Generational diversity in cyber - striking the right balance

16 November 2021 6 min. read
More news on

Technology skills are in high demand, but how do companies ensure they remain inclusive for younger and older workers alike? Cheryl Mathieu, Jez Haisman and Belton Flournoy from Protiviti share their thoughts.

“There are massive challenges in talent across every industry, cyber security being just one,” says entrepreneur and crossbench peer Martha Lane-Fox. “It’s really easy to build a team of people that look and feel like you; but if you do, you won’t get a team that’s truly seen and heard.”

National attention on diversity and inclusion is mounting. Last year, the National Cyber Security Centre (NCSC) released its first report about diversity and inclusion in a sector where skills are in high demand. In 100 pages of analysis, alongside these comments from Martha Lane-Fox, Decrypting Diversity outlines the experience of 1,252 cyber security professionals in the UK – and it makes interesting reading.

Generational diversity in cyber - striking the right balance

LGBT+ representation is higher than the general population and ethnic minorities are broadly in line. Nearly 90 per cent of people believe their company would be supportive in the face of inappropriate behaviour. But three-quarters of people who experienced a negative incident at work did not want to report it; and 9 per cent revealed they were considering leaving their job because of diversity and inclusion issues.

There is always more work to do: in its next report, the NCSC will expand the scope of its research to include “a full range of diversity and inclusion data”; and a recent discussion paper from the FCA and the Bank of England, is calling on regulated firms to “accelerate the pace of meaningful change.”

One wat of moving diversity and inclusion forward is through a healthy generational balance.

A multi-generation workforce

Back in the 1990s, many people starting technology jobs were doing so for the first time. In the early days of the internet, opportunities to work with hardware and software were open to anyone who with aptitude and interest. Many of us at Protiviti, who have worked in the sector for a long time, arrived from different industries because somebody opened a door and let us in.

But as the sector has matured, so the pace of change has sped up. Technologies we worked with 30 years ago have been replaced many times over during the digital transformation of business in recent decades, and cyber security has emerged as a specialism. As a result, our roles have changed, alongside the products we work with, and the knowledge we have acquired along the way.

At the same time, technology tools have become accessible earlier in people’s lives. In the past 10 years, children have started coding at school, they can build software companies from their bedrooms, and their digital native skills are in high demand by technology and cyber security companies alike. In 2021, there is a depth of skills and experience in the workforce.

The recent Great Places to Work Top in Tech report, which includes a group of cyber security companies, says employees have a “consistent experience when it came to driving innovation, independently of their role or demographic background”. Eighty-eight per cent of those below the age of 35 said they have meaningful opportunities to innovate, alongside 85 per cent of people over the age of 35.

More young people in the industry creates new ideas, and the chance for innovation: they bring new skills and help companies to respond in a fast-changing environment. And they also offer the chance for experienced cyber security professionals to support them: sharing experience of client development, disaster recovery and the myriad of softer skills used in commercial environments.

Three steps forward
A balance of age groups at work is a natural and positive occurrence. But, of course, there is always a risk of age discrimination creeping in. Technology companies are future focused and fast moving. If the skills they need can be nurtured earlier in people’s lives, then older workers might face greater competition for jobs.

With this in mind, at Protiviti we believe there are three steps to consider, to help maintain a healthy generational balance and harness the collective benefit it can bring:

Collect data
In line with the NCSC, FCA and the Bank of England, measuring what’s happening at the moment is powerful and important. Data helps companies to make changes against the measurements they collect and to understand how they are improving. Without clear metrics on age, and the experiences of people in different age groups, then good intentions will remain just that.

This matters for cyber security companies, and also companies with cyber security departments, which can be understood alongside the rest of the business.

Inclusion matters
Martha Lane-Fox is right. For everyone to be seen and heard, they need to have a voice. Companies can hit all the right numbers on diversity, but if the culture of a business discriminates against people because of their age, then those people won’t feel welcome. When people feel included, they also begin to feel competent, and their voice will be naturally amplified as a result. Inclusion matters for young people joining an organisation and everyone else too.

Understand unconscious bias
Ageism needs to be part of unconscious bias training. At the moment, it’s common for people to retrain later in their careers or move from another area of technology into cyber security. That means there are applicants in their 40s looking for lower-level jobs because that’s what they want, and it’s healthy for companies to understand that.

Don’t assume because somebody is older, they are no longer right for a particular role. Bringing these conversations into unconscious bias training is important for the sector.

In summary
The focus on diversity and inclusion in cyber security is only going to increase. The NSCS report will be followed up by a second edition, which promises to shed more light on workforce characteristics, including age. At the same time, the regulators are keen to understand what firms can do to represent the communities they serve. Diversity in all its forms will remain in the spotlight for a long time to come.

As companies seek to avoid groups of people that look and sound like each other, Protiviti believes that age is an important part of the diversity and inclusion agenda. Businesses that create a space for multiple generations will harness the unique mix of skills and experience that cyber security professionals bring; and, only then, will everyone be seen and heard.