Top of Page

(ISC)² Study Reveals a Third of Businesses are Boosting Diversity in IT/ICT and Cybersecurity to Attract and Retain Top Staff

Study uncovers that 74% of businesses took action on diversity in the last 2-5 years in an effort to create a more appealing and inclusive workplace across age, gender and ethnicity

Infosecurity Europe – London, UK, June 4, 2019 – (ISC)² – the world’s largest nonprofit association of certified cybersecurity professionals – today released headline findings from its forthcoming study into workplace and hiring diversity in IT/ICT and cybersecurity roles. The independent blind study of employees in 1,000 organizations in the U.K. and 250 in the Netherlands reveals that workplace diversity in IT and security has become a key operational concern, as organizations broaden their efforts to encourage diversity and inclusivity amid the impact of the sector’s skills shortage on IT and cybersecurity recruitment and staff retention.

Talent acquisition and retention is the leading operational reason that companies have been ramping up their diversity initiatives, according to (32%) of respondents. Meanwhile, nearly one in three (29%) added that diversity is important to their organization because the workforce should represent the demographics in society.

The study, which looked at the diversity of age, gender, ethnicity and origin, revealed that nearly three quarters of organizations surveyed (74%) instituted a stated diversity value or program in the last 2-5 years. On top of this, a further 16% have followed suit in the last 12 months.

“Workplace diversity encompasses multiple factors including gender, ethnicity, age, origin and much more. While it is important to spotlight changes and improvements in individual areas such as gender diversity, the wider diversity make-up of the IT department, cybersecurity teams and the organization as a whole can speak volumes about the realities of inclusiveness, forward-thinking and openness to new ideas and approaches in the workplace,” said Deshini Newman, Managing Director EMEA at (ISC)².

“The cybersecurity challenge of combating threats with the right people and the right skills is a relentless one. It is just one reason why organizations must maximize their ability to entice and keep talented and qualified individuals from all corners of society. Bringing new ideas, experience, alternative thinking and approaches to the table, as part of a broad selection of skills, experience and backgrounds can inspire, motivate and help organizations to find innovative solutions to today’s IT and security concerns.”

Diversity Being Driven by HR, Not the Board
Overall, 40% of survey respondents stated that the HR department is the primary driver of diversity and inclusivity efforts, including measuring employee diversity goals. This compares to just under one quarter (23%) who said it was the senior management team and just 10% that said it was the C-suite driving diversity initiatives.

Amid the demand for skilled and qualified cybersecurity personnel, the study confirmed that efforts to improve the hiring prospects for these roles are helping overall efforts to recruit While diversity in hiring is prevalent across the organizations surveyed, IT and cybersecurity constitute a major part of the overall diversity hiring push.

Nearly two-thirds (60%) of respondents said that up to 20% of the current vacancies in their organizations are IT and/or cybersecurity-based. A further quarter (26%) said these roles constituted between 21-50% of their workforce.

Hiring Cyber Roles
Over three quarters (77%) of respondents said that cybersecurity roles were recruited for in their organizations in the last 12 months. The number of roles filled ranged from 1 to 31 across the responses, although nearly 55% of the respondents said that up to 10 cybersecurity personnel were hired by their organization over the last 12 months. Meanwhile, 18% said that between 11 and 30 roles were hired in the last year.

Over a third of respondents (37%) say just 6-20% of their IT department employees are aged 18-21, while an additional third (35%) say none of their IT department employees are aged 18-21. This indicates a struggle to bring enough new talent into the department that can learn from their experienced peers. This is critical when considering that the IT department has an age diversity profile weighted towards older employees. One quarter (24%) said that up to half the IT department staff in their organization were aged 31-40, with 20% of respondents suggesting that up to 35% were aged 41-50.

(ISC)2 will release its full IT and Cybersecurity Diversity whitepaper in July. For more research on the Cybersecurity workforce, please visit

About the Report Methodology
(ISC)2 commissioned Opinion Matters to conduct an independent blind study of employees in 1,000 organizations in the U.K. and 250 in the Netherlands. The study gathered insights from those responsible for hiring IT roles in organizations employing 500+ people. The sample was not exclusively focused on those in dedicated HR roles, but widened to include others outside of the HR department that would routinely have a hand in the hiring process for IT professionals. Respondents included IT department heads, team leads, IT directors, CIOs and CISOs. The aspect of diversity explored focused on factors such as gender, ethnicity, age and country of origin, as well as how organizations operationalize their hiring methods.

About (ISC)²
Celebrating its 30th anniversary this year, (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, pragmatic approach to security. Our membership, more than 140,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education™. For more information on (ISC)², visit, follow us on Twitter or connect with us on Facebook and LinkedIn.

# # #

© 2019, (ISC)² Inc., (ISC)², CISSP, SSCP, CCSP, CAP, CSSLP, HCISPP, CCFP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP and CBK are registered marks, of (ISC)², Inc.

Media Contact:
Chris Green
Head of PR and Communications, EMEA
+44 203 960 7812