The IT security industry is still failing to attract workers beyond a highly limited demographic, the Chartered Institute of Information Security (CIISec) has warned.

Unless it can embrace greater diversity - in gender, age, ethnicity, disabilities and experience - it will face a stagnating workforce, and be unable to keep up with a rapidly expanding skills gap, a new report has argued.

According to the Enterprise Strategy Group, the number of organisations reporting a problematic shortage of cyber security skills has increased every year since 2015. At the same time, CIISec’s survey of information security professionals showed that 89 per cent of respondents were male, and 89 per cent were over 35; meaning the profession is still very much in the hands of older men.

Many organisations pointed to the need to develop specialist security skills as a reason for reduced diversity, as employees need the right technical background. Yet the majority of IT security professionals - 65 per cent - still believe that the best way to develop security skills is to learn on the job.

“The expectation that security is purely a technical subject has led to a focus only on very specific individuals to fulfil roles,” said Amanda Finch, chief executive of the Chartered Institute of Information Security. “Even if we weren’t in the middle of a skills crisis, increased diversity should be a priority, but the present situation makes it critical.

“Expanding the industry’s horizons isn’t only essential to make sure the industry has the skills it needs,” she continued, adding: “It will give a whole range of individuals the opportunity to thrive in a new career, and in the long term protect the industry from stagnation by introducing more varied backgrounds.”

As well as expanding its own horizons, the industry also needs to make a more diverse audience aware of the benefits a career in security can provide and encourage them to switch careers or begin a new path, the report suggested, with 86 per cent of information security professionals stating the industry will grow over the next three years – and 13 per cent said it will “boom”.

John Amer, a security architect at BT, commented: “As the security industry continues to evolve, it’s absolutely critical that we attract people from different areas.

“A diverse workforce helps to bring a wide range of skills and perspectives, which is essential to address the range of opportunities and threats that an increasingly digital world provides.”

Share Story: