CREST urges greater equity, inclusion and diversity as part of National Cybersecurity Strategy

New guide lays out recommendations to solve the talent shortage in the cyber sector with a more diverse workforce

Posted 23 February 2023 by Christine Horton

Global not-for-profit CREST has called for greater equity, inclusion and diversity (EID) as part of governments’ national cybersecurity strategies.

It has launched a best practice guide to help government departments globally develop a more diverse, inclusive National Cybersecurity Strategy (NCSS).

A NCSS framework describes a nation’s strategy to ensure a more resilient, trusted and robust cyberspace. Part of that is a plan to grow and nurture the talent pipeline, ensuring people have the right skills to fight ever-evolving cyber threats to national security.

Despite this, CREST CEO Nick Benson notes there are few NCSS documents mentioning the benefits of a more inclusive and diverse cybersecurity workforce.

“As the gap between supply and demand in the cybersecurity workforce grows, a clear course of action exists to attract a more diverse talent pool to the sector,” he said.

“As an industry, we must encourage more people into the sector who have different backgrounds, influences and experiences. A more diverse workforce will deliver myriad benefits, including fresh, creative perspectives – on how we can solve complex security problems.”

The 2021 Cybersecurity Workforce Study from (ISC)2 suggests the number of additional professionals organisations need to defend their critical assets adequately stands at 2.72 million people.

Tapping into a diverse talent pool

The CREST guide includes up-to-date descriptions of what equity inclusion and diversity mean in the context of the cybersecurity sector, including age, disability, neurodiversity, gender, sexual orientation, race, religion and socio-economic background.

“Improving equity, inclusion and diversity at a national level is essential for any nation that wants to improve its cyber resilience,” said Allie Andrews, CEO of PRPR and author of the report. “Tapping into a diverse talent pool is not just key to alleviating the skills shortage and the right thing to do, but it is clear it also improves security teams. There are a lot of great initiatives out there, but what is needed is greater guidance in NCSS about what works and what doesn’t.”

The report identifies the UK’s NCSS as one of the best in terms of covering diversity and inclusion

However, EID is about more than simply including policies in an NCSS, said CREST.

“Recruiting and retaining more diverse cybersecurity professionals requires more than policy. It needs genuine collaboration with all stakeholders in the cybersecurity ecosystem. It may also need significant societal or cultural change at a national or workplace level, which takes time, but the rewards will be worth it,” said Benson.

In 2020 CREST received a grant of $1.4 million from the Bill & Melinda Gates Foundation to help increase cybersecurity capacity and cyber resilience in Bangladesh, Ethiopia, Indonesia, Kenya, Nigeria, Pakistan, Tanzania and Uganda. This latest EID Guide has been created by CREST to assist in this enabling process.

Check out April’s Think Cybersecurity for Government virtual event here.