Understanding the need for diversity in Cyber leadership teams

The journey to diversify leadership teams in cybersecurity is ongoing. Only 13% of Fortune 500 companies have women in senior cybersecurity positions, and females make up only 4% of leadership teams in cybersecurity globally. 

The industry is continually debating how best to diversify its decision-makers, with diversity programs and gender quotas being implemented across businesses. However, what the industry is perhaps not discussing enough is why diversity in leadership is important and how teams can maintain a feeling of inclusion and belonging. Taking a ‘tick a box’ approach and hiring minority groups for the sake of a gender quota will not always be an effective method when it comes to building and retaining diverse teams.

As a recruitment consultant specialising in cybersecurity, I have seen first-hand how diversity can be successful in making organisations flourish and help retain top talent. Here are some insights from myself, and a top industry professional, on exactly why it is important to build diverse leadership teams and how could this change the cybersecurity industry for the better.

Diverse leadership: brings diverse perspectives

In cybersecurity, we work with a diverse range of customers and tackle a diverse array of cyber criminals. If there is only one type of decision-maker for a team, there will only be one outcome and one perspective. Diverse leadership is needed to manage and understand diverse teams, and diverse customers.

Cybersecurity is about mitigating different types of risks, and challenging cyber criminals who come from different types of backgrounds, cultures, and countries. When finding solutions to complex and diverse business problems in security, organisations will not fix every problem with leadership teams consisting of the same kind of people with similar personalities, backgrounds, and experiences.

Andrew Scully, Head of Cybersecurity for leading Australian digital, security and data consultancy Shelde, said: “What women bring to the table is a different perspective to the same problem. Men are great at thinking about technical aspects and diving straight into problems, whereas women bring a sense of rational calm to situations. They tend to think more methodically, are generally more detail-oriented and these traits are so needed at the top in cybersecurity.”

Diverse leadership: aids the recruitment and retention of diverse staff

Employees are generally more likely to feel comfortable in an environment with people who are similar to them, and under leaders who make them feel understood and heard. Due to the fact cybersecurity is so male-dominated, decisions are sometimes made which do not reflect the diverse workforce. This in turn leads to employees feeling excluded, dissatisfied, and could eventually cause them to move to a different organisation, or even a different industry. Alternatively, when businesses make their staff feel welcome and empowered, this improves the level work produced and gives staff an increased sense of satisfaction, with inclusive companies being 1.7 times more likely to be innovation leaders in their market according to Josh Bersin’s research.

Diverse leadership is also essential during the recruitment process. This proves to the interviewee that this is an organisation which values diversity, will make them feel welcomed, and can also prevent a minority group feeling intimidated or overwhelmed during panel interviews. 

Not only this, but it also again adds a different perspective during the interview process.

Andrew said: ““We always ensure that our hiring panels include a female representative from the organisation, as this gives us a different perspective on the individual we are looking to hire.”

Diverse leadership: Encourages the next generation of leaders

Having diversity in leadership communicates to individuals, particularly those in minority groups, that becoming a leader is possible and provides encouragement on how they can get there.

Andrew said: “Cyber security is a male-dominated industry and it shouldn’t be, we are the weaker for it, especially in leadership positions. If we have more females at the top, this will ultimately create more role models to provide inspiration and encouragement for the next generation of females to consider this as a viable career path.”

In recent years, there has been a lot more emphasis on addressing females at schools and universities to educate them on cybersecurity and help them consider this as a potential career. This has ultimately led to a real increase of females entering grad programs in cyber with millennial women now making up 45% of women in the industry according to a recent study by Cyber Ventures. This is something which needs to continue.

Diverse leadership: Ensures the satisfaction of the end-customer

All organisations have an end-user or customer which they ultimately service. Without diverse leadership, businesses have a much lower chance of being able to relate to that customer and service them efficiently. 

Andrew said: “Each customer is different and needs different things. What I’ve found is that when consulting to businesses about their cyber risks, women tend to take a more empathetic view and ensure they emotionally relate to the customer, whereas men take a harder approach and businesses can sometimes get their backs up. We need different types of people to run different types of engagements.”

The ability to connect with the end customer is not only important from a gender diversity perspective, but also from a diversity of thought perspective.

Andrew continues to say: “A lot of people who work in cyber come from an IT background and they treat cybersecurity like an IT problem when it’s not just an IT problem, it is also a risk management problem. So recruiting people from technical backgrounds is great, but also we need people from the risk management side, the policy and procedure side, and those who have the communication skills to consult with businesses and understand what the client needs.

A lack of diversity can create a narrowness of thought and would give us less of a chance of delivering for that client and giving the customer what they need.”

The proof is in the pudding with this, as research by McKinsey & Co found that companies with leadership in the top quartile for gender diversity are 15% more likely to have financial returns above their industry median.

How do we diversify cybersecurity leadership teams?

This isn’t a question with a straight-forward answer. However, there is a lot of progress being to improve the level of diversity across the industry and there’s still a lot that organisations, and individuals, can do to further continue this success.

Instilling a sense of confidence into female security professionals is imperative, in order to help them understand that becoming a leader in the industry is possible and achievable. This encouragement should continue to be delivered by managers and recruiters who are able to advise them on their potential and what their skills are worth in the market.

Andrew says: “I’m a huge fan of mentoring programs, and making sure there is a strong mentoring philosophy. As leaders, we should be having one-on-ones with all our staff to discuss training, development, and understand where they want to go in their career so we can do everything possible to get them into those positions.

I’d like to see a lot more structural changes implemented across the industry so diversity is not just seen as an afterthought. We need to make conscious decisions from the beginning to integrate diversity into our teams. This is a conversation which needs to be ongoing. We have seen great improvement in attracting more females into cybersecurity over the years but there needs to be more progress made and more discussions had.”