Full Report
Joint report between the NCSC and KPMG UK is the first in a series to benchmark and track levels of diversity and inclusion in the cyber security industry.
Analysis Summary
# Industry News: NCSC and KPMG Benchmark Diversity in UK Cyber Security
## Summary
The National Cyber Security Centre (NCSC) and KPMG UK have released a seminal joint report establishing the first comprehensive benchmark for diversity and inclusion within the UK’s cyber security sector. The study aims to track representation across the industry to identify systemic barriers and promote a more inclusive workforce capable of addressing evolving digital threats.
## Key Details
- **Date:** 28 July 2020
- **Companies Involved:** National Cyber Security Centre (NCSC), KPMG UK
- **Category:** Industry Analysis / Research Report
## The Story
The "Decrypting Diversity" report represents the first in a planned series of annual benchmarks designed to provide a data-driven view of the cyber security talent landscape. Recognizing that a lack of diversity can lead to "groupthink"—a significant vulnerability in threat assessment and defense—the NCSC and KPMG surveyed thousands of professionals to assess representation across gender, ethnicity, sexual orientation, and socio-economic backgrounds. The report highlights that while the industry is growing rapidly, it continues to struggle with underrepresentation and inclusion, with many minority professionals reporting higher levels of workplace discrimination compared to their peers.
## Business Impact
### For the Companies Involved
- **NCSC:** Solidifies its role as a thought leader and "ecosystem" coordinator, moving beyond technical guidance into workforce development.
- **KPMG UK:** Positions its cyber consulting practice as socially responsible and deeply integrated with national security priorities.
### For Competitors
- **Consultancies and Tech Firms:** Sets an industry standard for D&I reporting; companies failing to meet or track these benchmarks may face difficulties in public sector procurement and talent acquisition.
### For Customers
- **Enterprise Clients:** Better diversity within their security providers typically leads to more innovative problem-solving and a wider breadth of perspective when analyzing global threat actors.
### For the Market
- **Labor Trends:** Highlights a critical need to broaden recruitment pipelines to address the chronic cyber security skills gap.
- **M&A and Investment:** Diversity metrics are increasingly becoming a component of ESG (Environmental, Social, and Governance) criteria for investors evaluating cyber startups.
## Technical Implications
While primarily a social and business study, the technical implication is rooted in **Cognitive Diversity**. The report suggests that technical defenses are enhanced when teams possess varied analytical approaches, reducing the "blind spots" that attackers exploit.
## Strategic Analysis
- **Market Positioning:** This report shifts the narrative of cyber security from a purely technical "IT problem" to a human capital and strategic business priority.
- **Competitive Advantage:** Firms that adopt the report’s inclusion recommendations early will likely see higher retention rates in a market where talent is scarce and expensive.
- **Challenges:** The primary obstacle is the "cultural lag" within legacy security teams and the difficulty of measuring "belonging" accurately across a fragmented global industry.
## Industry Reactions
- **Analyst Opinions:** Analysts view this as a necessary step to professionalize the industry, aligning it with other mature sectors like Law or Finance.
- **Expert Commentary:** Leaders in the field note that "you cannot manage what you cannot measure," praising the report for providing the mandatory baseline data.
- **Market Response:** Initial response suggests a positive reception from HR and Recruitment leaders, though technical leadership remains focused on whether these changes will impact immediate hiring speeds.
## Future Outlook
- **Predictions:** Expect future reports to show a slow but steady increase in minority representation, driven by government-backed apprenticeships and "cyber first" initiatives.
- **What to watch for:** Watch for the integration of diversity metrics into UK government tenders and cybersecurity certifications.
## For Security Professionals
Practitioners should view this report as a signal that "soft skills" and inclusive leadership are becoming as critical to career progression as technical certifications. For hiring managers, it provides a framework to audit their own team compositions against national averages to ensure they are not falling behind in the global race for talent.