far, a number of organizations within the infosec industry have signed up, pledging to instill the values it espouses within their workforces.
For instance, Lauren McKenna, global senior HR director at Trend Micro, said her employer has pledged “to support a workplace and community free from harassment and fear”.
British telecoms company Arqiva said it has “a zero-tolerance approach to harassment to any person, in any form”.
Hayley-Rose Hill, performance, engagement, and inclusion lead at Arqiva, said: “We want all our work environments to be inclusive, where everyone can be the best that they can be, and feel safe and respected while doing so… that is why we commit to the Respect in Security pledge.”
And Dave Mareels, CEO at threat analysis provider SOC.OS, said: “By proudly pledging our commitment to Respect in Security together with many of our industry peers, we hope to take that one step further towards being an organization where we honor our core values and promote wellbeing in the workplace and the wider community.”
Respect in Security has already garnered attention online, particularly amongst the infosec Twitter community.
Lisa Forte, partner at Red Goat Cyber Security LLP and co-founder of Respect in Security, told The Daily Swig: “The response has been phenomenal. We have had a huge wave of support from professionals and companies alike. Personally, I have had a large number of messages from people saying how relieved they are to see this initiative go live.”
Going forward, the team aims to add more companies to its list of supporters.
Marc Avery added: “This is no doubt going to be a long journey and our research will drive any further actions.
“In the first instance it is going to be important to listen carefully to what people are saying.
“There are other bodies within our industry who may be in a better position to adapt their own codes of conduct and professional ethics and so we are not attempting to replicate that – our current focus is to raise the awareness and provide an environment where victims feel more comfortable to speak out and where perpetrators think twice about their actions.”